[ Príspevkov: 17 ] 
AutorSpráva
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
NapísalOffline : 06.03.2009 20:10 | Prosim surne o kontrolu logu - virus

Neviem sa zbavit havede-a robi sice toto: samo sa mi spustaju urcite stranky a vypisuje mi ze mam virus a ze mam spustit ich odkazy na antivirusy-co je v podstate ten virus... prosim poradte co mam fixnut.. antiviraky nepomohli... Log je tu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:28, on 6.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SAF.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: karna.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7241 bytes


este dodam, ze mi vypisuje, ze je zavireny system. subor userinit.exe co je zle

Fixla som uy toto :
R3
O20.... karna.dat

ale nic nepomohlo, este sa mi ukazuje v pravom dolnom rohu cerveny kruh s bielym preskrtnutym krizikom WARNING-U have a security problem - to je prave asi pricina-ten blby virus...
Prosiim help


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 06.03.2009 21:33 | Prosim surne o kontrolu logu - virus

Fixni
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
a pošli UPM log


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 07.03.2009 6:26 | Prosim surne o kontrolu logu - virus

Ahoj v tom procese nie je problem.. pretoze viem co to je - je to program na vzdialenu spravu PC ten je v pohode ten je nainstalovany uz dlhsiu dobu, je uplne cisty.


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 07.03.2009 6:47 | Prosim surne o kontrolu logu - virus

Cely ten virus pracuje asi takto : V pravom dolnom rohu sa zjavila ta ikonka-cerveny kruh preskrtnuty bielym krizikom s bublinou v ktorej je hlaska - Warning! You have a security problem a po malej chvili-nie hned, sa z nicoho nic spusti Internet explorer s odkazmi na ,,akoze,, antivirove stranky (tie stranky nie su vzdy rovnake) samozrejme ze ich nespustim ani nic nepotvrdim-vsetko rusim X.. Este som rozmyslala, ze ci netreba nieco povymazavat v IE-historiu,alebo nieco ine-netusim, pretoze tie neziadane stranky sa chcu spustit prave v nom( napr su to stranky http ://desktoprepairpackage.com - Virus Remover 2009, alebo http://online-antimalwarescanner.com,...), ja pouzivam na svojom kompe Mozzilu.. Tento problem riesim u kamosa.

to: br4no - viem, ze si dost odbornik v tejto sfere, tak ak mas este nejake napady ako to odvirit-pls help..

Antivirak-avast, ked spustim tak najde, ze v uz spominanom sys. subore USERINIT.exe je vir - no s tym suborom kedze je pre system dolezity nerobim radsej nic..

spyboot SD nenasiel nic, potom som pouzila aj malwarebytes Anti-Malware no nepomohlo ani to...


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Užívateľ
Užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 07.03.2009 7:34 | Prosim surne o kontrolu logu - virus

Aplikuj Combofix:

Citácia:
Stiahni si na plochu

Kód:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log.


Log sem.


Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 07.03.2009 8:14 | Prosim surne o kontrolu logu - virus

Teraz nie som u kamosa, ale dnes pred obedom tam pojdem, tak vas vsetkych machrov, ktory sa do tejto problematiky vyznate-prosim budte on-line..
Hned ako tam budem - ozvem sa, velmi pekne dakujem.. 07.03.2009 Okolo 9.30 by som uz mala byt tam... tak prosiim budte tu...

Tak uz som tu - pri tom spusteni combofixu - mam nainstalovat aj konzolu pre zotavenie?

dala som ju vytvorit no a tu je cely log z combofixu :

ComboFix 09-03-04.01 - Miro_K 2009-03-07 10:04:21.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1022.494 [GMT 1:00]
Spuštěný z: c:\documents and settings\Miro_K\Plocha\combofix\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 090306-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miro_K\Cookies\alis.ban
c:\documents and settings\Miro_K\Cookies\cacyso.com
c:\documents and settings\Miro_K\Cookies\esuzodako.dll
c:\documents and settings\Miro_K\Cookies\ixik.dll
c:\documents and settings\Miro_K\Cookies\ixyrusi.vbs
c:\documents and settings\Miro_K\Cookies\lokol.ban
c:\documents and settings\Miro_K\Cookies\nevanap.lib
c:\documents and settings\Miro_K\Cookies\peky.dll
c:\windows\system32\init32.exe

