[ Príspevkov: 46 ] 1, 2
AutorSpráva
Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
NapísalOffline : 30.10.2007 17:21 | spyware

zdravim, potrebujem pomoct. mam zaspywareovany pocitac a neviem sa toho zbavit. skusal som vsetko co mam- NOD32(minulomesacny update- musim si este zohnat oktobrovy), spyware doctor, ad-aware. stale mi vyhadzeje na liste tabulky, ze si mam stiahnut nejaky antivir na tento virus, ktory samozrejme nieje zadarmo. neviem co mam robit, poradte nejaky program, lebo format sa mi fakt nechce.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 17:33 | spyware

Vlož log z HijackThis => http://www.pcforum.sk/cistime-napadnuty ... 17087.html


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 17:41 | spyware

C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10108 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 17:45 | spyware

Log nie je celý. Vlož ho ešte raz a celý. :roll:


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 17:55 | spyware

fakt, prepac...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:27, on 30. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10108 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 18:00 | spyware

Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 18:14 | spyware

ComboFix 07-10-30.5 - Mato 2007-10-30 18:03:53.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.129 [GMT 1:00]
Running from: C:\Documents and Settings\Mato\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ugbtna.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 22:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 09:35 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-28 12:33 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-10-28 12:33 35,175 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-28 12:33 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-28 12:17 <DIR> d-------- C:\Program Files\Diablo II
2007-10-28 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2007-10-28 09:00 <DIR> d-------- C:\Program Files\Peggle
2007-10-28 09:00 <DIR> d-------- C:\Program Files\BFG
2007-10-16 15:39 <DIR> d-------- C:\Program Files\DAZ
2007-10-16 15:39 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-10-16 14:49 <DIR> d-------- C:\Program Files\Píšeme všetkými desiatimi
2007-10-06 16:09 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-10-06 15:59 <DIR> d-------- C:\Program Files\Aspyr
2007-10-06 14:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-02 20:10 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-02 20:10 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Ahead
2007-10-02 20:09 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-02 20:09 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-02 20:09 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-02 20:09 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-02 20:09 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-02 20:09 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-30 17:12 <DIR> d-------- C:\MMAPP
2007-09-23 16:06 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-23 16:06 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-23 16:06 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-23 16:06 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-23 16:05 <DIR> d-------- C:\Program Files\Futuremark
2007-09-21 13:18 <DIR> d-------- C:\Program Files\DC++
2007-09-16 15:36 <DIR> d-------- C:\DUKE3D
2007-09-16 13:31 <DIR> d-------- C:\Documents and Settings\Mato\Battlefield 1942
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:12 --------- d-----w C:\Program Files\ICQToolbar
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-24 10:00 --------- d-----w C:\Program Files\ICQ6
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-05 13:17 --------- d-----w C:\Program Files\Warcraft III
2007-10-05 12:07 --------- d-----w C:\Program Files\Azureus
2007-10-03 13:51 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 05:46 --------- d-----w C:\Program Files\Spyware Doctor
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-30 22:40 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-30 22:38 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-28 18:44 --------- d-----w C:\Program Files\Truck Dismount
2007-08-28 18:42 --------- d-----w C:\Program Files\MOBILedit!
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 20:40 5,625,899 ----a-w C:\WINDOWS\scr_thalia.scr
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-20 12:47 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-07-04 19:56 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-07-04 19:23 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
2007-07-04 15:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-04 14:43 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-04 14:43 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
2007-10-29 16:37 13312 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-29 09:35 86016]

[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-29 09:35 86016]

[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 10:08]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-07-04 15:44]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 10:27]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-04 16:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-04 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-04 21:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-03-29 14:37:28]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-07-04 15:48:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 10:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-08-25 10:03:40 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?2?6?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 18:11:44 - machine was rebooted
.
--- E O F ---


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 18:17 | spyware

inak, uz nenaslocila ta tabulka o spyware :) pozitivna sprava :P


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 18:36 | spyware

Otvor Poznámkový blok a vlož do neho toto:

Kód:
Collect::
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\ictmdl.dll

Folder::
C:\Program Files\Video Add-on

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-


Ulož to ako CFScript.txt a sprav toto:

spyware

Spustí sa ComboFix, na ploche sa vytvorí súbor zip. Ten spolu s adresárom Qoobox, ktorý je na disku C zabaľ podľa návodu a odošli na uvedenú adresu =>

http://www.pcforum.sk/ako-mi-zasielat-s ... 23559.html

Dík


Toto poznáš?

