br4no tu je ten log z toho combofixu, ak ti to pomoze, lebo mne to nic nehovori
ComboFix 08-03-14.4 - PC 2008-03-15 18:15:07.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.177 [GMT 1:00]
Running from: C:\stiahnuté veci\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Program Files\Helper
C:\Program Files\Helper\1204409567.dll
C:\Program Files\Helper\1205020198.dll
C:\Program Files\Video Add-on
C:\Program Files\VirusHeat 4.3
C:\Program Files\VirusHeat 4.3\blacklist.txt
C:\Program Files\VirusHeat 4.3\Lang\English.ini
C:\Program Files\VirusHeat 4.3\msvcp71.dll
C:\Program Files\VirusHeat 4.3\msvcr71.dll
C:\Program Files\VirusHeat 4.3\uninst.exe
C:\Program Files\VirusHeat 4.3\vht.dat
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.url
C:\WINDOWS\BM5793033a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cqdoanxw.dll
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\duilokpx.ini
C:\WINDOWS\system32\fxgrfljv.dll
C:\WINDOWS\system32\ipijfbrj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\twynrgoh.dll
C:\WINDOWS\system32\vcchshjk.dll
C:\WINDOWS\system32\xdegcdom.dll
C:\WINDOWS\system32\xpkoliud.dll
C:\WINDOWS\system32\xxyyvur.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-15 16:04 . 2008-03-15 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 16:41 . 2008-03-14 17:00 1,361,817 --ahs---- C:\WINDOWS\system32\fngahhob.ini
2008-03-12 16:36 . 2008-03-13 16:37 1,344,370 --ahs---- C:\WINDOWS\system32\wdwhjmff.ini
2008-03-09 17:49 . 2008-03-09 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-09 17:48 . 2008-03-10 14:00 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-04 16:42 . 2008-03-04 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-04 16:36 . 2008-03-04 16:36 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 16:20 . 2008-03-09 18:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-29 16:20 . 2008-02-29 16:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 21:23 . 2008-03-15 15:53 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-27 21:16 . 2008-02-27 21:24 <DIR> d-------- C:\Program Files\ICQ6
2008-02-26 20:06 . 2002-12-13 10:33 2,359,350 -ra------ C:\WINDOWS\wallpaper_snowboard_1024x768.bmp
2008-02-26 20:06 . 2002-12-13 10:33 2,359,350 -ra------ C:\WINDOWS\wallpaper_football_1024x768.bmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:51 --------- d-----w C:\Program Files\Common Files\WinSpyControl
2008-02-02 20:36 --------- d-----w C:\Program Files\LimeWire
2008-01-26 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 08:01 --------- d-----w C:\Program Files\Disney Interactive
2008-01-26 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disney Interactive
2008-01-25 18:58 --------- d-----w C:\Program Files\THQ
2008-01-25 18:49 --------- d-----w C:\Program Files\LEGO Software
2008-01-25 18:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-25 16:24 --------- d-----w C:\Program Files\DreamWorks Interactive
2007-12-28 22:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"= C:\WINDOWS\system32\xskmoqx.dll [2008-02-01 16:09 13312]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqpo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2006-09-28 08:32 655360 C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
C:\Program Files\Common Files\WinSpyControl\bm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSpyControl]
C:\Program Files\WinSpyControl\pgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys [2004-04-28 10:30]
S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 10:10]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 10:10]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 10:10]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 10:10]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 10:10]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 20:30:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-15 18:28:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2894]
-> C:\WINDOWS\system32\xskmoqx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-03-15 18:31:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 17:31:19
Choď na stránku: