[ Príspevkov: 6 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 28.08.06
Prihlásený: 22.04.13
Príspevky: 569
Témy: 67 | 67
NapísalOffline : 10.04.2009 22:54 | Win32/Adware.PowerAntivirus.E

Zdravim.

Takze mam problem s nejakym druhom virusu s akym som sa doposial nestretol, nepomohol ani eset, ani hijack a dokonca ani Spybot: Search & Destroy

Stale mi ESETSS vypisuje: Win32/Adware.PowerAntivirus.E application cleaned by deleting - quarantined

Kód:
10. 4. 2009 22:43:10   HTTP filter   file   http://coqhecup.cn/kept.exe   a variant of Win32/Spy.Delf.NOK trojan   connection terminated - quarantined   PC_1\PC   Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
10. 4. 2009 22:42:37   Real-time file system protection   file   C:\WINDOWS\system32\drivers\securentm.sys   Win32/TrojanDownloader.Wigon.BS trojan   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a new file created by the application: C:\DOCUME~1\PC\LOCALS~1\Temp\BND3.tmp.
10. 4. 2009 22:42:37   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BND4.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:57:17   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN79C1.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:49:53   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7945.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:49:15   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7936.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:40:07   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7879.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:38:17   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7802.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:35:05   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN779A.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:23:54   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7765.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:20:06   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7762.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:18:24   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN775F.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:15:22   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN775C.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:13:06   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN771E.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:10:23   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN76C6.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:05:06   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7407.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 21:03:26   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7404.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 21:00:04   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN739F.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 20:58:29   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN739C.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:55:04   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7374.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 20:53:17   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7371.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:50:49   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN7339.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 20:48:26   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN5F1B.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 20:45:06   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BNC2E.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.
10. 4. 2009 20:43:32   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BNBF0.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:40:49   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BNCD18.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:37:04   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN9723.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:29:10   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN58F7.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:24:31   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN2413.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:13:28   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN8B1E.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\Documents and Settings\PC\PC.exe.
10. 4. 2009 20:09:32   Real-time file system protection   file   C:\DOCUME~1\PC\LOCALS~1\Temp\BN5929.tmp   Win32/Adware.PowerAntivirus.E application   cleaned by deleting - quarantined   NT AUTHORITY\SYSTEM   Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE.


dik za pomoc



////edit: prikladam log z hijacku aj ked si nemyslim ze to pomoze

Kód:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:06, on 10. 4. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\PC\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PC] C:\Documents and Settings\PC\PC.exe /i
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmbwlpw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8375 bytes


_________________
Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17
Offline

Skúsený užívateľ
Skúsený užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0 | 0
Bydlisko: Bratislava
NapísalOffline : 10.04.2009 23:36 | Win32/Adware.PowerAntivirus.E

asi treba ist na to postupne

Cez hijackthis zatial docasne fixni:
O4 - HKCU\..\Run: [PC] C:\Documents and Settings\PC\PC.exe /i

a stiahni si a posli aj vypis z
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

(pri teste vypni rezident. ochranu antiv.programu)

a posli ho sem..


_________________
Nebo je modre, voda je mokra...
Offline

Užívateľ
Užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 28.08.06
Prihlásený: 22.04.13
Príspevky: 569
Témy: 67 | 67
Napísal autor témyOffline : 11.04.2009 0:04 | Win32/Adware.PowerAntivirus.E

Kód:
ComboFix 09-04-04.01 - PC 2009-04-10 23:57:37.2 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1022.519 [GMT 2:00]
Running from: c:\documents and settings\PC\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\PC.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\digiwet.dll
c:\windows\Sysvxd.exe
c:\windows\wiaservb.log

.
(((((((((((((((((((((((((   Files Created from 2009-03-10 to 2009-04-10  )))))))))))))))))))))))))))))))
.

2009-04-10 23:18 . 2009-04-10 23:18   1,087,488   --a------   c:\documents and settings\PC\jnqtvycfiloruxbdgjmps.exe
2009-04-10 21:33 . 2009-04-10 21:33   1,087,488   --a------   c:\documents and settings\PC\mrtwadgjloruxadgjmoru.exe
2009-04-10 21:10 . 2009-04-10 21:13   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-04-10 19:56 . 2009-04-10 21:05   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-10 16:11 . 2009-04-10 16:25   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\REAPER
2009-04-05 18:32 . 2009-04-05 18:32   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\id Software
2009-04-05 18:30 . 2009-04-05 18:30   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\id Software
2009-04-04 13:29 . 2009-04-04 13:31   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\gtk-2.0
2009-04-04 13:28 . 2009-04-04 13:28   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\NetRadiantSettings
2009-04-03 20:44 . 2009-04-03 20:44   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\fretsonfire
2009-03-27 18:57 . 2009-03-27 18:57   <DIR>   d--------   c:\program files\gbg
2009-03-27 16:45 . 2009-03-27 16:45   <DIR>   d--------   c:\program files\LittleFighter2
2009-03-27 12:20 . 2004-05-10 01:14   118,272   --a------   c:\windows\system32\SX5363S.DLL
2009-03-27 12:20 . 2004-05-10 01:14   102,400   --a------   c:\windows\system32\RV32RTP.dll
2009-03-27 12:20 . 2004-05-10 01:15   40   --a------   c:\windows\system32\Sx5363.ini
2009-03-27 12:15 . 2009-03-27 12:15   <DIR>   d--------   c:\program files\SubaGames
2009-03-26 15:55 . 2003-07-20 20:17   5,174   --a------   c:\windows\system32\nppt9x.vxd
2009-03-26 15:55 . 2005-01-04 11:43   4,682   --a------   c:\windows\system32\npptNT2.sys
2009-03-26 15:49 . 2009-03-26 15:49   <DIR>   d--------   c:\program files\Common Files\INCA Shared
2009-03-26 14:40 . 2009-03-26 14:43   <DIR>   d--------   c:\program files\NCSoft
2009-03-26 14:38 . 2009-03-26 14:39   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\GetRightToGo
2009-03-23 23:06 . 2009-03-23 23:06   <DIR>   d--------   C:\Games
2009-03-23 23:06 . 2009-03-23 23:06   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\Toribash
2009-03-23 19:40 . 2009-03-23 19:40   <DIR>   d--------   c:\program files\alaplaya
2009-03-23 08:10 . 2009-03-23 19:41   96   --ah-----   c:\windows\system32\HsInfo.dat
2009-03-23 07:55 . 2009-03-23 07:55   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\InstallShield
2009-03-23 07:52 . 2009-03-23 07:52   <DIR>   d--------   c:\program files\Gravity
2009-03-23 07:52 . 2004-08-09 06:04   73,728   --a------   c:\windows\system32\ISUSPM.cpl
2009-03-22 18:38 . 2009-03-26 22:28   <DIR>   d--------   C:\Download
2009-03-22 17:08 . 2009-03-22 17:08   230,752   --a------   c:\windows\patchw32.dll
2009-03-22 16:50 . 2009-03-22 16:50   <DIR>   d--------   c:\program files\Outspark
2009-03-22 15:12 . 2009-03-22 15:12   2,192,640   --a------   c:\windows\system32\kernel1.exe
2009-03-22 15:11 . 2008-04-19 09:27   222   --ahs----   C:\BOOT.BKK
2009-03-22 14:35 . 2009-03-22 14:36   <DIR>   d--------   C:\snowboarding yeaah
2009-03-22 14:28 . 2009-03-22 14:28   <DIR>   d--------   c:\program files\TGTSoft
2009-03-15 00:31 . 2009-03-15 00:33   <DIR>   d--------   c:\program files\Sector69

