virus alebo spyware?

alica · Napísal **alica**: 24.03.2008 21:01

taak dala som prehladat comp spybot-om a naslo mi 29 nakazenych tak som dala opravit...a teraz mi znovu zacalo ukazovat(winodws security) ze comp je nakazeny spyware-om. typ abebot....co to je?

brm · Napísal **brm**: 24.03.2008 21:12

Nie je to náhodou System Alert?

Prebehni komp týmto:
http://www.viry.cz/forum/viewtopic.php?t=16475

alica · Napísal autor témy **alica**: 24.03.2008 21:25

hmm mozno ..dik

SilverSurfer · Napísal **SilverSurfer**: 25.03.2008 17:59

brm píše:

Nie je to náhodou System Alert?

Prebehni komp týmto:
http://www.viry.cz/forum/viewtopic.php?t=16475

brm: porad jej radsej nieco jednoduchsie pretoze pochybujem ze vie pc dat do nudzoveho rezimu ked sa pytala ako ma zistit ze aky ma windows

brm · Napísal **brm**: 25.03.2008 22:27

SilverSurfer.. no pri tom návode pri slovíčku "nouzový režim" je odkaz na ďalšiu stránku, kde je pekne napísané, ako sa do núdzového režimu dostane..

btw.. nesledoval som iné jej témy, takže o tej otázke na windows neviem..

SilverSurfer · Napísal **SilverSurfer**: 26.03.2008 8:52

brm píše:

SilverSurfer.. no pri tom návode pri slovíčku "nouzový režim" je odkaz na ďalšiu stránku, kde je pekne napísané, ako sa do núdzového režimu dostane..

btw.. nesledoval som iné jej témy, takže o tej otázke na windows neviem..

ja som tu stranku celu nesledoval ale ked som uvidel nudzovy rezim tak mi bolo jasne ze to nespravi.

alica · Napísal autor témy **alica**: 28.03.2008 13:22

no tak ja fakt netusim ako mam dat do nudzoveho rezimu

brm · Napísal **brm**: 28.03.2008 16:05

Pretože si to asi ani nečítala..

http://www.viry.cz/forum/viewtopic.php?t=7554

alica · Napísal autor témy **alica**: 28.03.2008 18:56

brm píše:

Pretože si to asi ani nečítala..

http://www.viry.cz/forum/viewtopic.php?t=7554

no tak citat sim citala ale ja sa do pocitacov nerozumiem:D

alica · Napísal autor témy **alica**: 28.03.2008 18:58

ja take nieco nezvladnem ....

br4n0 · Napísal **br4n0**: 28.03.2008 19:48

Ani nemusíš, smitfraudfix nie je veľmi účinný. Snáď zvládneš návod na poslanie výpisu z combofixu.

alica · Napísal autor témy **alica**: 28.03.2008 19:54

ked mam deaktivovat rezidentny stit antivir. programu -mam avast tak mam dat pozastavit?

br4n0 · Napísal **br4n0**: 28.03.2008 20:18

Klikni na ikonu avast pri hodinách. Zobrazí sa menu (asi takéto). Je to posledná voľba - vypnúť ochranu alebo podobne.

alica · Napísal autor témy **alica**: 28.03.2008 20:28

a este nieco "Aplikáciu spustite pod účtom administrátora" pod akym uctom alebo kto je moj administrator?

br4n0 · Napísal **br4n0**: 28.03.2008 21:17

To znamená normálne u teba, pokiaľ nemáš obmedzené práva (nemôžeš inštalovať atď), čo asi nemáš.
Ešte predtým, ako to bude komplikovanejšie

, vyskúšaj RogueRemover.

alica · Napísal autor témy **alica**: 29.03.2008 12:06

a co sluzi a co mam s nim spravit? mam poslat aj tak log?

br4n0 · Napísal **br4n0**: 29.03.2008 12:14

RogueRemover spusti, je to niečo ako spybot. Ak nepomôže, pošli log z combofix.

