[ Príspevkov: 16 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
NapísalOffline : 29.07.2008 12:04 | Tusim mam nejake virusy...

tu posielam vypisi z ComboFix-u a HijackThis-u

Logfile of HijackThis v1.99.1
Scan saved at 11:30: VIRUS ALERT!, on 29. 7. 2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
K:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
K:\Program Files\ICQ6\ICQ.exe
K:\spywarevanisher-full\SpywareVanisher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
K:\programi\HELP!!!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E6CFCF29-E855-420D-9A72-5B69F0F93746} - C:\WINDOWS\system32\rqRlljii.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "K:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Spyware Vanisher] K:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6802858671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRlljii - C:\WINDOWS\SYSTEM32\rqRlljii.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eqvwamkl - {4D49A7AA-4AAE-4B62-B9DF-E2603BC8B9D7} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {3391413D-81F8-439B-89AA-7BB7494B6DAE} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - K:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ComboFix 08-07-13.11 - Jakub 2008-07-29 11:32:23.7 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1006 [GMT 2:00]
Running from: C:\Documents and Settings\Jakub\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 11:29 . 2008-07-29 11:29 16,384 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
2008-07-28 19:15 . 2008-07-28 19:15 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-07-28 18:55 . 31,104 C:\WINDOWS\system32\drivers\Winqm54.sys
2008-07-28 18:04 . 2008-07-28 18:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 14:35 . 2008-07-28 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CA
2008-07-28 14:34 . 2008-07-28 14:35 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 14:34 . 2008-07-28 14:34 <DIR> d-------- C:\Program Files\CA
2008-07-28 13:06 . 2008-07-28 13:06 33,152 --a------ C:\WINDOWS\system32\rqRlljii.dll
2008-07-28 13:06 . 2008-07-28 13:06 33,152 --a------ C:\WINDOWS\system32\rqRLdAtq.dll
2008-07-28 13:06 . 2008-07-28 18:55 16,384 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-28 13:05 . 2008-07-28 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL
2008-07-28 13:05 . 2008-07-27 09:57 303,104 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-28 13:05 . 2008-07-27 09:57 274,432 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-28 13:05 . 2008-07-27 09:57 163,840 --a------ C:\WINDOWS\eovp.exe
2008-07-28 13:05 . 2008-07-27 09:57 94,208 --a------ C:\WINDOWS\grswptdl.exe
2008-07-28 12:50 . 2008-07-28 12:53 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-07-28 12:50 . 2008-07-28 12:53 34,758 --a------ C:\WINDOWS\scunin.dat
2008-07-28 12:50 . 2008-07-28 12:53 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-27 20:09 . 2008-07-27 20:09 16 --a------ C:\WINDOWS\encore_launcher.ini
2008-07-23 22:54 . 2008-07-23 22:54 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-15 14:34 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-07-15 14:34 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-07-15 10:38 . 2008-07-15 10:38 233,372 --a------ C:\WINDOWS\t_eJay.inf
2008-07-15 10:38 . 2008-07-15 10:38 63 --a------ C:\WINDOWS\d_ejay2.inf
2008-07-15 10:38 . 2008-07-15 10:38 24 --a------ C:\WINDOWS\dmachine.inf
2008-07-14 15:18 . 2008-07-14 15:18 <DIR> d-------- C:\Program Files\OpenAL
2008-07-14 15:18 . 2008-07-14 15:18 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 15:18 . 2008-07-14 15:18 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-08 11:15 . 2008-07-16 10:49 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-07-06 23:17 . 2008-07-06 23:17 <DIR> d-------- C:\Program Files\MiniAtlas
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-06-30 22:03 . 2008-06-30 22:03 <DIR> d-------- C:\Program Files\THQ
2008-06-30 13:29 . 2008-06-30 13:29 <DIR> d-------- C:\WINDOWS\Fonfs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 18:01 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:49 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 09:37 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\TrueCrypt
2008-06-15 14:51 --------- d-----w C:\Program Files\TrueCrypt
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:43 2,740 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-06-11 09:36 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\uTorrent
2008-06-08 15:35 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 08:39 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 08:39 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-03 18:52 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6CFCF29-E855-420D-9A72-5B69F0F93746}]
2008-07-28 13:06 33152 --a------ C:\WINDOWS\system32\rqRlljii.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]
"ICQ"="K:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]
"Spyware Vanisher"="K:\spywarevanisher-full\SpywareVanisher.exe" [2006-12-24 15:13 4114432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-22 18:24 385024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 20:27 917504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 10:29 139264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-07-28 17:55 258048]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 15:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E6CFCF29-E855-420D-9A72-5B69F0F93746}"= "C:\WINDOWS\system32\rqRlljii.dll" [2008-07-28 13:06 33152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {4D49A7AA-4AAE-4B62-B9DF-E2603BC8B9D7} - C:\WINDOWS\eqvwamkl.dll [2008-07-27 09:57 274432]
"wnslvxtf"= {3391413D-81F8-439B-89AA-7BB7494B6DAE} - C:\WINDOWS\wnslvxtf.dll [2008-07-27 09:57 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRlljii]
2008-07-28 13:06 33152 C:\WINDOWS\system32\rqRlljii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
2008-07-28 18:55 16384 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winll28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqm54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxq42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\BitComet\\BitComet.exe"=
"K:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"K:\\Program Files\\Age of Wonders II\\AoW2.exe"=
"K:\\Program Files\\BitComet\\PatchWise.bak\\BitComet.exe"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"K:\\Program Files\\Computer Artworks\\Evolva\\Evolva.exe"=
"G:\\Viera\\PARTNERI\\DEUTSCHER RING\\Calculator SK\\Deutscher Ring Calculator SK.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"K:\\Program Files\\ICQ6\\ICQ.exe"=
"K:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Winqm54;Winqm54;C:\WINDOWS\system32\Drivers\Winqm54.sys []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S0 Winll28;Winll28;C:\WINDOWS\system32\Drivers\Winll28.sys []
S0 Winxq42;Winxq42;C:\WINDOWS\system32\Drivers\Winxq42.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456cfc16-3f90-11dd-be25-0011119f2e48}]
\Shell\AutoRun\command - M:\autorun.exe
\Shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beacf70-00ee-11dd-b008-0011119f2e48}]
\Shell\AutoRun\command - M:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]
\Shell\AutoRun\command - J:\SETUP.EXE

*Newly Created Service* - WINQM54
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 11:33:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqRlljii.dll
-> C:\WINDOWS\system32\WinCtrl32.dll
.
Completion time: 2008-07-29 11:34:17
ComboFix-quarantined-files.txt 2008-07-29 09:34:12
ComboFix5.txt 2008-07-29 09:32:10
ComboFix4.txt 2008-07-28 17:53:58
ComboFix3.txt 2008-07-28 18:16:30
ComboFix2.txt 2008-07-28 18:44:06

Adresářů: 11, Volných bajtů: 22,494,085,120
Adresářů: 12, Volných bajtů: 22,490,677,248

225 --- E O F --- 2008-07-23 11:18:17


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 12:49 | Tusim mam nejake virusy...

Zdravim,

ten SpywareVanisher vyzera podozrivo => odinstalovat. Bezi tam eTrust IS a NOD v2...

Pouzi Avenger s tymto skriptom:

Kód:
Files to delete:
C:\WINDOWS\system32\rqRlljii.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\wnslvxtf.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\rqRLdAtq.dll
C:\WINDOWS\eovp.exe
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\ScUnin.exe
C:\WINDOWS\scunin.dat
C:\WINDOWS\ScUnin.pif

Folders to delete:
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6CFCF29-E855-420D-9A72-5B69F0F93746}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRlljii
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32

Registry values to delete:
hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks | {E6CFCF29-E855-420D-9A72-5B69F0F93746}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | eqvwamkl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | wnslvxtf


Na mail mi, prosim, posli zalohu, ktora bude v C:\Avenger\backup.zip, vdaka.


Rucne zmaz:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456cfc16-3f90-11dd-be25-0011119f2e48}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beacf70-00ee-11dd-b008-0011119f2e48}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]


Fixni v HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2


Otestuj na www.virustotal.com tieto subory a vysledky sem skopiruj:

C:\WINDOWS\system32\drivers\Winqm54.sys
C:\WINDOWS\system32\Drivers\Winll28.sys


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 13:39 | Tusim mam nejake virusy...

dakujem za pomoc. plocha je uz v poriadku ale vedla casu mi este stale pise VIRUS ALERT! a tie subory Winqm54.sys a Winll28.sys tak z tych tam je uz iba Winqm54.sys a ten sa tam neda otestovat...vlastne sa z nim neda vobec hybat ani kopirovat...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 13:42 | Tusim mam nejake virusy...

a ten BackUp neide poslat lebo sa v nom nachadzaju virusi


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 15:38 | Tusim mam nejake virusy...

Hod to este raz do archivu s heslom "infected" a malo by to ist.

Posli mi na mail log zo SysInspectoru a sem posli novy z ComboFixu.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 16:49 | Tusim mam nejake virusy...