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 21:52   ---------   d-----w   c:\documents and settings\PC\Data aplikací\DNA
2009-04-10 20:52   ---------   d-----w   c:\program files\DNA
2009-04-10 20:39   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-10 19:06   ---------   d---a-w   c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-10 17:56   ---------   d-----w   c:\program files\Google
2009-04-05 16:43   75,064   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-04-05 16:43   138,944   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 16:42   189,784   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-04-05 16:31   22,328   ----a-w   c:\documents and settings\PC\Data aplikací\PnkBstrK.sys
2009-04-05 16:30   2,246,144   ----a-w   c:\windows\system32\pbsvc.exe
2009-04-03 20:17   ---------   d-----w   c:\documents and settings\PC\Data aplikací\skypePM
2009-04-03 20:17   ---------   d-----w   c:\documents and settings\PC\Data aplikací\Skype
2009-03-27 10:15   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-26 20:29   ---------   d-----w   c:\documents and settings\PC\Data aplikací\uTorrent
2009-03-23 05:52   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-03-22 12:19   ---------   d-----w   c:\program files\UTDeluxe
2009-03-21 14:19   ---------   d-----w   c:\documents and settings\PC\Data aplikací\NoNameScript
2009-03-21 08:41   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-14 22:36   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-03-14 22:31   ---------   d-----w   c:\program files\WinPcap
2009-03-02 12:26   ---------   d-----w   c:\program files\UNIO_systems
2009-02-27 20:03   ---------   d-----w   c:\program files\sXe Injected
2009-02-27 14:53   ---------   d-----w   c:\program files\Common Files\Skype
2009-02-27 14:53   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\Skype
2009-02-27 14:53   ---------   d-----r   c:\program files\Skype
2009-02-20 18:45   ---------   d-----w   c:\program files\Doom 3
2009-02-15 18:29   ---------   d-----w   c:\documents and settings\PC\Data aplikací\ICQ
2008-09-02 09:46   24   ----a-w   c:\documents and settings\PC\jagex_runescape_preferences.dat
2008-02-20 18:56   11,528,667   ----a-w   c:\program files\VideoLAN.exe
2008-02-20 18:48   11,425,755   ----a-w   c:\program files\VideoLAN.rar
2006-05-03 09:06   163,328   --sh--r   c:\windows\system32\flvDX.dll
2007-02-21 10:47   31,232   --sh--r   c:\windows\system32\msfDX.dll
2008-08-07 15:36   81,487,904   --sha-w   c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

2008-11-29 13:59  359936  aac64d1393afce8ffb90a91c157dc0b9   c:\windows\system32\dllcache\TCPIP.SYS
2008-11-29 13:59  359936  aac64d1393afce8ffb90a91c157dc0b9   c:\windows\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2006-01-01 342848]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-28 144792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 1448448]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
QIP 2005.lnk - c:\program files\QIP\qip.exe [2008-07-01 3256320]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Fantastic Flame Agent.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Fantastic Flame Agent.lnk
backup=c:\windows\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 16:57 1271032 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-11-29 13:34 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-01-11 09:08 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Games\\Project Powder\\Run.exe"=
"c:\\Program Files\\NCsoft\\Exteel (US)\\System\\Exteel.exe"=
"c:\program files\SubaGames\ACEonline\Launcher.atm"= c:\program files\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2
"c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe"= c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2007-10-05 16269]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [2005-08-08 6640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;c:\windows\system32\drivers\mrv8k51.sys [2007-10-05 256512]
S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S2 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?]
S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2009-02-22 50560]
S3 gsplittm;gsplittm;\??\c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 19:56]

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-527237240-725345543-1003.job
- c:\documents and settings\PC\Local Settings\Data aplikac []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-snpstd - c:\windows\vsnpstd.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v0ylcwao.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 23:59:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0___2\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,2a,d0,fd,70,ed,b8,37,39,49,a8,f3,9b,b3,e0,1e,36,b9,28,2f,c2,fa,39,
   97,f0,4c,1a,47,99,63,b5,95,93,23,23,24,2b,da,03,18,7c,95,c0,84,d0,d9,bc,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-11  0:01:13
ComboFix-quarantined-files.txt  2009-04-10 22:00:45

Pre-Run: 4 007 264 256
Post-Run: 4,006,924,288

242


_________________
Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17
Offline

Skúsený užívateľ
Skúsený užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0 | 0
Bydlisko: Bratislava
NapísalOffline : 11.04.2009 0:31 | Win32/Adware.PowerAntivirus.E

Vypni vsetky rezidentne ochrany v pc.