Critical Battery Alarm Program


Potom vlož nový log z ComboFixa a Hijackthis. Následne pokračujeme. :)


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 22:56 | spyware

poslal som ten RAR, ale to Critical Battery Alarm Program nepoznam... co mam dalej robit?


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:03 | spyware

Návod => http://www.viry.cz/forum/viewtopic.php?t=18759


Potom vlož log z ComboFixa a HijackThis. :)


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:09 | spyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:37, on 30. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9483 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:14 | spyware

ComboFix 07-10-30.5 - Mato 2007-10-30 23:11:19.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.218 [GMT 1:00]
Running from: C:\Documents and Settings\Mato\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 22:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-28 12:33 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-10-28 12:33 35,175 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-28 12:33 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-28 12:17 <DIR> d-------- C:\Program Files\Diablo II
2007-10-28 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2007-10-28 09:00 <DIR> d-------- C:\Program Files\Peggle
2007-10-28 09:00 <DIR> d-------- C:\Program Files\BFG
2007-10-16 15:39 <DIR> d-------- C:\Program Files\DAZ
2007-10-16 15:39 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-10-16 14:49 <DIR> d-------- C:\Program Files\Píšeme všetkými desiatimi
2007-10-06 16:09 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-10-06 15:59 <DIR> d-------- C:\Program Files\Aspyr
2007-10-06 14:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-02 20:10 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-02 20:10 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Ahead
2007-10-02 20:09 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-02 20:09 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-02 20:09 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-02 20:09 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-02 20:09 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-02 20:09 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-30 17:12 <DIR> d-------- C:\MMAPP
2007-09-23 16:06 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-23 16:06 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-23 16:06 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-23 16:06 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-23 16:05 <DIR> d-------- C:\Program Files\Futuremark
2007-09-21 13:18 <DIR> d-------- C:\Program Files\DC++
2007-09-16 15:36 <DIR> d-------- C:\DUKE3D
2007-09-16 13:31 <DIR> d-------- C:\Documents and Settings\Mato\Battlefield 1942
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:12 --------- d-----w C:\Program Files\ICQToolbar
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-24 10:00 --------- d-----w C:\Program Files\ICQ6
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-05 13:17 --------- d-----w C:\Program Files\Warcraft III
2007-10-05 12:07 --------- d-----w C:\Program Files\Azureus
2007-10-03 13:51 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 05:46 --------- d-----w C:\Program Files\Spyware Doctor
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-30 22:40 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-30 22:38 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-28 18:44 --------- d-----w C:\Program Files\Truck Dismount
2007-08-28 18:42 --------- d-----w C:\Program Files\MOBILedit!
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 20:40 5,625,899 ----a-w C:\WINDOWS\scr_thalia.scr
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-20 12:47 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-07-04 19:56 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-07-04 19:23 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
2007-07-04 15:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-04 14:43 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-04 14:43 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 10:08]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-07-04 15:44]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 10:27]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-04 16:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-04 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-04 21:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-03-29 14:37:28]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-07-04 15:48:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 10:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-08-25 10:03:40 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 23:13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?2?6?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 23:13:59
C:\ComboFix2.txt ... 2007-10-30 22:48
C:\ComboFix3.txt ... 2007-10-30 18:11
.
--- E O F ---


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:19 | spyware

Postupoval si podľa návodu? V núdzovom režime?


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:20 | spyware

robil som to v normalnom rezime... mam to spravit znovu v nudzovom?


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:21 | spyware

Áno


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:31 | spyware

toto je report.txt

Username "Mato" - . 10. 2007 23:27:20 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.146 85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{09969098-EB47-4CDE-B9E2-3F7919F399E4}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{39C76A03-6990-451A-982D-BA60482B2127}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4EDE192F-6E13-4255-A8D1-04E1D5F0B00E}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BCA3D201-4837-4273-BCDE-76DD3EB73C23}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C7FD3C29-C338-4F70-B796-370921E7E75B}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F6857D4D-E670-4C8A-8E02-253B8DFEB648}
"DhcpNameServer"="85.255.116.146,85.255.112.124" <Value cleared.