ComboFix 08-07-13.11 - Jakub 2008-07-29 16:48:01.9 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.933 [GMT 2:00]
Running from: C:\Documents and Settings\Jakub\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-28 19:15 . 2008-07-28 19:15 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-07-28 18:04 . 2008-07-28 18:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 14:35 . 2008-07-28 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CA
2008-07-28 14:34 . 2008-07-28 14:35 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 14:34 . 2008-07-28 14:34 <DIR> d-------- C:\Program Files\CA
2008-07-27 20:09 . 2008-07-27 20:09 16 --a------ C:\WINDOWS\encore_launcher.ini
2008-07-23 22:54 . 2008-07-23 22:54 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-15 14:34 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-07-15 14:34 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-07-15 10:38 . 2008-07-15 10:38 233,372 --a------ C:\WINDOWS\t_eJay.inf
2008-07-15 10:38 . 2008-07-15 10:38 63 --a------ C:\WINDOWS\d_ejay2.inf
2008-07-15 10:38 . 2008-07-15 10:38 24 --a------ C:\WINDOWS\dmachine.inf
2008-07-14 15:18 . 2008-07-14 15:18 <DIR> d-------- C:\Program Files\OpenAL
2008-07-14 15:18 . 2008-07-14 15:18 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 15:18 . 2008-07-14 15:18 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-08 11:15 . 2008-07-16 10:49 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-07-06 23:17 . 2008-07-06 23:17 <DIR> d-------- C:\Program Files\MiniAtlas
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-06-30 22:03 . 2008-06-30 22:03 <DIR> d-------- C:\Program Files\THQ
2008-06-30 13:29 . 2008-06-30 13:29 <DIR> d-------- C:\WINDOWS\Fonfs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 18:01 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:49 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 09:37 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\TrueCrypt
2008-06-15 14:51 --------- d-----w C:\Program Files\TrueCrypt
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:43 2,740 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-06-11 09:36 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\uTorrent
2008-06-08 15:35 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 08:39 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 08:39 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-03 18:52 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]
"ICQ"="K:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-22 18:24 385024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 20:27 917504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 10:29 139264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-07-28 17:55 258048]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 15:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winll28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqm54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxq42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\BitComet\\BitComet.exe"=
"K:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"K:\\Program Files\\Age of Wonders II\\AoW2.exe"=
"K:\\Program Files\\BitComet\\PatchWise.bak\\BitComet.exe"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"K:\\Program Files\\Computer Artworks\\Evolva\\Evolva.exe"=
"G:\\Viera\\PARTNERI\\DEUTSCHER RING\\Calculator SK\\Deutscher Ring Calculator SK.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"K:\\Program Files\\ICQ6\\ICQ.exe"=
"K:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Winqm54;Winqm54;C:\WINDOWS\system32\Drivers\Winqm54.sys []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S0 Winll28;Winll28;C:\WINDOWS\system32\Drivers\Winll28.sys []
S0 Winxq42;Winxq42;C:\WINDOWS\system32\Drivers\Winxq42.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]
\Shell\AutoRun\command - J:\SETUP.EXE

.
- - - - ORPHANS REMOVED - - - -

BHO-{E6CFCF29-E855-420D-9A72-5B69F0F93746} - C:\WINDOWS\system32\rqRlljii.dll
HKCU-Run-Spyware Vanisher - K:\spywarevanisher-full\SpywareVanisher.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 16:48:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-29 16:48:59
ComboFix-quarantined-files.txt 2008-07-29 14:48:58
ComboFix5.txt 2008-07-29 14:47:54
ComboFix4.txt 2008-07-28 18:44:06
ComboFix3.txt 2008-07-29 09:34:20
ComboFix2.txt 2008-07-29 10:39:46

Adresářů: 12, Volných bajtů: 22,491,332,608
Adresářů: 13, Volných bajtů: 22,484,353,024

190 --- E O F --- 2008-07-23 11:18:17


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 17:07 | Tusim mam nejake virusy...

Este ten log zo SysInspectoru. :)


Tieto subory mozes vratit, su ciste:

ScUnin.exe; scunin.dat; ScUnin


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 18:53 | Tusim mam nejake virusy...

no tak to mi musis poradit ako to mam vratit :) a okrem toho aky log z toho sysinspekrotu chces?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 18:54 | Tusim mam nejake virusy...

a neslo to poslat ani ked som to dal pod dalsi archiv na heslo...


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 20:25 | Tusim mam nejake virusy...

Mas archiv backup.zip a v nom najdes spominane subory. Tie jednoducho rozbalis do C:\Windows.

Log v ESI spravis tak, ze spustis aplikaciu, pockas a potom vyberies Subor => Ulozit log (ZIP). Potom subor pripojis ako prilohu a posles. Musi to ist.


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 20:53 | Tusim mam nejake virusy...

Dalsi skript pre Avenger:

Kód:
Drivers to delete:
Winqm54
Winll28
Winxq42

Files to delete:
C:\WINDOWS\system32\Drivers\Winqm54.sys
C:\WINDOWS\system32\Drivers\Winll28.sys
C:\WINDOWS\system32\Drivers\Winxq42.sys


Tiez posli zalohu, vdaka.