Combofix umiestni na plochu

Na ploche vytvor cez notepad subor CFScript

do tohto .txt suboru vloz tento kod
Kód:
KILLALL::

File::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\i386si.sys
c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys
c:\windows\system32\XDva248.sys
c:\windows\system32\drivers\port135sik.sys

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll"

Rootkit::
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\fips32cup.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ws2_32sik.sys
c:\windows\system32\drivers\acpi32.sys
c:\windows\system32\drivers\i386si.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\XDva248.sys

Driver::
ati64si
amd64si
nicsk32
i386si
port135sik
ws2_32sik
acpi32
fips32cup
i386si
nicsk32
securentm
systemntmi
XDva248


Po ulozeni, subor CFScript premiestni mysou na ikonku combofixu..Zacne prebiehat (aj na obrazovke) spracovanie a po restarte posli opat aktualny vypis z hijackthis a combofix.


_________________
Nebo je modre, voda je mokra...
Offline

Užívateľ
Užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 28.08.06
Prihlásený: 22.04.13
Príspevky: 569
Témy: 67 | 67
Napísal autor témyOffline : 11.04.2009 3:25 | Win32/Adware.PowerAntivirus.E

Kód:
ComboFix 09-04-04.01 - PC 2009-04-11  3:15:28.3 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1022.503 [GMT 2:00]
Running from: c:\documents and settings\PC\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
 * Created a new restore point
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\i386si.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\XDva248.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA248
-------\Service_acpi32
-------\Service_amd64si
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik
-------\Service_XDva248


(((((((((((((((((((((((((   Files Created from 2009-03-11 to 2009-04-11  )))))))))))))))))))))))))))))))
.

2009-04-10 23:18 . 2009-04-10 23:18   1,087,488   --a------   c:\documents and settings\PC\jnqtvycfiloruxbdgjmps.exe
2009-04-10 21:33 . 2009-04-10 21:33   1,087,488   --a------   c:\documents and settings\PC\mrtwadgjloruxadgjmoru.exe
2009-04-10 21:10 . 2009-04-10 21:13   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-04-10 19:56 . 2009-04-10 21:05   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-10 16:11 . 2009-04-10 16:25   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\REAPER
2009-04-05 18:32 . 2009-04-05 18:32   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\id Software
2009-04-05 18:30 . 2009-04-05 18:30   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\id Software
2009-04-04 13:29 . 2009-04-04 13:31   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\gtk-2.0
2009-04-04 13:28 . 2009-04-04 13:28   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\NetRadiantSettings
2009-04-03 20:44 . 2009-04-03 20:44   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\fretsonfire
2009-03-27 18:57 . 2009-03-27 18:57   <DIR>   d--------   c:\program files\gbg
2009-03-27 16:45 . 2009-03-27 16:45   <DIR>   d--------   c:\program files\LittleFighter2
2009-03-27 12:20 . 2004-05-10 01:14   118,272   --a------   c:\windows\system32\SX5363S.DLL
2009-03-27 12:20 . 2004-05-10 01:14   102,400   --a------   c:\windows\system32\RV32RTP.dll
2009-03-27 12:20 . 2004-05-10 01:15   40   --a------   c:\windows\system32\Sx5363.ini
2009-03-27 12:15 . 2009-03-27 12:15   <DIR>   d--------   c:\program files\SubaGames
2009-03-26 15:55 . 2003-07-20 20:17   5,174   --a------   c:\windows\system32\nppt9x.vxd
2009-03-26 15:55 . 2005-01-04 11:43   4,682   --a------   c:\windows\system32\npptNT2.sys
2009-03-26 15:49 . 2009-03-26 15:49   <DIR>   d--------   c:\program files\Common Files\INCA Shared
2009-03-26 14:40 . 2009-03-26 14:43   <DIR>   d--------   c:\program files\NCSoft
2009-03-26 14:38 . 2009-03-26 14:39   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\GetRightToGo
2009-03-23 23:06 . 2009-03-23 23:06   <DIR>   d--------   C:\Games
2009-03-23 23:06 . 2009-03-23 23:06   <DIR>   d--------   c:\documents and settings\PC\Data aplikací\Toribash
2009-03-23 19:40 . 2009-03-23 19:40   <DIR>   d--------   c:\program files\alaplaya
2009-03-23 08:10 . 2009-03-23 19:41   96   --ah-----   c:\windows\system32\HsInfo.dat
2009-03-23 07:55 . 2009-03-23 07:55   <DIR>   d--------   c:\documents and settings\All Users\Data aplikací\InstallShield
2009-03-23 07:52 . 2009-03-23 07:52   <DIR>   d--------   c:\program files\Gravity
2009-03-23 07:52 . 2004-08-09 06:04   73,728   --a------   c:\windows\system32\ISUSPM.cpl
2009-03-22 18:38 . 2009-03-26 22:28   <DIR>   d--------   C:\Download
2009-03-22 17:08 . 2009-03-22 17:08   230,752   --a------   c:\windows\patchw32.dll
2009-03-22 16:50 . 2009-03-22 16:50   <DIR>   d--------   c:\program files\Outspark
2009-03-22 15:12 . 2009-03-22 15:12   2,192,640   --a------   c:\windows\system32\kernel1.exe
2009-03-22 15:11 . 2008-04-19 09:27   222   --ahs----   C:\BOOT.BKK
2009-03-22 14:35 . 2009-03-22 14:36   <DIR>   d--------   C:\snowboarding yeaah
2009-03-22 14:28 . 2009-03-22 14:28   <DIR>   d--------   c:\program files\TGTSoft
2009-03-15 00:31 . 2009-03-15 00:33   <DIR>   d--------   c:\program files\Sector69

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 01:19   ---------   d-----w   c:\program files\DNA
2009-04-11 01:19   ---------   d-----w   c:\documents and settings\PC\Data aplikací\DNA
2009-04-10 20:39   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-10 19:06   ---------   d---a-w   c:\documents and settings\All Users\Data aplikací\TEMP
2009-04-10 17:56   ---------   d-----w   c:\program files\Google
2009-04-05 16:43   138,944   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 16:31   22,328   ----a-w   c:\documents and settings\PC\Data aplikací\PnkBstrK.sys
2009-04-03 20:17   ---------   d-----w   c:\documents and settings\PC\Data aplikací\skypePM
2009-04-03 20:17   ---------   d-----w   c:\documents and settings\PC\Data aplikací\Skype
2009-03-27 10:15   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-26 20:29   ---------   d-----w   c:\documents and settings\PC\Data aplikací\uTorrent
2009-03-23 05:52   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-03-22 12:19   ---------   d-----w   c:\program files\UTDeluxe
2009-03-21 14:19   ---------   d-----w   c:\documents and settings\PC\Data aplikací\NoNameScript
2009-03-21 08:41   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-14 22:36   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-03-14 22:31   ---------   d-----w   c:\program files\WinPcap
2009-03-02 12:26   ---------   d-----w   c:\program files\UNIO_systems
2009-02-27 20:03   ---------   d-----w   c:\program files\sXe Injected
2009-02-27 14:53   ---------   d-----w   c:\program files\Common Files\Skype
2009-02-27 14:53   ---------   d-----w   c:\documents and settings\All Users\Data aplikací\Skype
2009-02-27 14:53   ---------   d-----r   c:\program files\Skype
2009-02-20 18:45   ---------   d-----w   c:\program files\Doom 3
2009-02-15 18:29   ---------   d-----w   c:\documents and settings\PC\Data aplikací\ICQ
2008-09-02 09:46   24   ----a-w   c:\documents and settings\PC\jagex_runescape_preferences.dat
2008-02-20 18:56   11,528,667   ----a-w   c:\program files\VideoLAN.exe
2008-02-20 18:48   11,425,755   ----a-w   c:\program files\VideoLAN.rar
2006-05-03 09:06   163,328   --sh--r   c:\windows\system32\flvDX.dll
2007-02-21 10:47   31,232   --sh--r   c:\windows\system32\msfDX.dll
2008-08-07 15:36   81,487,904   --sha-w   c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

2008-11-29 13:59  359936  aac64d1393afce8ffb90a91c157dc0b9   c:\windows\system32\dllcache\TCPIP.SYS
2008-11-29 13:59  359936  aac64d1393afce8ffb90a91c157dc0b9   c:\windows\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((   SnapShot@2009-04-10_23.59.55,04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28   163,328   ----a-w   c:\windows\erdnt\subs\ERDNT.EXE
+ 2009-04-11 01:18:59   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_3a4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2006-01-01 342848]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-28 144792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 1448448]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
QIP 2005.lnk - c:\program files\QIP\qip.exe [2008-07-01 3256320]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Fantastic Flame Agent.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Fantastic Flame Agent.lnk
backup=c:\windows\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 16:57 1271032 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-11-29 13:34 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-01-11 09:08 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Games\\Project Powder\\Run.exe"=
"c:\\Program Files\\NCsoft\\Exteel (US)\\System\\Exteel.exe"=
"c:\program files\SubaGames\ACEonline\Launcher.atm"= c:\program files\SubaGames\ACEonline\Launcher.atm:Enabled:GameExe2
"c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe"= c:\program files\SubaGames\ACEonline\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2007-10-05 16269]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [2005-08-08 6640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;c:\windows\system32\drivers\mrv8k51.sys [2007-10-05 256512]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [2008-06-10 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [2008-06-10 30464]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2009-02-22 50560]
S3 gsplittm;gsplittm;\??\c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\PC\LOCALS~1\Temp\gsplittm.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 19:56]

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-527237240-725345543-1003.job
- c:\documents and settings\PC\Local Settings\Data aplikac []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\v0ylcwao.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 03:19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0___2\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,2a,d0,fd,70,ed,b8,37,39,49,a8,f3,9b,b3,e0,1e,36,b9,28,2f,c2,fa,39,
   97,f0,4c,1a,47,99,63,b5,95,93,23,23,24,2b,da,03,18,7c,95,c0,84,d0,d9,bc,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-11  3:22:57 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-11 01:22:53
ComboFix2.txt  2009-04-10 22:01:15

Pre-Run: 3 977 482 240
Post-Run: 3,884,072,960

265


Kód:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:20, on 11. 4. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.0___2\bin\mysqld-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7643 bytes


_________________
Procesor: AMD Athlon A64 3500+ 64-bit Orleans BOX socket AM2; Zakladna doska: ASUS M2V-MX, VIA K8M890, DualChannel DDR2 800, VGA + PCIe x16, SATA II RAID, USB2.0, GLAN, mATX scAM2; Graficka karta: SAPPHIRE ATI Radeon X1650PRO, 512 MB DDR2, PCI Express x16, 2xDVI/ TV-out; Pevny disk: Hitachi (IBM) Deskstar 7K160, 160GB, SATA II NCQ, 8MB cache, 7200ot, HDS721616PLA380; Dinamicka pamet: 1+1GB DDR2 667MHz PC5400 A-DATA; Zdroj: GEMBIRD 350W CCC-PSU10-12, 120mm větrák, SATA + LGA; Monitor: Xerox CRT 17
Offline

Skúsený užívateľ
Skúsený užívateľ
Win32/Adware.PowerAntivirus.E

Registrovaný: 10.07.07
Prihlásený: 02.11.17
Príspevky: 1060
Témy: 0 | 0
Bydlisko: Bratislava
NapísalOffline : 13.04.2009 2:19 | Win32/Adware.PowerAntivirus.E

Tato cast by mala byt uz Ok.


P.S. aky je stav?


_________________
Nebo je modre, voda je mokra...
 [ Príspevkov: 6 ] 


Win32/Adware.PowerAntivirus.E




© 2005 - 2017 PCforum, edited by JanoF