System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"CnxDslTaskBar"="\"C:\\Program Files\\DrayTek\\Vigor318 ADSL\\CnxDslTb.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SDTray"="C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:34 | spyware

Ešte by to chcelo HijackThis log. Ale myslím, že je to OK.


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:35 | spyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:13, on 30. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9305 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:40 | spyware

Tak predsa tam niečo máme.


Fixni:

O4 - Global Startup: Bluetooth.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124


Po reštarte nový log.

Určite nemáš nejaký program na kontrolu stavu batérie?


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:42 | spyware

mal som nieco- ale vcera som to vymazal...uz nieviem ako sa to volalo ale myslim, ze to bolo v PC revue 9. takze by sa to dalo zistit... ako to mam fixnut? cez HijackThis?


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:44 | spyware

Áno, návod je tu => http://www.pcforum.sk/cistime-napadnuty ... 17087.html


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:47 | spyware

ok.. fixol som to... co teraz? mam ti poslat log?


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:50 | spyware

Áno

+ Ovládací panel - Naplánované úlohy - zmaž nepotrebné/neplatné položky (mali by tam byť dve)


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 30.10.2007 23:53 | spyware

boli tam 2. tu je log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:28, on 30. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9176 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 30.10.2007 23:58 | spyware

V tom návode postupuj od tadeto:
Citácia:
► Jestliže nepoužíváte pevnou...


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 31.10.2007 0:09 | spyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:09:10, on 31. 10. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9175 bytes


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 31.10.2007 0:10 | spyware

inak, v tom tcp/ip som to mal nastavene spravne, takze som robil len v tom CMD


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.01.07
Prihlásený: 02.12.07
Príspevky: 1706
Témy: 25 | 25
NapísalOffline : 31.10.2007 0:12 | spyware

Skús fixnúť v núdzovom režime:

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C8BDA00-BC8A-4872-B08D-881B9C53080E}: NameServer = 85.255.116.146 85.255.112.124


Ak to tam zostane, použi toto => http://www.viry.cz/forum/viewtopic.php?t=40395


Offline

Užívateľ
Užívateľ
spyware

Registrovaný: 31.08.07
Prihlásený: 15.03.11
Príspevky: 2179
Témy: 45 | 45
Bydlisko: Bratislava
Napísal autor témyOffline : 31.10.2007 0:20 | spyware

toto je este pred fixom v nudzovom rezime... idem restart


ComboFix 07-10-30.5 - Mato 2007-10-31 0:11:38.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.68 [GMT 1:00]Running from: C:\Documents and Settings\Mato\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 22:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-28 12:33 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-10-28 12:33 35,175 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-28 12:33 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-28 12:17 <DIR> d-------- C:\Program Files\Diablo II
2007-10-28 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2007-10-28 09:00 <DIR> d-------- C:\Program Files\Peggle
2007-10-28 09:00 <DIR> d-------- C:\Program Files\BFG
2007-10-16 15:39 <DIR> d-------- C:\Program Files\DAZ
2007-10-16 15:39 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-10-16 14:49 <DIR> d-------- C:\Program Files\Píšeme všetkými desiatimi
2007-10-06 16:09 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-10-06 15:59 <DIR> d-------- C:\Program Files\Aspyr
2007-10-06 14:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-02 20:10 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-02 20:10 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Ahead
2007-10-02 20:09 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-02 20:09 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-02 20:09 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-02 20:09 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-02 20:09 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-02 20:09 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-30 17:12 <DIR> d-------- C:\MMAPP
2007-09-23 16:06 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-23 16:06 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-23 16:06 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-23 16:06 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-23 16:05 <DIR> d-------- C:\Program Files\Futuremark
2007-09-21 13:18 <DIR> d-------- C:\Program Files\DC++
2007-09-16 15:36 <DIR> d-------- C:\DUKE3D
2007-09-16 13:31 <DIR> d-------- C:\Documents and Settings\Mato\Battlefield 1942
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 22:28 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-30 16:12 --------- d-----w C:\Program Files\ICQToolbar
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-24 10:00 --------- d-----w C:\Program Files\ICQ6
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-05 13:17 --------- d-----w C:\Program Files\Warcraft III
2007-10-05 12:07 --------- d-----w C:\Program Files\Azureus
2007-10-03 13:51 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-30 22:40 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-30 22:38 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-28 18:44 --------- d-----w C:\Program Files\Truck Dismount
2007-08-28 18:42 --------- d-----w C:\Program Files\MOBILedit!
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 20:40 5,625,899 ----a-w C:\WINDOWS\scr_thalia.scr
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-20 12:47 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-07-04 19:56 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-07-04 19:23 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
2007-07-04 15:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-04 14:43 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-04 14:43 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 10:08]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-07-04 15:44]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 10:27]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-04 16:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-04 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-04 21:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-07-04 15:48:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 00:15:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?2?6?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-31 0:19:15
C:\ComboFix2.txt ... 2007-10-30 23:14
C:\ComboFix3.txt ... 2007-10-30 22:48
.
--- E O F ---