alica · Napísal autor témy **alica**: 29.03.2008 12:32

no dala som scan ale nic nenaslo....a zachvilu mi zas vypisala tabulka od windovsu ze mam spyware

alica · Napísal autor témy **alica**: 29.03.2008 13:05

ComboFix 08-03-27.5 - Peter 2008-03-29 12:53:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.354 [GMT 1:00]
Running from: C:\Users\Peter\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Peter\Desktopblackbird.jpg
C:\Users\Peter\DesktopEditorFKWP1.5.exe
C:\Users\Peter\DesktopEditorFKWP2.0.exe
C:\Users\Peter\Desktopfilemanagerclient.exe
C:\Users\Peter\Desktopfkwp1.5.exe
C:\Users\Peter\Desktopfkwp2.0.exe
C:\Users\Peter\Desktopfwebd.exe
C:\Users\Peter\DesktopFWebdEditor.exe
C:\Users\Peter\DesktopTrojan.Win32.BlackBird.exe
C:\Users\Peter\Desktopvirii
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\FVProtect.exe
C:\Windows\iTunesMusic.exe
C:\Windows\mssecu.exe
C:\Windows\rs.txt
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32smp
C:\Windows\system32smp\msrc.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\Web\def.htm
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:28 --------- d-----w C:\Program Files\RogueRemover FREE
2008-03-26 15:24 13,025 ----a-w C:\Users\Peter\AppData\Roaming\nvModes.dat
2008-03-24 18:56 --------- d-----w C:\Program Files\7-Zip
2008-03-24 16:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-24 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 11:38 --------- d-----w C:\Program Files\PC-Antispyware
2008-03-21 19:33 90,112 ----a-w C:\Windows\System32\yzpdisck.exe
2008-03-21 19:33 37,888 ----a-w C:\Windows\hudwpmnq.exe
2008-03-21 17:17 212,992 ----a-w C:\Windows\drnpfdxlwn.dll
2008-03-21 17:16 245,760 ----a-w C:\Windows\altvxvm.dll
2008-03-15 20:06 --------- d-----w C:\Program Files\BitLord
2008-03-14 14:50 --------- d-----w C:\Users\Peter\AppData\Roaming\ICQ
2008-02-20 17:11 --------- d-----w C:\Program Files\ICQ6
2008-02-20 13:44 --------- d-----w C:\Users\Peter\AppData\Roaming\OTi
2008-02-15 19:17 --------- d-----w C:\Program Files\Winamp Remote
2008-02-15 19:14 --------- d-----w C:\Users\Peter\AppData\Roaming\Winamp
2008-02-15 19:14 --------- d-----w C:\Program Files\Winamp
2008-02-14 18:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 18:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 18:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 18:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 18:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 18:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 18:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 18:28 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 18:28 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 18:28 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 18:28 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 05:49 --------- d-----w C:\Users\Peter\AppData\Roaming\ZoomBrowser EX
2008-02-09 16:56 --------- d-----w C:\Program Files\Realore
2008-01-31 15:56 --------- d-----w C:\ProgramData\ZoomBrowser
2008-01-31 15:44 --------- d-----w C:\Program Files\Canon
2008-01-31 15:40 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-29 15:03 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-09 04:08 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 12:58 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2007-12-13 16:05 174 --sha-w C:\Program Files\desktop.ini
2007-10-24 11:38 0 ----a-w C:\Users\Peter\AppData\Roaming\wklnhst.dat
2007-11-16 20:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-16 20:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-16 20:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-03-21 21:31 176128 --------- C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 05:08 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 00:36 1474560]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 16:57 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 23:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 18:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 18:50 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 17:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 17:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-01 04:10 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 11:26 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"yzpdisck"="C:\Windows\system32\yzpdisck.exe" [2008-03-21 20:33 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-04 01:55:50 703280]
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE [2000-01-21 08:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jxls4XEL8c"= C:\Windows\hudwpmnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FB0B4872-E62E-4DF3-A7BD-DEC2B9F522D5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88084C93-63A9-49A2-BED0-1A2C3C60C454}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7EB3385-9667-4F7A-AD62-D58EB5152897}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{0AFD4574-63F1-461E-991C-DE1DDAB5C815}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DDF3CAB5-AEE8-4E19-8A79-F60F68D75C7B}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{0BFDA198-9991-4B48-869F-6579204E7685}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{D9DD5784-09ED-40B2-9110-ECA068196DDD}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{42B82E72-8F35-4594-B715-47AC057F74AE}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6C583DEF-4DCF-44D5-8484-F9B885B3AF96}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{3B261EEB-5E58-4EED-B928-0E4DF0E82A08}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C14A0BA2-76F1-4EBA-A300-09AD1B052573}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5BAE4EAC-86C2-45DC-A796-18E31A8C66CA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1FCA57D8-0436-48D8-A19B-5F405D7C0768}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{999019DF-0373-4301-BC6C-9AD8C62C41A6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{75C3C7A6-4521-4A11-A935-2A43DA7C3390}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{418A2F88-F74E-4250-99A6-E7B60164C0EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{6464F20E-6333-4AE0-956D-B43904DDAFBD}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{856CAE21-B6CE-4A7B-9FF0-1C35B65B1E6E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B6129D9B-6228-4EBB-BC16-45F529901E8E}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{5505E5D4-B555-4AFF-AC74-E11BCD1AC60B}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{36A9930D-0A99-4CC4-9FEF-44F8583029BC}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{C9288296-03A6-4D10-A392-1467AEF5A227}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{72CB6D50-19E8-46CA-86B4-D4697E61530A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C691090A-0842-4FDC-AC89-0D7CC5EB2CBE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B0435426-5DEE-4F30-BFF2-F61493D2076D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9CB83C4A-F0AF-46B6-B91B-90977D8EE545}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{FF544FED-D525-47DC-B142-333BA44CB477}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{4C70A4F0-9408-47CE-8C79-55AD93152B54}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{246B6662-E529-4372-87F2-4ABFFE5424A7}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B066CC5D-BBDF-43F7-964A-B7F328868A16}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3FE296DC-9E3B-42CA-83B8-DA1EA4B86DAD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5E6E478A-DAC6-49B1-975E-8150389092C8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{610C5AF6-CD40-4B1B-A653-ABD8D8B8F354}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A2213098-DEFC-4B29-84B6-6A77C1E28AFC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{72A60DB8-8501-4EBD-915D-45FF47E0B466}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{98229FCA-40D2-4DAB-94B3-791D9BAC71D5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-13 17:00]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 09:44]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 17:20]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
S3 naecd;naecd;C:\Users\Peter\AppData\Local\Temp\naecd.sys [2006-04-12 17:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4682dc-dfb1-11dc-83ec-0016d39fa690}]
\shell\AutoRun\command - G:\USBNB.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 22:38:22 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job"
- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe?Sched RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0
"2008-03-29 12:01:00 C:\Windows\Tasks\User_Feed_Synchronization-{48FFF490-A03F-4285-BEFD-29DEB775166E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 12:59:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-29 13:02:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 12:02:09
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-03-28 11:20:54 --- E O F ---

alica · Napísal autor témy **alica**: 29.03.2008 13:07

ako mam teraz spustit antivirak avast?

SilverSurfer · Napísal **SilverSurfer**: 29.03.2008 13:16

alica píše:

ako mam teraz spustit antivirak avast?

nemam avast ale tak ako si to deaktivovala tam by sa to malo aj aktivovat cize mala by to byt ta posledna volba.

alica · Napísal autor témy **alica**: 29.03.2008 13:23

no to viem ale dole mi zmizlo "a" a teraz to neviem najst

SilverSurfer · Napísal **SilverSurfer**: 29.03.2008 13:33

alica píše:

no to viem ale dole mi zmizlo "a" a teraz to neviem najst

tak to hladaj niekde na pevnom disku ( zvycajne C oddie), program files, a tam zlozka avast a v tom by je spustaci subor .exe (avast.exe alebo nieco take) ten spust

br4n0 · Napísal **br4n0**: 29.03.2008 13:39

Nie že by avast nejako pomohol..

alica · Napísal autor témy **alica**: 29.03.2008 13:48

no tak asi zapnuty je, ale ako dostanem na listu "a"?

alica · Napísal autor témy **alica**: 29.03.2008 13:48

a co ten log? je v poriadku?

SilverSurfer · Napísal **SilverSurfer**: 29.03.2008 13:51

alica píše:

a co ten log?

1. nauc sa editovat prispevok
2. ked je zapnuty tak by na liste malo ukazovat to "a"

alica · Napísal autor témy **alica**: 29.03.2008 13:54

SilverSurfer píše:

1. nauc sa editovat prispevok
2. ked je zapnuty tak by na liste malo ukazovat to "a"

ty teda mas problemy

no ale neni tam.....

SilverSurfer · Napísal **SilverSurfer**: 29.03.2008 13:56

ten log nie som na to odbornik od toho tu je br4n0 ale imho 1 minimalne.

br4n0 · Napísal **br4n0**: 29.03.2008 13:57

alica, toto skopíruj (označiť, ctrl+c)

Kód:

Drivers to delete:
naecd

files to delete:
C:\Windows\System32\yzpdisck.exe
C:\Windows\hudwpmnq.exe
C:\Windows\drnpfdxlwn.dll
C:\Windows\altvxvm.dll
C:\Windows\System32\ieUnatt.exe
C:\Users\Peter\AppData\Local\Temp\naecd.sys

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | yzpdisck 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run | jxls4XEL8c 

A vlož do avengeru podľa návodu.

virus alebo spyware?

Podobné témy