Zmazat este tento kluc:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 21:11 | Tusim mam nejake virusy...

Co na to pocitac?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 21:29 | Tusim mam nejake virusy...

nastartoval sa az na druhy krat po restarte....na prvy krat vyhodil na sekundu nejaky error som si nevsimol aky lebo sya vzapeti restartoval ale inac sa nic nezmenilo.
inac bola to asi zla cesta pre tie subory vid nizsie

Rootkit scan active.
No rootkits found!

Driver "Winqm54" deleted successfully.
Driver "Winll28" deleted successfully.
Driver "Winxq42" deleted successfully.

Error: file "C:\WINDOWS\system32\Drivers\Winqm54.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winqm54.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Drivers\Winll28.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winll28.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Drivers\Winxq42.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winxq42.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 21:42 | Tusim mam nejake virusy...

Hmm, vyzera to tak, ze tam uz nie su. Skus to zistit.


A co virus alert?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 29.07.08
Prihlásený: 29.07.08
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 29.07.2008 22:10 | Tusim mam nejake virusy...

no uz tam niesu ale ten virus alert vedla casu je tam stale...


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 12.06.08
Prihlásený: 16.09.10
Príspevky: 440
Témy: 4 | 4
NapísalOffline : 29.07.2008 22:38 | Tusim mam nejake virusy...

Posli log z Ultimate Process Manageru. Spusti _MAKE_LOG_SK.bat, zaškrtaj tieto položky: bežiace procesy, po spustení, moduly, služby, ovládače.

+ ComboFix z nudzoveho rezimu


 [ Príspevkov: 16 ] 


Tusim mam nejake virusy...



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

virusy

v Antivíry a antispywary

2

210

18.02.2012 9:08

EC0

V tomto fóre nie sú ďalšie neprečítané témy.

vymazať vírusy

v Antivíry a antispywary

5

533

01.03.2008 19:52

Mandy

V tomto fóre nie sú ďalšie neprečítané témy.

Vírusy na USB

v Antivíry a antispywary

12

339

18.12.2015 23:54

T.C.B.E.E

V tomto fóre nie sú ďalšie neprečítané témy.

Sú to vírusy ?

v Antivíry a antispywary

1

241

28.10.2011 22:02

Denco1

V tomto fóre nie sú ďalšie neprečítané témy.

xxx stranky - virusy ?

v Bezpečnosť a firewally

3

627

03.06.2010 19:16

Nanosonda

V tomto fóre nie sú ďalšie neprečítané témy.

Najhoršie vírusy všetkých čias

v Novinky

8

497

03.04.2008 21:06

Triminka

V tomto fóre nie sú ďalšie neprečítané témy.

Spomalenie PC-podozrenie na virusy

v Antivíry a antispywary

3

1553

08.10.2008 19:19

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

Ako sa do PC môžu dostať vírusy?

v Ostatné programy

6

300

27.07.2012 20:52

tairikuokami

V tomto fóre nie sú ďalšie neprečítané témy.

Vírusy a Trojsky kon - prosím o pomoc

v Antivíry a antispywary

2

546

24.10.2007 12:07

huncut99

V tomto fóre nie sú ďalšie neprečítané témy.

Antivirovy softver , virusy , business, lobing =bludny kruh

v Bezpečnosť a firewally

5

580

14.07.2009 10:25

mareksnx

V tomto fóre nie sú ďalšie neprečítané témy.

Grafický čip R600 hľadá vírusy 21x rýchlejšie ako 2 O

v Novinky

1

189

17.09.2007 22:48

Shit

V tomto fóre nie sú ďalšie neprečítané témy.

Aký mám pc na hry a čo mám dokúpiť?

v PC zostavy

7

365

23.04.2007 18:19

fuco

V tomto fóre nie sú ďalšie neprečítané témy.

Ako mam zistit aku mam ram v PC ??

v Pamäte

18

9945

03.07.2011 23:03

dixi

V tomto fóre nie sú ďalšie neprečítané témy.

cez aky soft mam nahravat zvuk ked mam tv kartu ?

v Audio programy

5

750

03.01.2007 19:30

ucen

V tomto fóre nie sú ďalšie neprečítané témy.

Ako zistim aku mam ram?? ci mam DDR alebo DDR2

v Pamäte

3

2524

30.11.2008 22:05

fuco

V tomto fóre nie sú ďalšie neprečítané témy.

Mam 4770 mam kupit 5770 alebo 5830

v Grafické karty

24

637

19.05.2010 9:37

heretik



© 2005 - 2017 PCforum, edited by JanoF