Nakažená kopie byla nalezena a vyléčena.
Obnovena kopie z -


.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-06 19:50 . 2009-03-06 19:50 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 16:30 . 2009-03-06 16:30 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-06 15:18 . 2009-03-06 16:30 65 --a------ c:\windows\wininit.ini
2009-03-06 15:17 . 2009-03-06 15:17 <DIR> d-------- c:\program files\Radmin1
2009-02-14 14:57 . 2009-02-19 16:10 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-14 14:57 . 2009-02-14 14:57 1,409 --a------ c:\windows\QTFont.for
2009-02-08 18:11 . 2009-02-08 18:11 9,614 --a------ c:\windows\1 . TALIANSKO - PAESTUM.scn
2009-02-08 17:15 . 2009-02-08 18:11 12,855,820,288 --a------ c:\windows\1 . TALIANSKO - PAESTUM.avi
2009-02-07 20:15 . 2009-02-07 20:26 <DIR> d-------- c:\program files\GameSpy Arcade
2009-02-07 20:08 . 2009-02-07 20:08 <DIR> d-------- c:\program files\Codemasters
2009-02-07 18:43 . 2009-02-07 18:43 <DIR> d-------- C:\rc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 09:08 --------- d-----w c:\program files\lg_fwupdate
2009-03-07 09:08 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\OpenOffice.org2
2009-03-07 08:46 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\Skype
2009-03-06 19:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-06 15:31 --------- d-----w c:\documents and settings\All Users\Data aplikací\PrevxCSI
2009-02-21 11:19 --------- d-----w c:\program files\F1 2008 DELUX
2009-02-16 18:05 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 19:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 15:04 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\InstallShield
2009-01-15 17:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-07 20:14 32,664 ----a-w c:\documents and settings\Miro_K\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-10 18:53 18,844 ----a-w c:\program files\Common Files\byhuni.com
2008-10-10 18:53 16,727 ----a-w c:\documents and settings\All Users\Data aplikací\ihisubam.bin
2008-10-10 18:53 15,109 ----a-w c:\program files\Common Files\exav.bin
2008-10-10 18:53 13,499 ----a-w c:\documents and settings\Miro_K\Data aplikací\wapec.bin
2008-10-10 18:53 13,188 ----a-w c:\documents and settings\Miro_K\Data aplikací\oryjaw.dll
2008-10-10 18:53 12,647 ----a-w c:\documents and settings\All Users\Data aplikací\vujyzona.reg
2008-10-10 18:31 18,301 ----a-w c:\program files\Common Files\herycu.reg
2008-10-10 18:31 18,281 ----a-w c:\documents and settings\Miro_K\Data aplikací\jelu.bat
2008-10-10 18:31 16,533 ----a-w c:\program files\Common Files\bafuqejiv.com
2008-10-10 18:31 10,907 ----a-w c:\documents and settings\Miro_K\Data aplikací\ewetowote.dat
2008-10-10 18:31 10,559 ----a-w c:\program files\Common Files\gegifesyjy.ban
2007-12-27 16:04 1,094,021 ----a-w c:\program files\dvdshrink32setup.zip
2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-08-28 14:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-17 20:10 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-01-17 20:10 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-01-17 20:10 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-21 20036648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-08 98304]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-08 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-28 29744]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 c:\windows\sttray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Miro_K\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-06-27 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Radmin1\\radmin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-06 22536]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-10-10 4150840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-07-06 222456]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-08 29744]
.
Obsah adresáře 'Naplánované úlohy'

2008-12-26 c:\windows\Tasks\At1.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-01-07 c:\windows\Tasks\At10.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-08 c:\windows\Tasks\At11.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At12.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At13.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At14.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At15.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At16.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At17.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-22 c:\windows\Tasks\At18.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-14 c:\windows\Tasks\At19.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At2.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-16 c:\windows\Tasks\At20.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At21.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At22.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-09 c:\windows\Tasks\At23.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-01-18 c:\windows\Tasks\At24.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At3.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At4.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At5.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-27 c:\windows\Tasks\At6.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At7.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-10-10 c:\windows\Tasks\At8.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-24 c:\windows\Tasks\At9.job
- c:\windows\system32\tQ7hBQJ0.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PowerBar - (no file)
Notify-WgaLogon - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miro_K\Data aplikací\Mozilla\Firefox\Profiles\re87qwxx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 10:08:20
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1390067357-1580818891-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,eb,bb,a0,b3,66,
69,0d,f4,c8,28,51,af,b0,29,a3,98,9f,57,53,69,4b,c7,3c,4d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,94,5e,24,23,9a,
7d,5e,a0,71,3b,04,66,8b,46,0d,96,89,97,84,de,4d,20,3c,03,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,14,8e,97,13,d4,
fb,78,e6,25,da,ec,7e,55,20,c9,26,49,a6,e0,3a,31,0e,1d,3b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ee,25,23,93,29,
60,0a,e1,3e,1e,9e,e0,57,5a,93,61,c7,b1,44,5a,8d,35,f2,a9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,f8,27,13,b3,fa,
cf,a0,b9,cd,44,cd,b9,a6,33,6c,cd,27,6a,da,47,87,20,31,7a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3c,1d,51,b1,aa,
72,5b,9b,b0,18,ed,a7,3f,8d,37,a4,06,36,eb,de,86,d4,e5,87,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,a6,41,f8,bc,ca,
8d,be,d6,31,77,e1,ba,b1,f8,68,02,f4,0d,16,36,af,8a,0f,db,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,76,49,dc,76,b4,
d0,5a,7c,83,6c,56,8b,a0,85,96,ab,ee,10,6a,d2,a6,ce,b0,e4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9c,8f,15,4a,a0,
0f,57,7f,51,fa,6e,91,28,9e,14,cc,2b,7f,34,99,18,a0,0a,7b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7c,96,d9,62,4d,
7f,8d,be,b1,cd,45,5a,a8,c4,f8,b9,d0,72,b8,ff,65,c3,b8,fe,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,9d,e7,25,14,ec,
77,7d,13,e3,0e,66,d5,eb,bc,2f,6b,04,29,a2,0b,a8,42,47,2f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,b2,43,fc,c4,
f9,e8,b5,fa,ea,66,7f,d4,3b,6b,70,dd,4d,4d,d8,e2,fe,41,eb,6c,43,2d,1e,aa,22,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Celkový čas: 2009-03-07 10:12:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-07 09:12:17

Před spuštěním: Volných bajtů: 102 349 602 816
Po spuštění: Volných bajtů: 102,294,429,696

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

310 --- E O F --- 2009-03-06 14:02:44


A teraz dalej co mam robit?


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 07.03.2009 11:25 | Prosim surne o kontrolu logu - virus

Spusti skript s:
Kód:
File::
c:\program files\Common Files\byhuni.com
c:\documents and settings\All Users\Data aplikací\ihisubam.bin
c:\program files\Common Files\exav.bin
c:\documents and settings\Miro_K\Data aplikací\wapec.bin
c:\documents and settings\Miro_K\Data aplikací\oryjaw.dll
c:\documents and settings\All Users\Data aplikací\vujyzona.reg
c:\program files\Common Files\herycu.reg
c:\documents and settings\Miro_K\Data aplikací\jelu.bat
c:\program files\Common Files\bafuqejiv.com
c:\documents and settings\Miro_K\Data aplikací\ewetowote.dat
c:\program files\Common Files\gegifesyjy.ban


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 07.03.2009 12:30 | Prosim surne o kontrolu logu - virus

Ok urobene, a tu je novy log z combofixu :

ComboFix 09-03-04.01 - Miro_K 2009-03-07 12:18:50.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1022.536 [GMT 1:00]
Spuštěný z: c:\documents and settings\Miro_K\Plocha\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miro_K\Plocha\combofix\CFScript.txt
AV: avast! antivirus 4.7.1098 [VPS 090306-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\documents and settings\All Users\Data aplikací\ihisubam.bin
c:\documents and settings\All Users\Data aplikací\vujyzona.reg
c:\documents and settings\Miro_K\Data aplikací\ewetowote.dat
c:\documents and settings\Miro_K\Data aplikací\jelu.bat
c:\documents and settings\Miro_K\Data aplikací\oryjaw.dll
c:\documents and settings\Miro_K\Data aplikací\wapec.bin
c:\program files\Common Files\bafuqejiv.com
c:\program files\Common Files\byhuni.com
c:\program files\Common Files\exav.bin
c:\program files\Common Files\gegifesyjy.ban
c:\program files\Common Files\herycu.reg
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\ihisubam.bin
c:\documents and settings\All Users\Data aplikací\vujyzona.reg
c:\documents and settings\Miro_K\Data aplikací\ewetowote.dat
c:\documents and settings\Miro_K\Data aplikací\jelu.bat
c:\documents and settings\Miro_K\Data aplikací\oryjaw.dll
c:\documents and settings\Miro_K\Data aplikací\wapec.bin
c:\program files\Common Files\bafuqejiv.com
c:\program files\Common Files\byhuni.com
c:\program files\Common Files\exav.bin
c:\program files\Common Files\gegifesyjy.ban
c:\program files\Common Files\herycu.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-07 11:10 . 2009-03-07 11:23 <DIR> d-------- c:\program files\QSView
2009-03-07 10:44 . 2009-03-07 10:44 <DIR> d-------- c:\documents and settings\Miro_K\Data aplikací\TeamViewer
2009-03-07 10:43 . 2009-03-07 11:49 <DIR> d-------- c:\program files\TeamViewer
2009-03-07 10:41 . 2009-03-07 10:41 <DIR> d-------- c:\documents and settings\Miro_K\temp
2009-03-06 19:50 . 2009-03-06 19:50 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 16:30 . 2009-03-06 16:30 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-06 15:18 . 2009-03-06 16:30 65 --a------ c:\windows\wininit.ini
2009-03-06 15:17 . 2009-03-06 15:17 <DIR> d-------- c:\program files\Radmin1
2009-02-14 14:57 . 2009-02-19 16:10 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-14 14:57 . 2009-02-14 14:57 1,409 --a------ c:\windows\QTFont.for
2009-02-08 18:11 . 2009-02-08 18:11 9,614 --a------ c:\windows\1 . TALIANSKO - PAESTUM.scn
2009-02-08 17:15 . 2009-02-08 18:11 12,855,820,288 --a------ c:\windows\1 . TALIANSKO - PAESTUM.avi
2009-02-07 20:15 . 2009-02-07 20:26 <DIR> d-------- c:\program files\GameSpy Arcade
2009-02-07 20:08 . 2009-02-07 20:08 <DIR> d-------- c:\program files\Codemasters
2009-02-07 18:43 . 2009-02-07 18:43 <DIR> d-------- C:\rc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 11:21 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\Skype
2009-03-07 11:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-07 11:09 --------- d-----w c:\program files\lg_fwupdate
2009-03-07 11:09 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\OpenOffice.org2
2009-03-07 11:04 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-06 19:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-06 15:31 --------- d-----w c:\documents and settings\All Users\Data aplikací\PrevxCSI
2009-02-21 11:19 --------- d-----w c:\program files\F1 2008 DELUX
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 19:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 15:04 --------- d-----w c:\documents and settings\Miro_K\Data aplikací\InstallShield
2009-01-15 17:39 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-07 20:14 32,664 ----a-w c:\documents and settings\Miro_K\Data aplikací\GDIPFONTCACHEV1.DAT
2007-12-27 16:04 1,094,021 ----a-w c:\program files\dvdshrink32setup.zip
2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-08-28 14:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-17 20:10 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-01-17 20:10 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-01-17 20:10 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-07_10.11.27.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 12:11:41 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-07 11:09:44 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 12:11:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-07 11:09:44 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 12:11:41 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-07 11:09:44 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-25 09:12:34 25,088 ----a-w c:\windows\system32\drivers\teamviewervpn.sys
- 2009-03-07 08:49:54 46,196 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-07 11:13:46 46,196 ----a-w c:\windows\system32\perfc005.dat
- 2009-03-07 08:49:54 40,128 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-07 11:13:46 40,128 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-07 08:49:54 309,990 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-07 11:13:46 309,990 ----a-w c:\windows\system32\perfh005.dat
- 2009-03-07 08:49:54 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-07 11:13:46 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-07 11:09:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-21 20036648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-08 98304]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-08 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-28 29744]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 c:\windows\sttray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Miro_K\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-06-27 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Radmin1\\radmin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-06 22536]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-10-10 4150840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-07-06 222456]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-08 29744]
.
Obsah adresáře 'Naplánované úlohy'

2008-12-26 c:\windows\Tasks\At1.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-01-07 c:\windows\Tasks\At10.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-08 c:\windows\Tasks\At11.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-07 c:\windows\Tasks\At12.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-07 c:\windows\Tasks\At13.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At14.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-21 c:\windows\Tasks\At15.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At16.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At17.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-22 c:\windows\Tasks\At18.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-14 c:\windows\Tasks\At19.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At2.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-16 c:\windows\Tasks\At20.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At21.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-03-06 c:\windows\Tasks\At22.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-09 c:\windows\Tasks\At23.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-01-18 c:\windows\Tasks\At24.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At3.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At4.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At5.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-27 c:\windows\Tasks\At6.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-11-08 c:\windows\Tasks\At7.job
- c:\windows\system32\tQ7hBQJ0.exe []

2008-10-10 c:\windows\Tasks\At8.job
- c:\windows\system32\tQ7hBQJ0.exe []

2009-02-24 c:\windows\Tasks\At9.job
- c:\windows\system32\tQ7hBQJ0.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miro_K\Data aplikací\Mozilla\Firefox\Profiles\re87qwxx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 12:21:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1390067357-1580818891-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,eb,bb,a0,b3,66,
69,0d,f4,c8,28,51,af,b0,29,a3,98,9f,57,53,69,4b,c7,3c,4d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,94,5e,24,23,9a,
7d,5e,a0,71,3b,04,66,8b,46,0d,96,89,97,84,de,4d,20,3c,03,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,14,8e,97,13,d4,
fb,78,e6,25,da,ec,7e,55,20,c9,26,49,a6,e0,3a,31,0e,1d,3b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ee,25,23,93,29,
60,0a,e1,3e,1e,9e,e0,57,5a,93,61,c7,b1,44,5a,8d,35,f2,a9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,f8,27,13,b3,fa,
cf,a0,b9,cd,44,cd,b9,a6,33,6c,cd,27,6a,da,47,87,20,31,7a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3c,1d,51,b1,aa,
72,5b,9b,b0,18,ed,a7,3f,8d,37,a4,06,36,eb,de,86,d4,e5,87,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,a6,41,f8,bc,ca,
8d,be,d6,31,77,e1,ba,b1,f8,68,02,f4,0d,16,36,af,8a,0f,db,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,76,49,dc,76,b4,
d0,5a,7c,83,6c,56,8b,a0,85,96,ab,ee,10,6a,d2,a6,ce,b0,e4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9c,8f,15,4a,a0,
0f,57,7f,51,fa,6e,91,28,9e,14,cc,2b,7f,34,99,18,a0,0a,7b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7c,96,d9,62,4d,
7f,8d,be,b1,cd,45,5a,a8,c4,f8,b9,d0,72,b8,ff,65,c3,b8,fe,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,9d,e7,25,14,ec,
77,7d,13,e3,0e,66,d5,eb,bc,2f,6b,04,29,a2,0b,a8,42,47,2f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,b2,43,fc,c4,
f9,e8,b5,fa,ea,66,7f,d4,3b,6b,70,dd,4d,4d,d8,e2,fe,41,eb,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-03-07 12:22:20
ComboFix-quarantined-files.txt 2009-03-07 11:22:19
ComboFix2.txt 2009-03-07 09:12:20

Před spuštěním: Volných bajtů: 102 269 603 840
Po spuštění: Volných bajtů: 102,255,288,320

303 --- E O F --- 2009-03-06 14:02:44


Je to uz v poriadku, alebo co mam este spravit?


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 07.03.2009 14:58 | Prosim surne o kontrolu logu - virus

Sleduješ ešte nejaké príznaky?


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 07.03.2009 19:53 | Prosim surne o kontrolu logu - virus

To br4n0 : Dakujem ti velmi pekne za pomoc, zda sa ze je vsetko uz OK. Si naozaj dobry pomocnik.


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Užívateľ
Užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 07.03.2009 20:42 | Prosim surne o kontrolu logu - virus

Nezabudni odinstalovat Combofix:

Start -> Sputit -> napis combofix /u -> ENTER ;)


Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 08.03.2009 12:16 | Prosim surne o kontrolu logu - virus

Preco ho musim odinstalovat?


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 08.03.2009 13:41 | Prosim surne o kontrolu logu - virus

Nie je to nevyhnutné, ale odstránia sa tým zálohy a niektoré programy, ktoré combofix nakopíruje do systému. Odporúčam na to T-cleaner, ktorý sa postará aj o vymazanie bodov obnovy.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 02.12.07
Prihlásený: 24.11.17
Príspevky: 3399
Témy: 73 | 73
Bydlisko: Brezno
Napísal autor témyOffline : 08.03.2009 14:02 | Prosim surne o kontrolu logu - virus

Aha, takze ide len ciste o to, aby sa zbytocne nezahlcoval system... Ak to spravne chapem. Ale mozem to tam nechat nainstalovane pre pripad, ked bude mat opat system zavireny a potom iba combofix jednoducho spustim..


_________________
PC1: CPU: i7 3770, MB:ASUS P8H77-M, HDD: Segate 2TB Barracuda SATA III, SSD: Samsung 250GB 840 EVO SATA III, 16 GB RAM, PSU: Seasonic 450W SSP-450RT/ aktiv. PFC/80+ Gold, VGA: iGPU HD 4000, OS: Win7 PRO SP1 64-bit CZ OEM, CASE : Cooler Master Elite 344 USB 3.0 čierno-modrá
PC2: HP Compaq dx6100MT OS: WinXP SP3 Pro EN
Netbook: Asus EeePC 1000H Black | Intel Atom N270 | 1GB DDR2 | Intel GMA945 | 160GB SATA2 HDD | Draft-N Wireless | Bluetooth | Windows XP SP3
Phone: Lenovo P780, THL 5000, LeTV 1S (X500) 16GB
Every Man Is Hero... In his dreams...

Na otázky ohľadom PC zostáv a komponentov cez SS neodpovedám, na to slúži toto fórum. Ďakujem za pochopenie.
Offline

Skúsený užívateľ
Skúsený užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 08.03.2009 15:54 | Prosim surne o kontrolu logu - virus

Ale nezabudni vždy stiahnúť najnovšiu veziu z daného dňa.


_________________
DESKTOP: Intel Pentium Dual Core E2180, Gigabyte GA-P31-DS3L, 3GB DDR2 800Mhz, ASUS Radeon HD3650 256MB, ASUS DRW-1608P3S, Hitachi Deskstar T7K250 160GB, Fortron FSP350-60GLN
NTB: HP 510: Intel Celeron M360, 512MB DDR2 533MHz, Intel GMA 900, Hitachi Travelstar 4K120 40GB, Sony CRX880A
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 05.04.09
Prihlásený: 26.12.09
Príspevky: 32
Témy: 12 | 12
NapísalOffline : 05.04.2009 19:15 | Prosim surne o kontrolu logu - virus

Zdarec, mám podobný problém - tu je môj log z Combofixu:

Kód:
fttp://rapidshare.com/files/217776679/Combofix.txt.html


Btw po použití Combofixu mi nechce spustiť program Java Downloader. Predpokladám, že stačí iba znova nainštalovať najnovšiu Javu(?)


Offline

Užívateľ
Užívateľ
Prosim surne o kontrolu logu - virus

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 05.04.2009 21:20 | Prosim surne o kontrolu logu - virus

Je tam toho dost. Najprv stiahni Aviru alebo Kaspersky a prebehni snim PC. Co najde daj liecit alebo zmazat.

ESET vypni, aby sa medzi sebou nebili...


 [ Príspevkov: 17 ] 


Prosim surne o kontrolu logu - virus



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

11

343

22.03.2008 13:11

jero

V tomto fóre nie sú ďalšie neprečítané témy.

prosím o kontrolu logu

v Antivíry a antispywary

0

330

21.01.2008 22:38

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Antivíry a antispywary

30

2310

01.10.2006 22:44

abraxas1988

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Operačné systémy Microsoft

2

320

09.02.2008 10:24

_DanWer_

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

0

297

24.12.2011 10:45

labkomil

V tomto fóre nie sú ďalšie neprečítané témy.

Prosim o kontrolu logu

v Antivíry a antispywary

4

355

29.12.2007 20:03

br4n0

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontrolu logu

v Antivíry a antispywary

2

537

21.12.2009 15:41

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

8

523

09.01.2008 20:07

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

prosím kontrolu logu HJT

v Antivíry a antispywary

9

382

14.12.2007 19:04

alan

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontrolu logu

v Antivíry a antispywary

3

325

04.08.2008 18:26

Spirit

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

7

524

23.04.2008 23:03

strongy

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

6

342

24.03.2008 13:40

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

prosím kontrolu logu HJT

v Antivíry a antispywary

9

469

07.11.2007 0:49

patrick1

V tomto fóre nie sú ďalšie neprečítané témy.

Prosím o kontrolu logu

v Antivíry a antispywary

4

559

13.04.2008 0:16

igiok1

V tomto fóre nie sú ďalšie neprečítané témy.

prosim o kontrolu logu

v Antivíry a antispywary

10

475

18.08.2008 22:53

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

prosím o kontrolu logu

v Antivíry a antispywary

2

314

23.04.2008 11:37

maminkask



© 2005 - 2017 PCforum, edited by JanoF