menšie majetkové --

Magazine
Go Back   Počítačové Juice > Computer Software > Virus, spyware a bezpečnosť
Reload this Page

Iexplore.exe

Registrovať Site Spy Zoznam členov Darovanie Hľadať Dnešné príspevky Označiť témy ako prečítané Pravidlá fóra

Register


 Default 

Iexplore.exe




Reply
Strana 1 z 2 1 2
 
Thread Tools
  #1  
Old 15 január 2008, 11:50
Člen Skupina
  
Default Iexplore.exe

Čítal som, že je to zlé, nemám internet explorer otvoriť, ale je to stále beží v mojím úlohou manažéra (I dont think to má byť paličkovým písmom), je spomaľovanie počítača. Je to vírus? spyware atď?

Ako môžem odstrániť?
  #2  
Old 15 január 2008, 11:59
Moderátor skupiny
  
Default Iexplore.exe

Umožňuje prijať rýchlo pozrieť.
Stiahnite a premenujte HijackThis (Hjt)
  • Double-kliknite na HJTInstall.
  • Kliknite na Inštalácia tlačidlo.
  • Bude automaticky miesto v hjt C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Po inštalácii, HijackThis mala otvoriť pre vás.
    • Zavrieť HijackThis a premenovať ju.
    • Prejdite do priečinka C: \ Program Files \ Trend Micro \HijackThis.exe
    • Kliknite pravým tlačidlom myši na HijackThis.exe a vyberte Premenovať.
    • Zadajte sniper.exe a stlačte Vstup.
    • Právo-kliknite v sniper.exe a vyberte Odoslať > Desktop (vytvoriť zástupcu)
  • Na ploche otvorenej HiackThis.
  • Ak používate Windows Vista, pozrite sa na Spustiť ako správca
  • Kliknite na Do systému skenovania a uloženie súboru protokolu Tlačidlo
  • HijackThis bude skenovať a potom prihlásiť sa otvorí v programe Poznámkový blok.
  • Kopírovať a potom vložiť prihlásiť svoj príspevok.
    • Nepoužívajte majú Hijackthis opraviť ešte niečo. Väčšina toho, čo zistí, bude neškodné alebo dokonca požaduje.
I keď sme sa premenuje na HijackThis odstřelovač, budeme stále odvolávajú na to, ako HijackThis alebo hjt.
__________________
  #3  
Old 15 január 2008, 12:08
Člen Skupina
  
Default Iexplore.exe

Z nejakého dôvodu som cant pozri IEXPLORE.EXE tu, ale je to určite v tm

Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 7:02:55 hodín, na 1.15.2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny

Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Sprievodca pripojením, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (bez názvu) - (7E853D72-626a-48EC-A868-BA8D5E23E045) - (ne obrázok)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Úloha] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druhá bat tvorivý vrchol] C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Bittorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Network Service')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Predvolené užívateľ')
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: (bez názvu) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra tlačidlá: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & konca OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protokol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Neznámy vlastník - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Koniec súboru - 7104 bytes
  #4  
Old 15. januára 2008, 12:29
Moderátor skupiny
  
Default Iexplore.exe

Áno, máte zlé infekcií.

Krok 1

Stiahnite si NoLop.exe na ploche:
  • Zatvorte všetky programy máte spustený, pretože je potrebné reštartovať počítač
  • Dvojitým kliknutím NoLop.exe spúšťať
  • Ďalšie, kliknite na tlačidlo: Vyhľadávanie and Destroy
    <<your počítač teraz bude nájdenie infikovaných files>>
  • Pri prehľadávaní sa končí, je-li napaden, budete vyzvaní k reštartu
  • Kliknite na tlačidlo OK
  • Teraz kliknite na: REBOOT
  • Správa by mala popup z NoLop. Ak nie, dvakrát kliknite na program a opätovne ho dokončia.
  • Posta Obsah C: \ NoLop.log v ďalšom odpoveď.
Poznámka: Ak sa zobrazí chyba, "mscomctl.ocx alebo niektorý z jeho závislostí nie je správne zaregistrovaná," prosím, stiahnite mscomctl.ocx na váš system32 zložku znova spustite program.

---------------

Krok 2
Stiahnuť SuperAntiSpyware Free Edition (SAS)
  • Double-kliknite na ikonu na ploche na spustenie inštalačného programu.
  • Pri otázke, Aktualizovať Program definícií, kliknite na tlačidlo Áno
  • Ďalej kliknite na Preference tlačidlo.
  • Kliknite na Skenovanie kontrolu tab.
  • Pod Možnosti skenera uistite sa, že len táto sa kontrolujú:
    • Zavrieť prehliadacov pred skenovanie
    • Scan pre monitorovanie cookies
    • Ukončiť pamäte pred hrozbami v karanténe
    • Prosím, nechajte ostatné slepé.
    • Kliknite na tlačidlo Zatvoriť opustiť kontrolné centrum obrazovke.
  • Kliknite na Zavrieť Tlačidlo opustiť kontrolné centrum obrazovke.
  • Na hlavnej obrazovke kliknite Prehledávať počítač
  • Vľavo kontrola C: \ Pevný disk
  • Na pravej vybrať Vykoná Kompletné Scan
  • Kliknite Příští pre spustenie skenovania. Buďte trpezliví a zároveň ho prehľadáva počítač.
  • Po skenovanie je kompletný súhrn okno sa. Kliknite OK
  • Uistite sa, že všetko v bielom rámčeku má kontrolovať vedľa nej, potom kliknite na Příští
  • Bude karantény, čo našiel, a ak ho spýta, či chcete reštartovať, kliknite na tlačidlo Áno
  • Ak chcete získať informácie o odstránení získate urobiť nasledujúce:
    • Po reštarte double-click na SuperAntiSpyware ikony na ploche.
    • Kliknite Preference. Kliknite na Štatistiky / Záznamy tab.
    • Podľa Scanner Protokolovací double-click SuperAntiSpyware Scan Log.
    • Bude otvorený v predvolenom textovom editore (napríklad Poznámkový blok / WordPad).
    • Uložte notepad súbor na ploche kliknutím na tlačidlo (v notepadu) "Súbor""Save As"
  • Uložte si niekam prihlásiť, aby ste mohli ľahko nájsť. (normálně na ploche)
  • Kliknite na tlačidlo Zavrieť a zatvorte opäť ukončite program.
  • Prosím, skopírujte a vložte sa prihlásiť svoj príspevok.
----------

Krok 3

Spustiť novú Hijackthis scan a po prihlásení

----------

Ďalší príspevok prosím pridať.
Obsah C: \ NoLop.log
SuperAntiSpyware log
Nové Hijackthis log

To môže mať viac ako jedno miesto, aby si všetky protokoly vyslaný. To je v poriadku ak to bude potrebné.
__________________
  #5  
Old 15 január 2008, 13:41
Člen Skupina
  
Default Iexplore.exe

Nolop denník:

NoLop! Prihlásenie do Skate_Punk_21

Fix beží od: C: \ Program Files \ Mozilla Firefox
[1.15.2008]
[7:34:10 PM]

--- Infekcia Súbory Found/Removed---
C: \ WINDOWS \ úlohy \ ADB7C425918477B9.job

Začiatok Odstránenie ...
Restartu ...
Odstránenie prokreslit to pozostatok súborov a priečinkov ...
Úprava databázy Registry ...
** Fix Kompletné! **

