| | |
| Stránka: 1 z 1
| [ Príspevkov: 6 ] | |
Autor | Správa |
---|
Registrovaný: 28.08.06 Prihlásený: 22.04.13 Príspevky: 530 Témy: 67 |
Zdravim.
Takze mam problem s nejakym druhom virusu s akym som sa doposial nestretol, nepomohol ani eset, ani hijack a dokonca ani Spybot: Search & Destroy
Stale mi ESETSS vypisuje: Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined
Kód: 10. 4. 2009 22:43:10 HTTP filter file http://coqhecup.cn/kept.exe a variant of Win32/Spy.Delf.NOK trojan connection terminated - quarantined PC_1\PC Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe. 10. 4. 2009 22:42:37 Real-time file system protection file C:\WINDOWS\system32\drivers\securentm.sys Win32/TrojanDownloader.Wigon.BS trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\PC\LOCALS~1\Temp\BND3.tmp. 10. 4. 2009 22:42:37 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BND4.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:57:17 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN79C1.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:49:53 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7945.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:49:15 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7936.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:40:07 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7879.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:38:17 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7802.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:35:05 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN779A.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:23:54 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7765.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:20:06 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7762.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:18:24 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN775F.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:15:22 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN775C.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:13:06 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN771E.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:10:23 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN76C6.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:05:06 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7407.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 21:03:26 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7404.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 21:00:04 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN739F.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 20:58:29 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN739C.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:55:04 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7374.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 20:53:17 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7371.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:50:49 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN7339.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 20:48:26 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN5F1B.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 20:45:06 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BNC2E.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. 10. 4. 2009 20:43:32 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BNBF0.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:40:49 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BNCD18.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:37:04 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN9723.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:29:10 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN58F7.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:24:31 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN2413.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:13:28 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN8B1E.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe. 10. 4. 2009 20:09:32 Real-time file system protection file C:\DOCUME~1\PC\LOCALS~1\Temp\BN5929.tmp Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. dik za pomoc ////edit: prikladam log z hijacku aj ked si nemyslim ze to pomoze Kód: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:06, on 10. 4. 2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\PC\PC.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [PC] C:\Documents and Settings\PC\PC.exe /i O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmbwlpw.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
-- End of file - 8375 bytes
_________________ Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17 |
|
Registrovaný: 10.07.07 Prihlásený: 02.11.17 Príspevky: 1060 Témy: 0 Bydlisko: Bratislava |
asi treba ist na to postupne
Cez hijackthis zatial docasne fixni:
O4 - HKCU\..\Run: [PC] C:\Documents and Settings\PC\PC.exe /i
a stiahni si a posli aj vypis z
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(pri teste vypni rezident. ochranu antiv.programu)
a posli ho sem..
_________________ Nebo je modre, voda je mokra... |
|
Registrovaný: 28.08.06 Prihlásený: 22.04.13 Príspevky: 530 Témy: 67 | Napísal autor témy Toxin_SK: 11.04.2009 0:04 | |
|
Kód: ComboFix 09-04-04.01 - PC 2009-04-10 23:57:37.2 - NTFSx86 Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1022.519 [GMT 2:00] Running from: c:\documents and settings\PC\Plocha\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: ESET Personal firewall *enabled* * Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\documents and settings\PC\PC.exe c:\windows\IE4 Error Log.txt c:\windows\system32\digiwet.dll c:\windows\Sysvxd.exe c:\windows\wiaservb.log
. ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))))) .
2009-04-10 23:18 . 2009-04-10 23:18 1,087,488 --a------ c:\documents and settings\PC\jnqtvycfiloruxbdgjmps.exe 2009-04-10 21:33 . 2009-04-10 21:33 1,087,488 --a------ c:\documents and settings\PC\mrtwadgjloruxadgjmoru.exe 2009-04-10 21:10 . 2009-04-10 21:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-04-10 19:56 . 2009-04-10 21:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Google Updater 2009-04-10 16:11 . 2009-04-10 16:25 <DIR> d-------- c:\documents and settings\PC\Data aplikací\REAPER 2009-04-05 18:32 . 2009-04-05 18:32 <DIR> d-------- c:\documents and settings\PC\Data aplikací\id Software 2009-04-05 18:30 . 2009-04-05 18:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\id Software 2009-04-04 13:29 . 2009-04-04 13:31 <DIR> d-------- c:\documents and settings\PC\Data aplikací\gtk-2.0 2009-04-04 13:28 . 2009-04-04 13:28 <DIR> d-------- c:\documents and settings\PC\Data aplikací\NetRadiantSettings 2009-04-03 20:44 . 2009-04-03 20:44 <DIR> d-------- c:\documents and settings\PC\Data aplikací\fretsonfire 2009-03-27 18:57 . 2009-03-27 18:57 <DIR> d-------- c:\program files\gbg 2009-03-27 16:45 . 2009-03-27 16:45 <DIR> d-------- c:\program files\LittleFighter2 2009-03-27 12:20 . 2004-05-10 01:14 118,272 --a------ c:\windows\system32\SX5363S.DLL 2009-03-27 12:20 . 2004-05-10 01:14 102,400 --a------ c:\windows\system32\RV32RTP.dll 2009-03-27 12:20 . 2004-05-10 01:15 40 --a------ c:\windows\system32\Sx5363.ini 2009-03-27 12:15 . 2009-03-27 12:15 <DIR> d-------- c:\program files\SubaGames 2009-03-26 15:55 . 2003-07-20 20:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-03-26 15:55 . 2005-01-04 11:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-03-26 15:49 . 2009-03-26 15:49 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-03-26 14:40 . 2009-03-26 14:43 <DIR> d-------- c:\program files\NCSoft 2009-03-26 14:38 . 2009-03-26 14:39 <DIR> d-------- c:\documents and settings\PC\Data aplikací\GetRightToGo 2009-03-23 23:06 . 2009-03-23 23:06 <DIR> d-------- C:\Games 2009-03-23 23:06 . 2009-03-23 23:06 <DIR> d-------- c:\documents and settings\PC\Data aplikací\Toribash 2009-03-23 19:40 . 2009-03-23 19:40 <DIR> d-------- c:\program files\alaplaya 2009-03-23 08:10 . 2009-03-23 19:41 96 --ah----- c:\windows\system32\HsInfo.dat 2009-03-23 07:55 . 2009-03-23 07:55 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield 2009-03-23 07:52 . 2009-03-23 07:52 <DIR> d-------- c:\program files\Gravity 2009-03-23 07:52 . 2004-08-09 06:04 73,728 --a------ c:\windows\system32\ISUSPM.cpl 2009-03-22 18:38 . 2009-03-26 22:28 <DIR> d-------- C:\Download 2009-03-22 17:08 . 2009-03-22 17:08 230,752 --a------ c:\windows\patchw32.dll 2009-03-22 16:50 . 2009-03-22 16:50 <DIR> d-------- c:\program files\Outspark 2009-03-22 15:12 . 2009-03-22 15:12 2,192,640 --a------ c:\windows\system32\kernel1.exe 2009-03-22 15:11 . 2008-04-19 09:27 222 --ahs---- C:\BOOT.BKK 2009-03-22 14:35 . 2009-03-22 14:36 <DIR> d-------- C:\snowboarding yeaah 2009-03-22 14:28 . 2009-03-22 14:28 <DIR> d-------- c:\program files\TGTSoft 2009-03-15 00:31 . 2009-03-15 00:33 <DIR> d-------- c:\program files\Sector69
. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 21:52 --------- d-----w c:\documents and settings\PC\Data aplikací\DNA 2009-04-10 20:52 --------- d-----w c:\program files\DNA 2009-04-10 20:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy 2009-04-10 19:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP 2009-04-10 17:56 --------- d-----w c:\program files\Google 2009-04-05 16:43 75,064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-05 16:43 138,944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-05 16:42 189,784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-05 16:31 22,328 ----a-w c:\documents and settings\PC\Data aplikací\PnkBstrK.sys 2009-04-05 16:30 2,246,144 ----a-w c:\windows\system32\pbsvc.exe 2009-04-03 20:17 --------- d-----w c:\documents and settings\PC\Data aplikací\skypePM 2009-04-03 20:17 --------- d-----w c:\documents and settings\PC\Data aplikací\Skype 2009-03-27 10:15 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-26 20:29 --------- d-----w c:\documents and settings\PC\Data aplikací\uTorrent 2009-03-23 05:52 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-22 12:19 --------- d-----w c:\program files\UTDeluxe 2009-03-21 14:19 --------- d-----w c:\documents and settings\PC\Data aplikací\NoNameScript 2009-03-21 08:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania 2009-03-14 22:36 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-14 22:31 --------- d-----w c:\program files\WinPcap 2009-03-02 12:26 --------- d-----w c:\program files\UNIO_systems 2009-02-27 20:03 --------- d-----w c:\program files\sXe Injected 2009-02-27 14:53 --------- d-----w c:\program files\Common Files\Skype 2009-02-27 14:53 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype 2009-02-27 14:53 --------- d-----r c:\program files\Skype 2009-02-20 18:45 --------- d-----w c:\program files\Doom 3 2009-02-15 18:29 --------- d-----w c:\documents and settings\PC\Data aplikací\ICQ 2008-09-02 09:46 24 ----a-w c:\documents and settings\PC\jagex_runescape_preferences.dat 2008-02-20 18:56 11,528,667 ----a-w c:\program files\VideoLAN.exe 2008-02-20 18:48 11,425,755 ----a-w c:\program files\VideoLAN.rar 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-08-07 15:36 81,487,904 --sha-w c:\windows\system32\drivers\fidbox.dat .
------- Sigcheck -------
2008-11-29 13:59 359936 aac64d1393afce8ffb90a91c157dc0b9 c:\windows\system32\dllcache\TCPIP.SYS 2008-11-29 13:59 359936 aac64d1393afce8ffb90a91c157dc0b9 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2006-01-01 342848] "Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-28 144792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 1448448] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\ QIP 2005.lnk - c:\program files\QIP\qip.exe [2008-07-01 3256320]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Fantastic Flame Agent.lnk] path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Fantastic Flame Agent.lnk backup=c:\windows\pss\Fantastic Flame Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^Xfire.lnk] path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-29 16:57 1271032 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-11-29 13:34 270128 c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2006-01-11 09:08 577536 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\QIP\\qip.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Games\\Project Powder\\Run.exe"= "c:\\Program Files\\NCsoft\\Exteel (US)\\System\\Exteel.exe"= "c:\program files\SubaGames\ACEonline\Launcher.atm"= c:\program files\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2 "c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe"= c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2007-10-05 16269] R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [2005-08-08 6640] R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120] R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;c:\windows\system32\drivers\mrv8k51.sys [2007-10-05 256512] S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?] S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?] S2 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?] S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?] S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?] S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?] S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?] S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?] S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848] S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464] S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2009-02-22 50560] S3 gsplittm;gsplittm;\??\c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088] S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?] . Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 19:56]
2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-527237240-725345543-1003.job - c:\documents and settings\PC\Local Settings\Data aplikac [] . - - - - ORPHANS REMOVED - - - -
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe HKLM-Run-snpstd - c:\windows\vsnpstd.exe MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
. ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v0ylcwao.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - localfilelinks FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk"); .
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 23:59:37 Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0___2\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:02,2a,d0,fd,70,ed,b8,37,39,49,a8,f3,9b,b3,e0,1e,36,b9,28,2f,c2,fa,39, 97,f0,4c,1a,47,99,63,b5,95,93,23,23,24,2b,da,03,18,7c,95,c0,84,d0,d9,bc,bf,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . --------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1064) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-11 0:01:13 ComboFix-quarantined-files.txt 2009-04-10 22:00:45
Pre-Run: 4 007 264 256 Post-Run: 4,006,924,288
242
_________________ Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17 |
|
Registrovaný: 10.07.07 Prihlásený: 02.11.17 Príspevky: 1060 Témy: 0 Bydlisko: Bratislava |
Vypni vsetky rezidentne ochrany v pc.
Combofix umiestni na plochu
Na ploche vytvor cez notepad subor CFScript
do tohto .txt suboru vloz tento kod
Kód: KILLALL::
File:: c:\windows\system32\drivers\amd64si.sys c:\windows\system32\drivers\ati64si.sys c:\windows\system32\drivers\nicsk32.sys c:\windows\system32\drivers\i386si.sys c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys c:\windows\system32\XDva248.sys c:\windows\system32\drivers\port135sik.sys
Registry:: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll"
Rootkit:: c:\windows\system32\drivers\port135sik.sys c:\windows\system32\drivers\fips32cup.sys c:\windows\system32\drivers\ati64si.sys c:\windows\system32\drivers\amd64si.sys c:\windows\system32\drivers\ws2_32sik.sys c:\windows\system32\drivers\acpi32.sys c:\windows\system32\drivers\i386si.sys c:\windows\system32\drivers\nicsk32.sys c:\windows\system32\drivers\securentm.sys c:\windows\system32\drivers\systemntmi.sys c:\windows\system32\XDva248.sys
Driver:: ati64si amd64si nicsk32 i386si port135sik ws2_32sik acpi32 fips32cup i386si nicsk32 securentm systemntmi XDva248
Po ulozeni, subor CFScript premiestni mysou na ikonku combofixu..Zacne prebiehat (aj na obrazovke) spracovanie a po restarte posli opat aktualny vypis z hijackthis a combofix.
_________________ Nebo je modre, voda je mokra... |
|
Registrovaný: 28.08.06 Prihlásený: 22.04.13 Príspevky: 530 Témy: 67 | Napísal autor témy Toxin_SK: 11.04.2009 3:25 | |
|
Kód: ComboFix 09-04-04.01 - PC 2009-04-11 3:15:28.3 - NTFSx86 Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1022.503 [GMT 2:00] Running from: c:\documents and settings\PC\Plocha\ComboFix.exe Command switches used :: c:\documents and settings\PC\Plocha\CFScript.txt AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) FW: ESET Personal firewall *enabled* * Created a new restore point * Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE :: c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys c:\windows\system32\drivers\amd64si.sys c:\windows\system32\drivers\ati64si.sys c:\windows\system32\drivers\i386si.sys c:\windows\system32\drivers\nicsk32.sys c:\windows\system32\drivers\port135sik.sys c:\windows\system32\XDva248.sys .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
. ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) .
-------\Legacy_XDVA248 -------\Service_acpi32 -------\Service_amd64si -------\Service_ati64si -------\Service_fips32cup -------\Service_i386si -------\Service_nicsk32 -------\Service_port135sik -------\Service_securentm -------\Service_systemntmi -------\Service_ws2_32sik -------\Service_XDva248
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) .
2009-04-10 23:18 . 2009-04-10 23:18 1,087,488 --a------ c:\documents and settings\PC\jnqtvycfiloruxbdgjmps.exe 2009-04-10 21:33 . 2009-04-10 21:33 1,087,488 --a------ c:\documents and settings\PC\mrtwadgjloruxadgjmoru.exe 2009-04-10 21:10 . 2009-04-10 21:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-04-10 19:56 . 2009-04-10 21:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Google Updater 2009-04-10 16:11 . 2009-04-10 16:25 <DIR> d-------- c:\documents and settings\PC\Data aplikací\REAPER 2009-04-05 18:32 . 2009-04-05 18:32 <DIR> d-------- c:\documents and settings\PC\Data aplikací\id Software 2009-04-05 18:30 . 2009-04-05 18:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\id Software 2009-04-04 13:29 . 2009-04-04 13:31 <DIR> d-------- c:\documents and settings\PC\Data aplikací\gtk-2.0 2009-04-04 13:28 . 2009-04-04 13:28 <DIR> d-------- c:\documents and settings\PC\Data aplikací\NetRadiantSettings 2009-04-03 20:44 . 2009-04-03 20:44 <DIR> d-------- c:\documents and settings\PC\Data aplikací\fretsonfire 2009-03-27 18:57 . 2009-03-27 18:57 <DIR> d-------- c:\program files\gbg 2009-03-27 16:45 . 2009-03-27 16:45 <DIR> d-------- c:\program files\LittleFighter2 2009-03-27 12:20 . 2004-05-10 01:14 118,272 --a------ c:\windows\system32\SX5363S.DLL 2009-03-27 12:20 . 2004-05-10 01:14 102,400 --a------ c:\windows\system32\RV32RTP.dll 2009-03-27 12:20 . 2004-05-10 01:15 40 --a------ c:\windows\system32\Sx5363.ini 2009-03-27 12:15 . 2009-03-27 12:15 <DIR> d-------- c:\program files\SubaGames 2009-03-26 15:55 . 2003-07-20 20:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-03-26 15:55 . 2005-01-04 11:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-03-26 15:49 . 2009-03-26 15:49 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-03-26 14:40 . 2009-03-26 14:43 <DIR> d-------- c:\program files\NCSoft 2009-03-26 14:38 . 2009-03-26 14:39 <DIR> d-------- c:\documents and settings\PC\Data aplikací\GetRightToGo 2009-03-23 23:06 . 2009-03-23 23:06 <DIR> d-------- C:\Games 2009-03-23 23:06 . 2009-03-23 23:06 <DIR> d-------- c:\documents and settings\PC\Data aplikací\Toribash 2009-03-23 19:40 . 2009-03-23 19:40 <DIR> d-------- c:\program files\alaplaya 2009-03-23 08:10 . 2009-03-23 19:41 96 --ah----- c:\windows\system32\HsInfo.dat 2009-03-23 07:55 . 2009-03-23 07:55 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InstallShield 2009-03-23 07:52 . 2009-03-23 07:52 <DIR> d-------- c:\program files\Gravity 2009-03-23 07:52 . 2004-08-09 06:04 73,728 --a------ c:\windows\system32\ISUSPM.cpl 2009-03-22 18:38 . 2009-03-26 22:28 <DIR> d-------- C:\Download 2009-03-22 17:08 . 2009-03-22 17:08 230,752 --a------ c:\windows\patchw32.dll 2009-03-22 16:50 . 2009-03-22 16:50 <DIR> d-------- c:\program files\Outspark 2009-03-22 15:12 . 2009-03-22 15:12 2,192,640 --a------ c:\windows\system32\kernel1.exe 2009-03-22 15:11 . 2008-04-19 09:27 222 --ahs---- C:\BOOT.BKK 2009-03-22 14:35 . 2009-03-22 14:36 <DIR> d-------- C:\snowboarding yeaah 2009-03-22 14:28 . 2009-03-22 14:28 <DIR> d-------- c:\program files\TGTSoft 2009-03-15 00:31 . 2009-03-15 00:33 <DIR> d-------- c:\program files\Sector69
. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-11 01:19 --------- d-----w c:\program files\DNA 2009-04-11 01:19 --------- d-----w c:\documents and settings\PC\Data aplikací\DNA 2009-04-10 20:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy 2009-04-10 19:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP 2009-04-10 17:56 --------- d-----w c:\program files\Google 2009-04-05 16:43 138,944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-05 16:31 22,328 ----a-w c:\documents and settings\PC\Data aplikací\PnkBstrK.sys 2009-04-03 20:17 --------- d-----w c:\documents and settings\PC\Data aplikací\skypePM 2009-04-03 20:17 --------- d-----w c:\documents and settings\PC\Data aplikací\Skype 2009-03-27 10:15 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-26 20:29 --------- d-----w c:\documents and settings\PC\Data aplikací\uTorrent 2009-03-23 05:52 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-22 12:19 --------- d-----w c:\program files\UTDeluxe 2009-03-21 14:19 --------- d-----w c:\documents and settings\PC\Data aplikací\NoNameScript 2009-03-21 08:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania 2009-03-14 22:36 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-14 22:31 --------- d-----w c:\program files\WinPcap 2009-03-02 12:26 --------- d-----w c:\program files\UNIO_systems 2009-02-27 20:03 --------- d-----w c:\program files\sXe Injected 2009-02-27 14:53 --------- d-----w c:\program files\Common Files\Skype 2009-02-27 14:53 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype 2009-02-27 14:53 --------- d-----r c:\program files\Skype 2009-02-20 18:45 --------- d-----w c:\program files\Doom 3 2009-02-15 18:29 --------- d-----w c:\documents and settings\PC\Data aplikací\ICQ 2008-09-02 09:46 24 ----a-w c:\documents and settings\PC\jagex_runescape_preferences.dat 2008-02-20 18:56 11,528,667 ----a-w c:\program files\VideoLAN.exe 2008-02-20 18:48 11,425,755 ----a-w c:\program files\VideoLAN.rar 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-08-07 15:36 81,487,904 --sha-w c:\windows\system32\drivers\fidbox.dat .
------- Sigcheck -------
2008-11-29 13:59 359936 aac64d1393afce8ffb90a91c157dc0b9 c:\windows\system32\dllcache\TCPIP.SYS 2008-11-29 13:59 359936 aac64d1393afce8ffb90a91c157dc0b9 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-04-10_23.59.55,04 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2009-04-11 01:18:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3a4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2006-01-01 342848] "Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-28 144792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 1448448] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\ QIP 2005.lnk - c:\program files\QIP\qip.exe [2008-07-01 3256320]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Fantastic Flame Agent.lnk] path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Fantastic Flame Agent.lnk backup=c:\windows\pss\Fantastic Flame Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^Xfire.lnk] path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-29 16:57 1271032 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-11-29 13:34 270128 c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -r------- 2006-01-11 09:08 577536 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\QIP\\qip.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Games\\Project Powder\\Run.exe"= "c:\\Program Files\\NCsoft\\Exteel (US)\\System\\Exteel.exe"= "c:\program files\SubaGames\ACEonline\Launcher.atm"= c:\program files\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2 "c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe"= c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2007-10-05 16269] R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [2005-08-08 6640] R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120] R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;c:\windows\system32\drivers\mrv8k51.sys [2007-10-05 256512] S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848] S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464] S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2009-02-22 50560] S3 gsplittm;gsplittm;\??\c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088] . Contents of the 'Scheduled Tasks' folder
2009-04-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 19:56]
2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-527237240-725345543-1003.job - c:\documents and settings\PC\Local Settings\Data aplikac [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage uInternet Settings,ProxyOverride = *.local IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v0ylcwao.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - localfilelinks FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk"); .
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 03:19:17 Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0___2\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:02,2a,d0,fd,70,ed,b8,37,39,49,a8,f3,9b,b3,e0,1e,36,b9,28,2f,c2,fa,39, 97,f0,4c,1a,47,99,63,b5,95,93,23,23,24,2b,da,03,18,7c,95,c0,84,d0,d9,bc,bf,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . --------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\TGTSoft\StyleXP\StyleXPService.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wdfmgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-04-11 3:22:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-11 01:22:53 ComboFix2.txt 2009-04-10 22:01:15
Pre-Run: 3 977 482 240 Post-Run: 3,884,072,960
265
Kód: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:25:20, on 11. 4. 2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
-- End of file - 7643 bytes
_________________ Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17 |
|
Registrovaný: 10.07.07 Prihlásený: 02.11.17 Príspevky: 1060 Témy: 0 Bydlisko: Bratislava |
Tato cast by mala byt uz Ok.
P.S. aky je stav?
_________________ Nebo je modre, voda je mokra... |
|
| Stránka: 1 z 1
| [ Príspevkov: 6 ] | |
| Nemôžete zakladať nové témy v tomto fóre Nemôžete odpovedať na témy v tomto fóre Nemôžete upravovať svoje príspevky v tomto fóre Nemôžete mazať svoje príspevky v tomto fóre
|
|