|
| |||||||
| Registrovať | Site Spy | Zoznam členov | Darovanie | Hľadať | Dnešné príspevky | Označiť témy ako prečítané | Pravidlá fóra |
 |
 |
| | Thread Tools |
|
#1
31 októbra 2008, 03:00
| |||
| |||
| Mami stiahnuty niečo Nazdar, No, moja maminka niečo stiahli a firewall prišiel s nejakým správy. Nějak to tu inštalovaná pred povedala mi. Takže, sken sú teraz beží, by mohlo trvať určitý čas, pretože je to pomalý počítač. Neviem, čo to hovorí keď je to všetko podivné symboly a nečitateľné. Máš HijackThis log keď aspoň jedna vec netrvá dlho ... Logfile Trend Micro HijackThis v2.0.2 Scan uložené v 8:53:31 hodín, na 31/10/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Zavádzacia mód: Normálny Bežiace procesy: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ SYSTEM32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ Program Files \ DAP \ DAP.EXE C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Avast4 \ ashSimpl.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe C: \ Program Files \ Avast4 \ setup \ avast.setup R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer poskytol správca Kevin R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Nastavenia, ProxyOverride = local R3 - URLSearchHook: (bez názvu) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (ne obrázok) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download a Record Plugin pre Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (bez názvu) - (7E853D72-626a-48EC-A868-BA8D5E23E045) - (ne obrázok) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-oneskoriť O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / nemé O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'miestnych') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Network Service') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'systém') O4 - HKUS \. DEFAULT \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Predvolené užívateľ') O4 - spustenie: SHS ¶ ¯ ÉËÙÍÁ ¶ ą. Lnk =? O8 - Extra kontextového menu položku: & Čistý Traces - C: \ Program Files \ DAP \ Súkromie balík \ dapcleanerie.htm O8 - Extra kontextového menu položku: & Stiahnuť pomocou & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Extra kontextového menu položku: Download & all s DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra tlačidlá: (bez názvu) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra tlačidlá: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra tlačidlá: (bez názvu) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Konfigurácia - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra tlačidlá: (bez názvu) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostické \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostické \ xpnetdiag.exe O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage validáciu Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CAA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 kontrolu Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Neznámy vlastník - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON tiskárna Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- Koniec súboru - 7692 bytes _______________________________________________ Akákoľvek pomoc je oceňovaná. BTW. Nemôžem nájsť ikonu, ktorá vyzerá ako 'Odinštalovať' ku mne, tak odinstalací nebude možnosť ...
__________________ HI:) |
|
#2
31 októbra 2008, 15:21
| |||
| |||
| Mami stiahnuty niečo Dobre. Nechal som sa testuje bežať cez noc, ale SuperAntiSpyware držané na zápasí s problémami a skončilo ... Mám MalwareBytes prihlásiť tu: Malwarebytes' Anti-Malware 1.30 Verzia databázy: 1343 Windows 5.1.2600 Service Pack 3 1/11/2008 9:19:03 AM mbam-log-2008-11-01 (09-19-03). txt Vyhľadávať typ: Úplné Scan (C: \ | D: \ | E: \ |) Objekty skenovanej: 190626 Čas letu: 3 hodiny (s), 56 minút (y) 28 sekúnd (y) Pamäťové procesy Infikovaná: 0 Infikované pamäťové moduly: 0 Infikované kľúče databázy Registry: 0 Infikované hodnoty databázy Registry: 0 Infikované položky dat registru: 0 Infikované zložky: 0 Infikované súbory: 2 Infikované pamäťové procesy: (Žiadne položky zistený škodlivý) Infikované pamäťové moduly: (Žiadne položky zistený škodlivý) Infikované kľúče databázy Registry: (Žiadne položky zistený škodlivý) Infikované hodnoty databázy Registry: (Žiadne položky zistený škodlivý) Infikované položky údajov databázy Registry: (Žiadne položky zistený škodlivý) Infikované zložky: (Žiadne položky zistený škodlivý) Infikované súbory: C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> karanténe a úspešne vymazaná. C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> karanténe a úspešne vymazaná.
__________________ HI:) |
|
#3
31 októbra 2008, 15:24
| ||||||||||||
| ||||||||||||
| Mami stiahnuty niečo Nazdar
__________________
Pokračovať sa testuje bežíte, potom postupujte podľa týchto pokynov. Stiahnuť ComboFix z jednej z týchto lokalít: Link 1 Link 2 Link 3 * Dôležité! Uložiť ComboFix.exe na váš Desktop
 Keď Microsoft Windows konzolu pre zotavenie je nainštalovaný pomocou ComboFix, uvidíte nasledujúcu správu:  Kliknite na ÁnoI naďalej pre skenovanie malware. Po skončení ComboFix sa vytvorí log pre vás. Uveďte prosím C: \ ComboFix.txt V ďalšej odpovede, alog s ostatnými logami. Môj systém: Je to moje ...
|
|
#4
31 októbra 2008, 15:52
| |||
| |||
| Mami stiahnuty niečo Z nejakého dôvodu, ComboFix uzavretá SuperAntiSpyware keď bol skenovanie, takže je teraz reštartuje. A avast! nezačína na predvolený už ... I otvorený program, ale je to stále ešte nie je v systémovej lište vec ... A program, že moja mama je stiahnutý súbor spustiť pri štarte ... Prihlásiť tu: ComboFix 08-10-30.13 - VIP 2008-11-01 9:36:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [GMT 11:00] Spustenie z: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe * Vznik nového bodu obnovenia . ((((((((((((((((((((((((((((((((((((((( Ostatné Vymazanie ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Warcraft III \ _desktop.ini C: \ WINDOWS \ system32 \ _005058_.tmp.dll C: \ WINDOWS \ system32 \ _005059_.tmp.dll C: \ WINDOWS \ system32 \ _005060_.tmp.dll C: \ WINDOWS \ system32 \ _005061_.tmp.dll C: \ WINDOWS \ system32 \ _005068_.tmp.dll C: \ WINDOWS \ system32 \ _005070_.tmp.dll C: \ WINDOWS \ system32 \ _005071_.tmp.dll C: \ WINDOWS \ system32 \ _005072_.tmp.dll C: \ WINDOWS \ system32 \ _005073_.tmp.dll C: \ WINDOWS \ system32 \ _005074_.tmp.dll C: \ WINDOWS \ system32 \ _005075_.tmp.dll C: \ WINDOWS \ system32 \ _005076_.tmp.dll C: \ WINDOWS \ system32 \ _005077_.tmp.dll C: \ WINDOWS \ system32 \ _005078_.tmp.dll C: \ WINDOWS \ system32 \ _005079_.tmp.dll C: \ WINDOWS \ system32 \ _005080_.tmp.dll C: \ WINDOWS \ system32 \ _005081_.tmp.dll C: \ WINDOWS \ system32 \ _005082_.tmp.dll C: \ WINDOWS \ system32 \ _005084_.tmp.dll C: \ WINDOWS \ system32 \ _005087_.tmp.dll C: \ WINDOWS \ system32 \ _005088_.tmp.dll C: \ WINDOWS \ system32 \ _005092_.tmp.dll C: \ WINDOWS \ system32 \ _005093_.tmp.dll C: \ WINDOWS \ system32 \ _005094_.tmp.dll C: \ WINDOWS \ system32 \ _005095_.tmp.dll C: \ WINDOWS \ system32 \ _005096_.tmp.dll C: \ WINDOWS \ system32 \ _005097_.tmp.dll C: \ WINDOWS \ system32 \ _005098_.tmp.dll C: \ WINDOWS \ system32 \ _005099_.tmp.dll C: \ WINDOWS \ system32 \ _005100_.tmp.dll C: \ WINDOWS \ system32 \ _005102_.tmp.dll C: \ WINDOWS \ system32 \ _005103_.tmp.dll C: \ WINDOWS \ system32 \ _005104_.tmp.dll C: \ WINDOWS \ system32 \ _005106_.tmp.dll C: \ WINDOWS \ system32 \ _005107_.tmp.dll C: \ WINDOWS \ system32 \ _005108_.tmp.dll C: \ WINDOWS \ system32 \ _005109_.tmp.dll C: \ WINDOWS \ system32 \ _005110_.tmp.dll C: \ WINDOWS \ system32 \ _005111_.tmp.dll C: \ WINDOWS \ system32 \ _005112_.tmp.dll C: \ WINDOWS \ system32 \ _005115_.tmp.dll C: \ WINDOWS \ system32 \ _005116_.tmp.dll C: \ WINDOWS \ system32 \ _005117_.tmp.dll C: \ WINDOWS \ system32 \ _005118_.tmp.dll C: \ WINDOWS \ system32 \ _005119_.tmp.dll C: \ WINDOWS \ system32 \ _005121_.tmp.dll C: \ WINDOWS \ system32 \ _005122_.tmp.dll C: \ WINDOWS \ system32 \ _005123_.tmp.dll C: \ WINDOWS \ system32 \ _005125_.tmp.dll C: \ WINDOWS \ system32 \ _005128_.tmp.dll C: \ WINDOWS \ system32 \ _005129_.tmp.dll C: \ WINDOWS \ system32 \ _005133_.tmp.dll C: \ WINDOWS \ system32 \ _005134_.tmp.dll C: \ WINDOWS \ system32 \ _005136_.tmp.dll C: \ WINDOWS \ system32 \ _005137_.tmp.dll C: \ WINDOWS \ system32 \ _005139_.tmp.dll C: \ WINDOWS \ system32 \ _005141_.tmp.dll C: \ WINDOWS \ system32 \ _005142_.tmp.dll C: \ WINDOWS \ system32 \ _005143_.tmp.dll C: \ WINDOWS \ system32 \ _005144_.tmp.dll C: \ WINDOWS \ system32 \ _005147_.tmp.dll C: \ WINDOWS \ system32 \ _005148_.tmp.dll C: \ WINDOWS \ system32 \ _005149_.tmp.dll C: \ WINDOWS \ system32 \ _005150_.tmp.dll C: \ WINDOWS \ system32 \ _005151_.tmp.dll C: \ WINDOWS \ system32 \ _005156_.tmp.dll C: \ WINDOWS \ system32 \ _005158_.tmp.dll C: \ WINDOWS \ system32 \ Cache C: \ WINDOWS \ system32 \ Cfx32.lic C: \ WINDOWS \ system32 \ cfx32.ocx . ((((((((((((((((((((((((((((((((((((((( Ovládače / Služby )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_NPF ((((((((((((((((((((((((( Súbory vytvorené od 2008-09-28 do 2008-10-31 ))))))))))) )))))))))))))))))))) . 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Data aplikací \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Data aplikací \ Malwarebytes 2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudo 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe 2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4 . (((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Spybot - Search & Destroy 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SuperAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Data aplikací \ Ahead 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \ ' "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudo \ ú ÓëTudou \ TudouVa.exe [2008-07-06 3248128] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curry ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curry ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SuperAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon spustení [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Spustenie [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spustení ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Spustenie [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ bittorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ bittorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ PowerReg Plánovač V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg Plánovač V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Registrácia je Tom Clancy Rainbow Six] backup = C: \ WINDOWS \ PSS \ Registrácia je Tom Clancy Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ bittorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Boss Kľúč HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SWG HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Adobe Foto Downloader] - A ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - A ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ DAEMON Tools] - A ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ LanguageShortcut] - A ------ 2006-04-13 12:09 49152 C: \ Program Files \ Cyberlink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ QuickTime úloh] - A ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ RemoteControl] - A ------ 2005-12-07 23:57 30208 C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Parné] - A ------ 2008-03-29 09:39 1271032 C: \ Ventile \ Parné \ Steam.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - A ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - A ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ WinampAgent] - A ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent] - A ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ text bthprops.cpl [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ C-Media Mixer] - A ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "PML Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Kontrola] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% Windir% \ \ system32 \ \ Sessmgr.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ Msmsgs.exe" = "<No Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% Windir% \ \ Network Diagnostické \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = "C: \ \ Program Files \ \ Tudo \ \ ÉËÙTudou \ \ TudouVa.exe" = [HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Zdravotne postihnutí: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Zdravotne postihnutí: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Zdravotne postihnutí: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Zdravotne postihnutí: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Zdravotne postihnutí: BitComet 6555 UDP R1 aswSP; avast! Vlastnej ochrany, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Zásobník Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Kompozitní ovládač, C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys [] . Obsah tejto 'Naplánované úlohy' priečinku 2008-10-01 C: \ WINDOWS \ Úlohy \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008-10-27 C: \ WINDOWS \ Úlohy \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007-05-14 C: \ WINDOWS \ Úlohy \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008-10-25 C: \ WINDOWS \ Úlohy \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . - - - - SIROTY ZNEŠKODNENIU - - - -- URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (ne obrázok) ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (ne obrázok) ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (ne obrázok) MSConfigStartUp-COMODO Firewall Pro - C: \ Program Files \ COMODO \ Firewall \ cfp.exe MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe MSConfigStartUp-TkBellExe K - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe . ------- Doplnkový Scan ------- . FireFox -: Profil - C: \ Documents and Settings \ Vip \ Data aplikací \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com / . . ------- Asociácie súborov ------- . txtfile = C: \ WINDOWS \ notepad.exe 1% . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 09:42:02 Windows 5.1.2600 Service Pack 3 NTFS skenování skrytých procesov ... skenování skrytých položiek autostart ... skenování skrytých súborov ... scan úspešne dokončená skryté súbory: 0 ************************************************** ************************ . ------------------------ Iné spustených procesov ----------------------- -- . C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ imapi.exe . ************************************************** ************************ . Dokončenie čas: 2008-11-01 9:47:03 - stroj bol reštartuje ComboFix-karantény-files.txt 2008-10-31 22:46:53 Pre-Spustiť: 17476198400 bytes zdarma Post-Spustiť: 17429176320 bytes zdarma WindowsXP-KB310994-SP2-Pro-BOOTDISK-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ OKNO S [operating systems] C: \ cmdcons \ bootsect.dat = "Microsoft Windows konzolu na zotavenie" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect 335 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________________________________ EDIT: Bol som Kliknutím okolo a našiel som ikony, ktoré vyzeralo ako odinštalovať. Som klikol a začalo odinstalování (alebo aspoň dúfam, že to bolo), pretože to bolo v podivné symboly.
__________________ HI:) |
|
#5
31 októbra 2008, 18:39
| |||
| |||
| Mami stiahnuty niečo SuperAntiSpyware prihlásiť. Musel som urobiť rýchly scan, pretože by sa vždy prísť s chybou, keď som plný scan. SuperAntiSpyware Scan Prihlásenie http://www.superantispyware.com Generated 11.01.2008 v 11:45 Verzia aplikácie: 4.21.1004 Pravidlá databázy Core Version: 3618 Stopový Pravidlá databázy Version: 1603 Vyhľadávať typ: Quick Scan Celkom Scan Time: 00:35:28 Memory položiek testovány: 490 Memory ohrozenia odhalené: 0 Položky databázy Registry skenovaná: 436 Registre ohrozenia odhalené: 0 Súbor položiek skenovaná: 33788 Súbor zistených ohrozenia: 2 Trojan.Vundo-Variant / F C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL
__________________ HI:) |
|
#6
1 novembra 2008, 10:16
| |||
| |||
| Mami stiahnuty niečo Ahoj znova Neklikajte na nič, alebo spustiť ľubovoľný viac skenů ak som poradí vám tak. Je prostě robí veci mätúci pre mňa - som videl záznam v jednom denníku, ale je to preč od nasledujúci a tak ďalej - vďaka. Mám podozrenie, to je práve ten problém C: \ Program Files \ Tudo ak vaša mama je ventilátor z čínskej verzie YouTube.  Chcem sa pozrieť na tie dva súbory nájsť SAS. Nájdete na: VirusTotal
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL ComboFix
Kód: Folder:: C: \ Program Files \ Tudo  Uložiť ako CFScript.txt, V tom istom mieste ako ComboFix.exe  S odvolaním na obrázku vyššie, pretiahnite CFScript na ComboFix.exe. Po skončení sa vytvorí log pre vás "C: \ ComboFix.txt" Don't mouseclick ComboFix okná a zároveň je to beží. To môže spôsobiť, že na stánku. POZOR! Ktokoľvek iný myslenia pomocou vyššie uvedeného skriptu robí tak na vlastné riziko - môžete skončiť s znovu-inštaláciu systému Windows! Prosím po prihlásení C: \ ComboFix.txt , O VirusTotal výsledky a čerstvý HijackThis Prihlásenie na opätovné preskúmanie. |
|
#7
1 novembra 2008, 16:53
| |||
| |||
| Mami stiahnuty niečo Ovšem moje maminka hodinky niektoré chinese video ... Nemohol som nájsť súbory pri prehliadaní v VirusTotal. Dokonca som išiel s nimi v průzkumníkovi, a nemohol nájsť oboch z nich. Mám záznamy: ComboFix: ComboFix 08-11-01.01 - VIP 2008-11-02 10:36:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [GMT 11:00] Spustenie z: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe Command prepínačov používa:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt * Vznik nového bodu obnovenia . ((((((((((((((((((((((((((((((((((((((( Ostatné Vymazanie ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Tudo . ((((((((((((((((((((((((( Súbory vytvorené od 2008-10-01 do 2008-11-01 ))))))))))) )))))))))))))))))))) . 2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Data aplikací \ Uniblue 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Data aplikací \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Data aplikací \ Malwarebytes 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Data aplikací \ Spybot - Search & Destroy 2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Data aplikací \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SuperAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Data aplikací \ Ahead 2008-09-15 12:12 1.846.400 ---- aw C: \ WINDOWS \ system32 \ Win32k.sys 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-28 07:46 74.752 ---- aw C: \ WINDOWS \ system32 \ msw3prt.dll 2008-08-28 07:46 104.960 ---- aw C: \ WINDOWS \ system32 \ win32spl.dll 2008-08-26 07:24 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll 2008-08-14 10:11 2.189.184 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe 2008-08-14 09:33 2.066.048 ---- aw C: \ WINDOWS \ system32 \ ntkrnlpa.exe 2008-07-29 12:05 32768 - SHA-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ histórie \ History.IE5 \ MSHist012008072920080 730 \ Index.dat . ((((((((((((((((((((((((((((( Snímok @ 2008-11-01_ 9.46.14.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-10-31 22:41:26 16.384 ---- ATW C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat + 2008-11-01 23:26:02 16.384 ---- ATW C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat . ((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] "avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curry ntversion \ policies \ system] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curry ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SuperAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon spustení [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Spustenie [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Ponuka Štart ^ Programy ^ Po spustení ^ WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Spustenie [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ bittorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ bittorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ LimeWire Na Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Na Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ PowerReg Plánovač V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg Plánovač V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spustení ^ Registrácia je Tom Clancy Rainbow Six] backup = C: \ WINDOWS \ PSS \ Registrácia je Tom Clancy Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Ponuka Štart ^ Programy ^ Po spuštění ^ WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ bittorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Boss Kľúč HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SWG HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Adobe Foto Downloader] - A ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - A ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ DAEMON Tools] - A ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ LanguageShortcut] - A ------ 2006-04-13 12:09 49152 C: \ Program Files \ Cyberlink \ PowerDVD \ Language \ Language.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ QuickTime úloh] - A ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ RemoteControl] - A ------ 2005-12-07 23:57 30208 C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Parné] - A ------ 2008-03-29 09:39 1271032 C: \ Ventile \ Parné \ Steam.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - A ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - A ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ WinampAgent] - A ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent] - A ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ text bthprops.cpl [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ startupreg \ C-Media Mixer] - A ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ zdieľané tools \ msconfig \ services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "MDM" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "PML Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Kontrola] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% Windir% \ \ system32 \ \ Sessmgr.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ Msmsgs.exe" = "<No Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% Windir% \ \ Network Diagnostické \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = [HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Zdravotne postihnutí: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Zdravotne postihnutí: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Zdravotne postihnutí: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Zdravotne postihnutí: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Zdravotne postihnutí: BitComet 6555 UDP R1 aswSP; avast! Vlastnej ochrany, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Zásobník Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Kompozitní ovládač, C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys [] . Obsah tejto 'Naplánované úlohy' priečinku 2008-10-01 C: \ WINDOWS \ Úlohy \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008-10-27 C: \ WINDOWS \ Úlohy \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007-05-14 C: \ WINDOWS \ Úlohy \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008-10-25 C: \ WINDOWS \ Úlohy \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 10:39:31 Windows 5.1.2600 Service Pack 3 NTFS skenování skrytých procesov ... skenování skrytých položiek autostart ... skenování skrytých súborov ... scan úspešne dokončená skryté súbory: 0 ************************************************** ************************ . Dokončenie čas: 2008-11-02 10:41:44 ComboFix-karantény-files.txt 2008-11-01 23:41:32 ComboFix2.txt 2008-10-31 22:47:05 Pre-Spustiť: 17222828032 bytes zdarma Post-Spustiť: 17200967680 bytes zdarma 233 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________ HijackThis: Logfile Trend Micro HijackThis v2.0.2 Scan uložené v 10:50:19 dňa 2.11.2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Zavádzacia mód: Normálny Bežiace procesy: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Nastavenia, ProxyOverride = local O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download a Record Plugin pre Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (bez názvu) - (7E853D72-626a-48EC-A868-BA8D5E23E045) - (ne obrázok) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-oneskoriť O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'miestnych') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Network Service') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'systém') O4 - HKUS \. DEFAULT \ .. \ Run: [Cttfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Predvolené užívateľ') O8 - Extra kontextového menu položku: & Čistý Traces - C: \ Program Files \ DAP \ Súkromie balík \ dapcleanerie.htm O8 - Extra kontextového menu položku: & Stiahnuť pomocou & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Extra kontextového menu položku: Download & all s DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra tlačidlá: (bez názvu) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra tlačidlá: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra tlačidlá: (bez názvu) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Konfigurácia - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra tlačidlá: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ Msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage validáciu Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CAA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 kontrolu Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Neznámy vlastník - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON tiskárna Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- Koniec súboru - 6734 bytes
__________________ HI:) |
|
#8
2 novembra 2008, 05:29
| |||
| |||
| Mami stiahnuty niečo Nazdar Tieto dva súbory nebol nájdený ComboFix, tak som sa naozaj očakávať, že sa tam. Ako je systém spustený teraz? Poďme spustiť online scan. Vykonať online scan s Panda ActiveScan
|
|
#9
3 novembra 2008, 03:07
| |||
| |||
| Mami stiahnuty niečo Citácia:
__________________ HI:) |
|
#10
5 novembra 2008, 07:45
| |||
| |||
| Mami stiahnuty niečo Ahoj znova Omlouvám se za to dostať späť k vám skôr - v reálnom živote, je pomerne rušné okamihom. Ako je systém spustený teraz? Jedinou položkou je PowerRegScheduler - môžete odstrániť, ak budete chcieť. |
|
| |
| Záložky |
Podobné témy | ||||
| Nitka | Thread Odľahčenú | Fórum | Odpovede | Posledný príspevok |
| Stiahnuté pdf súbory sú undeletable | dhonwenz | Všeobecné Software Chat | 0 | 2. júna 2009 17:23 |
| 49 Most staľení Wordpress Témy všetkých dôb! | KanoakaVirus | Web Design, hosting & SEO | 1 | 1. marec 2009 12:04 |
| Hlúpy syn prevzali škodlivých programov, môže niekto prosím pomôcť? | john101 | Virus, spyware a bezpečnosť | 28 | 29. október 2008 18:55 |
| Stiahnuté DVD, ktoré nie sú v štandardnom formáte, ktoré nie sú istí, ktoré program | gladrock | Multimedia & Kodeky | 1 | 2. januára 2008 11:52 |
| Čo najlepšie albumu ste si koupil / nedávno prevzali? | Hybr! D | Vypnúť Téma diskusie | 13 | 29. októbra 2007 18:07 |
| Thread Tools | |
| |