_________________
Desktop:Asus P5Q Pro, e7200@3,17GHz + AC Freezer 7 Pro, Gainward 4850 + AC Accelero Twin Turbo, A-Data 4GB DDR2 VEE 800MHz cl4, Samsung 640GB Spinpoint F1, Asus 2014-L1T. Enermax Liberty 400W, NZXT Alpha, Samsung 226BW, Razer DeathAdder, Windows Vista Ultimate SP1 x64
„Najľahšie je poradiť druhému, najťažšie je poradiť sebe." Táles
 [ Príspevkov: 46 ] 1, 2


spyware



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Spyware?

v Antivíry a antispywary

2

882

16.01.2009 21:14

tommy1104

V tomto fóre nie sú ďalšie neprečítané témy.

spyware

v Antivíry a antispywary

4

556

26.11.2007 16:08

Matt83

V tomto fóre nie sú ďalšie neprečítané témy.

spyware?

v Antivíry a antispywary

4

473

08.10.2008 19:00

prandof

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware

v Antivíry a antispywary

3

2546

16.03.2006 7:07

Carlos

V tomto fóre nie sú ďalšie neprečítané témy.

SPYWARE ???

v Antivíry a antispywary

17

1550

30.05.2009 18:12

Linux

V tomto fóre nie sú ďalšie neprečítané témy.

spyware

v Antivíry a antispywary

7

667

29.07.2008 10:22

toki

V tomto fóre nie sú ďalšie neprečítané témy.

Udomacneny spyware

v Antivíry a antispywary

19

1275

30.03.2008 15:57

Matko24

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware attack

v Antivíry a antispywary

8

859

03.02.2009 13:54

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware Terminator

v Antivíry a antispywary

2

446

10.12.2008 21:43

dadmtb

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware-asi??

v Antivíry a antispywary

6

1079

10.09.2007 20:02

Rbot

V tomto fóre nie sú ďalšie neprečítané témy.

spyware blaster

v Antivíry a antispywary

2

681

14.03.2007 16:33

d_o_d_o

V tomto fóre nie sú ďalšie neprečítané témy.

Spyware Terminator

v Antivíry a antispywary

17

3213

08.03.2007 9:28

d_o_d_o

V tomto fóre nie sú ďalšie neprečítané témy.

OMG SPYWARE ??

v Antivíry a antispywary

2

364

13.01.2008 16:06

fanthomas

V tomto fóre nie sú ďalšie neprečítané témy.

Win32DLL - Spyware???

v Antivíry a antispywary

7

394

20.10.2008 21:57

junior08

V tomto fóre nie sú ďalšie neprečítané témy.

Superanti spyware

v Antivíry a antispywary

6

421

22.04.2011 23:35

idaho

V tomto fóre nie sú ďalšie neprečítané témy.

spyware a highjack

v Antivíry a antispywary

0

329

07.02.2008 15:58

piskvorko



© 2005 - 2017 PCforum, edited by JanoF