--- Výpis AppData sub adresárov ---

C: \ Documents and Settings \ All Users \ Data aplikací \ Adobe
C: \ Documents and Settings \ All Users \ Data aplikací \ Apple
C: \ Documents and Settings \ All Users \ Data aplikací \ Apple Computer
C: \ Documents and Settings \ All Users \ Data aplikací \ AVG7
C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat
C: \ Documents and Settings \ All Users \ Data aplikací \ Grisoft
C: \ Documents and Settings \ All Users \ Data aplikací \ Messenger Plus! - Prázdne Directory
C: \ Documents and Settings \ All Users \ Data aplikací \ Microsoft
C: \ Documents and Settings \ All Users \ Data aplikací \ Microsoft Help
C: \ Documents and Settings \ All Users \ Data aplikací \ Nvidia - prázdne Directory
C: \ Documents and Settings \ All Users \ Data aplikací \ Sony
C: \ Documents and Settings \ All Users \ Data aplikací \ Temp - prázdne Directory
C: \ Documents and Settings \ All Users \ Data aplikací \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Data aplikací \ Wlinstaller
C: \ Documents and Settings \ Default Uživatel \ Data aplikací \ Microsoft
C: \ Documents and Settings \ LocalService \ Data aplikací \ AVG7 - prázdne Directory
C: \ Documents and Settings \ LocalService \ Data aplikací \ Microsoft
C: \ Documents and Settings \ LocalService \ Data aplikací \ komunita Xfire - prázdne Directory
C: \ Documents and Settings \ NetworkService \ Data aplikací \ Microsoft
C: \ Documents and Settings \ NetworkService \ Data aplikací \ komunita Xfire - prázdne Directory
C: \ Documents and Settings \ Richard \ Data aplikací \ Adobe
C: \ Documents and Settings \ Richard \ Data aplikací \ Apple Computer
C: \ Documents and Settings \ Richard \ Data aplikací \ AVG7
C: \ Documents and Settings \ Richard \ Data aplikací \ Bittorrent
C: \ Documents and Settings \ Richard \ Data aplikací \ DivX
C: \ Documents and Settings \ Richard \ Data aplikací \ Dňa
C: \ Documents and Settings \ Richard \ Data aplikací \ Dvdcss
C: \ Documents and Settings \ Richard \ Data aplikací \ Fotowire
C: \ Documents and Settings \ Richard \ Data aplikací \ gtk-2.0
C: \ Documents and Settings \ Richard \ Data aplikací \ Identities
C: \ Documents and Settings \ Richard \ Data aplikací \ InstallShield
C: \ Documents and Settings \ Richard \ Data aplikací \ Macromedia
C: \ Documents and Settings \ Richard \ Data aplikací \ Microsoft
C: \ Documents and Settings \ Richard \ Data aplikací \ Monkeyjam
C: \ Documents and Settings \ Richard \ Data aplikací \ Mozilla
C: \ Documents and Settings \ Richard \ Data aplikací \ Publikovať Providers - prázdne Directory
C: \ Documents and Settings \ Richard \ Data aplikací \ Real
C: \ Documents and Settings \ Richard \ Data aplikací \ Smartftp
C: \ Documents and Settings \ Richard \ Data aplikací \ Sony
C: \ Documents and Settings \ Richard \ Data aplikací \ Sony Setup
C: \ Documents and Settings \ Richard \ Data aplikací \ nedeľa
C: \ Documents and Settings \ Richard \ Data aplikací \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Data aplikací \ vlc
C: \ Documents and Settings \ Richard \ Data aplikací \ Waybowsreal
C: \ Documents and Settings \ Richard \ Data aplikací \ komunita Xfire


Super proti spyware denník:

SuperAntiSpyware Scan Prihlásenie
http://www.superantispyware.com

Generated 01.15.2008 v 08:32 hodín

Verzia aplikácie: 3.9.1008

Pravidlá databázy Core Version: 3380
Stopový Pravidlá databázy Version: 1374

Vyhľadávať typ: Kompletná Scan
Celkom Scan Time: 00:46:41

Memory položiek skenovaná: 385
Memory ohrozenia odhalené: 0
Položky databázy Registry skenovaná: 5574
Registre ohrozenia odhalené: 0
Súbor položiek skenovaná: 40825
Súbor zistených ohrozenia: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ richard @ kasava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ slouľící-sys [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ carphonewarehouse .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ uk [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ reklamy [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca čínsko [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ net-príjmy [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl IVE [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ a [1]. Txt

Adware.180solutions/ZangoSearch
C: \ System Volume Information \ _Restore (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Ahoj jack denník:

Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 8:38:58 hodín, na 1.15.2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny

Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Sprievodca pripojením, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (bez názvu) - (7E853D72-626a-48EC-A868-BA8D5E23E045) - (ne obrázok)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Úloha] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druhá bat tvorivý vrchol] C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Bittorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe
O4 - HKCU \ .. \ Run: [SuperAntiSpyware] C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Network Service')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Predvolené užívateľ')
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: (bez názvu) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra tlačidlá: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & konca OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protokol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Neznámy vlastník - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Koniec súboru - 7041 bytes


Dúfam, že to je dostatočná
  #6  
Old 15 január 2008, 13:57
Moderátor skupiny
  
Default Iexplore.exe

HijackThis a vyberte Otvoriť Do systému kontrolovať len potom umiestniť zatržítko vedľa:

O2 - BHO: (bez názvu) - (7E853D72-626a-48EC-A868-BA8D5E23E045) - (ne obrázok)


Zatvorte všetky okná okrem HijackThis a kliknite Fix kontrolované

Koniec Hijackthis.

----------

Stiahnite si prosím ComboFix subs by z jedného z nižšie uvedených odkazov.
(Skúste všetky tri v prípade potreby)DOLEŽITÉ - Combofix.exe MUSIA uložiť do svojho vaše Desktop.
  • Zavrieť všetky otvorené webové prehliadače. (Firefox, Internet Explorer, atď)
  • Zatvorenie / vypnutie proti všetkým vírusom a anti malware programy tak, že neruší ComboFix. <- DOLEŽITÉ
    • Kliknite na tento odkaz zobraziť zoznam programov, ktoré by mali byť zakázané. Ak je to váš neuvedeného a neviete, ako vypnúť to, opýtajte sa, prosím.
  • Dvojitým kliknutím combofix.exe & sledovať inštrukcie.
    • Z klávesnice vyberte 1 a stlačte Vstup
  • Po skončení sa vytvorí log pre vás.
  • Príspevok, ktorý prihlásiť ďalšie odpoveď.
Don't mouseclick ComboFix okná a zároveň je to beží.
Skenovanie bude dočasne vypnúť ploche.
Ak sa preruší, môže nechať počítač zmrazené.
Ak k tomu dôjde, prosím reštartujte obnoviť desktop.


----------

Nasledujúci príspevok
ComboFix log
__________________
  #7  
Old 15 január 2008, 14:06
Člen Skupina
  
Default Iexplore.exe

ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Spustenie z: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
* Vznik nového bodu obnovenia

POZOR-Tento stroj nemá konzoly na obnovenie namontovanom!
.

((((((((((((((((((((((((( Súbory vytvorené od 2007-12-15 do 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SuperAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2297552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22328 - a ------ C: \ Documents and Settings \ Richard \ Data aplikací \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Žiť
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper technológií
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP klient 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP klient
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Publikovať Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5504 - a ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniatur
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ bittorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Xing zdieľané
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ komunita Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ AVG7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 ---- aw C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ komunita Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008-01-11 19:06 66.872 ---- aw C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Informácie o inštalácii
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Územie
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Data aplikací \ komunita Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Data aplikací \ komunita Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Data aplikací \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 ---- aw C: \ WINDOWS \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 ---- aw C: \ WINDOWS \ system32 \ DivX.dll
2007-11-29 22:30 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-29 22:30 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 ---- aw C: \ WINDOWS \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 ---- aw C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 ---- aw C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 ---- aw C: \ WINDOWS \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 ---- aw C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 ---- aw C: \ WINDOWS \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"Bittorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe" [2008-01-15 16:32 443904]
"SuperAntiSpyware" = "C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Úloha" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Druhé tvorivý vrchol bat" = "C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon]
C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ DRIVERS \ CamDrL2 1.sys [2004-02-14 04:09]

* Novo vytvorené Service * - PROCEXP90
.
Obsah tejto 'Naplánované úlohy' priečinku
"2007-12-12 20:03:45 C: \ WINDOWS \ Úlohy \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesov ...

skenování skrytých položiek autostart ...

skenování skrytých súborov ...

scan úspešne dokončená
skryté súbory: 0

************************************************** ************************
.
Dokončenie čas: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---
  #8  
Old 15 január 2008, 14:58
Moderátor skupiny
  
Default Iexplore.exe

Odstrániť tieto súbory / adresáre, takto:

1. Prejsť na Začať > Plynúť > Typ Notepad.exe a kliknite OK otvorte Poznámkový blok.
To musieť potrebné Poznámkový blok, WordPad nie.
  • Kliknite Začať , Pak Plynúť
  • Napísať notepad.exe Beh v boxe.
2. Skopírujte tučne text dole zvýraznenie celý text a stlačením Ctrl + C


Súbor::
C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe

Registry::
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Druhý bat tvorivý vrchol" =-


3. Choď do okna Poznámkový blok a kliknite Upraviť > Vložiť
4. Potom kliknite na Súbor > Uložiť
5. Názov súboru CFScript.txt - Uložte súbor do počítača
6. Potom presunieme CFScript (držte ľavé tlačidlo myši a zároveň pretiahnutím súboru) a pusť ju (uvoľnite ľavé tlačidlo myši) do ComboFix.exe, ako vidíte na obrázku nižšie. Dôležité upozornenie: Vykoná pokyny pozorne!



ComboFix začne vykonávať, stačí sledovať pokyny.
Po reštarte (v prípade, že požiada o reštart systému), bude produkovať záznam pre vás.
Posta, že log (Combofix.txt) vo svojej budúcej odpoveď.

Poznámka: Don't mouseclick ComboFix okná, ak je v chode. To môže spôsobiť váš systém zmraziť

----------

Spustiť novú Hijackthis scan a po prihlásení.

----------

Nasledujúci príspevok
ComboFix log
Nové Hijackthis log
__________________
  #9  
Old 15 január 2008, 15:07
Člen Skupina
  
Default Iexplore.exe

ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Spustenie z: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
Command prepínačov používa:: C: \ Documents and Settings \ Richard \ Desktop \ CFScript.txt
* Vznik nového bodu obnovenia

POZOR-Tento stroj nemá konzoly na obnovenie namontovanom!

FILE
C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe
C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatné Vymazanie ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe
C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe

.
((((((((((((((((((((((((( Súbory vytvorené od 2007-12-15 do 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SuperAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2297552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22328 - a ------ C: \ Documents and Settings \ Richard \ Data aplikací \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Žiť
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper technológií
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP klient 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP klient
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Publikovať Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5504 - a ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniatur
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ bittorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Data aplikací \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Data aplikací \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Xing zdieľané
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ komunita Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ AVG7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ komunita Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Informácie o inštalácii
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Územie
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Data aplikací \ komunita Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Data aplikací \ komunita Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Data aplikací \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Data aplikací \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
+ 2008-01-15 22:03:02 225.280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
+ 2008-01-15 22:03:02 229.376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
+ 2008-01-15 22:03:02 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
- 2008-01-15 21:03:50 208.896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"Bittorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe" []
"SuperAntiSpyware" = "C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Úloha" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Druhé tvorivý vrchol bat" = "C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon]
C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ DRIVERS \ CamDrL2 1.sys [2004-02-14 04:09]

.
Obsah tejto 'Naplánované úlohy' priečinku
"2007-12-12 20:03:45 C: \ WINDOWS \ Úlohy \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesov ...

skenování skrytých položiek autostart ...

skenování skrytých súborov ...

scan úspešne dokončená
skryté súbory: 0

************************************************** ************************
.
Dokončenie čas: 2008-01-15 22:06:11 - stroj bol reštartuje
ComboFix-karantény-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile Trend Micro HijackThis v2.0.2
Scan uložené v 10:07:19 hod, na 1.15.2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Zavádzacia mód: Normálny

Bežiace procesy:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Sprievodca pripojením, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Inštalácia \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Úloha] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Druhá bat tvorivý vrchol] C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Bittorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe
O4 - HKCU \ .. \ Run: [SuperAntiSpyware] C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Network Service')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'systém')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Predvolené užívateľ')
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: (bez názvu) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra tlačidlá: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & konca OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protokol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Neznámy vlastník - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Koniec súboru - 6716 bytes
  #10  
Old 15 január 2008, 15:29
Moderátor skupiny
  
Default Iexplore.exe

Prejsť na Tento počítač-> Nástroje-> Možnosti zložky-> Zobraziť kartu:
  • Podľa skrytých súborov a priečinkov položky:
  • Vybrať Zobrazovať skryté súbory a priečinky.
  • Odznačte Skryť chránené súbory operačného systému (odporúčané) možnosť.
  • Tiež sa presvedčte, či nie je začiarknutie vedľa Skryť prípony známych typov súborov.
  • Kliknite OK

----------

Stlačte Ctrl + Alt + Delete, aby do procesu Monitor. Kliknite na kartu Procesy a zabíjať procesy

lite.exe <<Alebo mŕtve Lite.exe
noun.exe <<Or Nurb viac noun.exe

----------

HijackThis a vyberte Otvoriť Do systému kontrolovať len potom umiestniť zatržítko vedľa: (ak nájdených)

O4 - HKLM \ .. \ Run: [Druhá bat tvorivý vrchol] C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \ mŕtvych lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \ Nurb viac noun.exe

Zatvorte všetky okná okrem HijackThis a kliknite Fix kontrolované

Koniec Hijackthis.

----------

Otvorte priečinok Tento počítač na pracovnej ploche a locathe a odstrániť tieto Súbory. (je-li nájdených)

C: \ Documents and Settings \ All Users \ Data aplikací \ Os Readme druhej Bat \mŕtvy lite.exe

C: \ Docu ~ 1 \ Richard \ vzťahujú ~ 1 \ WAYBOW ~ 1 \Nurb viac noun.exe

----------

Prosím, spustite F-Secure Online Scanner

Poznámka: To Scanner funguje len v aplikácii Internet Explorer!
  • Prejdite na koniec stránky a kliknite na tlačidlo Štart skenovanie. A okno.
  • Povoliť Active X kontroly musí byť nainštalovaná na vašom počítači, kliknite na tlačidlo Prijať
  • Kliknite Úplné systému Scan komponent a umožní sťahovať a testovať dokončiť.
  • Ak sa zistí, malware, pozrite sa Predloží vzorky k F-Secure Potom vyberte Automatické čistenie
  • Pri čistení sa finitished, kliknite na tlačidlo Zobraziť správu (to bude otvorené okno programu Internet Explorer obsahuje správa)
  • Zvýraznite a skopírujte (CTRL + C) kompletnú správu, a Vložiť (CTRL + V) do novej odpovede na tento príspevok
    • Ak sa automatické čistenie Odoslať vzorky zasekne, kliknite Zrušiť, Pak Nové Scan
  • Pri čistení možnosť je prezentován, Odznačte Predloží vzorky k F-Secure
  • Kliknite Automatické čistenie
  • Pri čistení sa finitished, kliknite Zobraziť správu (to sa otvorí okno programu Internet Explorer obsahuje správa)
  • Zvýraznite a skopírujte (CTRL + C) kompletnú správu, a Vložiť (CTRL + V) do novej odpovede na tento príspevok
  • Toto skenovanie môže trvať pomerne dlhú dobu, takže buďte trpezliví

----------

Ďalší príspevok pridať
F-Secure log
Nové Hijackthis log
__________________
Reply
Strana 1 z 2 1 2

Register

Záložky

Podobné témy
Nitka Thread Odľahčenú Fórum Odpovede Posledný príspevok
Iexplore.exe electra369 Virus, spyware a bezpečnosť 1 12. januára 2009 00:16
Iexplore vírus a víc? rreiss Virus, spyware a bezpečnosť 1 19. októbra 2008 18:46
Iexplore.exe # 3 jman8700 Virus, spyware a bezpečnosť 8 29. máj 2008 10:39
Iexplore.exe # 2 opetke Virus, spyware a bezpečnosť 3 3. februára 2008 16:18
Ďalším iexplore>. < zmysel Virus, spyware a bezpečnosť 20 18. január 2008 08:15
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Počítačová Juice.
Kontakt -- Súkromie -- Sitemap -- Vrch

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc