HijackThis utilita + LOGY k posouzeni

Problematika virů a antivirů, zabezpečení PC - firewall, spyware, atd.
Odpovědět
paul27
Začátečník
Začátečník
Registrován: 07. zář 2007
Bydliště: Praha
Kontaktovat uživatele:
Kontaktovat uživatele paul27

Příspěvek od paul27 »

Zkuste tento ComboFix: http://download.bleepingcomputer.com/sU ... mboFix.exe

uložte a spouštějte ho rovnou z plochy. Složky a .txt soubory po předchozím CF smažte. Jinak pro dnešek končím, zítra sem zase přijdu. Zatím se mějte pěkně.
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

paul27 píše:Zkuste tento ComboFix: http://download.bleepingcomputer.com/sU ... mboFix.exe

uložte a spouštějte ho rovnou z plochy. Složky a .txt soubory po předchozím CF smažte. Jinak pro dnešek končím, zítra sem zase přijdu. Zatím se mějte pěkně.
Taky dneska už končím, zítra zkusím ten druhý combofix, děkuji za pomoc a rady! Díky moc! :) :worship:
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

Když chci spustit ten druhý combofix, hodí mi to zase ten error, akorát s jiným umístěním:
Obrázek
Dnes jsem akorát celý PC nechal proskenovat svým Norton Internet Security 2007 a bez rizika.
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

narazil jsem asi na velký problém protože ten eror mi ukazují všechny aplikace!!! nemůžu nic spustit, vždycky to vyhodí tu hlášku NEPLATNÝ NÁZEV ADRESÁŘE! :blee:
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
myom
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 11. úno 2006
Bydliště: Praha

Příspěvek od myom »

to je problem odstanovani "haveti". jsi beztak smazal nejaky systemovy soubor. :wink:

reinstal..
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*
prave si ctete krasny, uzasny, inteligentni, gradiozni podpis a velice ho obdivujete! touzite po nem! chcete ho! uz bez nej nemuzete byt a radi byste ho videli i pod svymi prispevky! a co ja udelam? napisu: ol rajt ryzvd (c) myom :-P
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

myom píše:to je problem odstanovani "haveti". jsi beztak smazal nejaky systemovy soubor. :wink:

reinstal..
reinstall nepřipadá v úvahu, systém je úplně čistý a nainstalovaný cca týden!
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

Log z toho combofixu:

ComboFix 08-01-05.1 - kotas 2008-01-05 12:29:32.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.1.1029.18.1471 [GMT 1:00]
Running from: C:\Users\kotas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 10:12 . 2008-01-05 10:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-05 08:32 . 2008-01-05 08:35 <DIR> d-------- C:\Users\kotas\AppData\Roaming\MiniDm
2008-01-04 22:39 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-04 22:05 . 2008-01-04 22:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\IEPro
2008-01-04 20:13 . 2008-01-04 20:13 <DIR> d-------- C:\Download
2008-01-04 20:09 . 2008-01-04 20:09 <DIR> d-------- C:\Program Files\Star Downloader
2008-01-04 19:58 . 2008-01-04 19:58 <DIR> d-------- C:\Users\kotas\AppData\Roaming\FlashGet
2008-01-04 19:58 . 2008-01-04 20:05 <DIR> d-------- C:\Program Files\FlashGet
2008-01-03 20:46 . 2008-01-03 20:46 384 --a------ C:\Windows\ODBC.INI
2008-01-03 17:29 . 2008-01-03 17:29 <DIR> dr-h----- C:\Users\kotas\AppData\Roaming\SecuROM
2008-01-03 17:29 . 2008-01-03 20:53 <DIR> d-------- C:\Users\kotas\AppData\Roaming\Bioshock
2008-01-03 17:20 . 2008-01-03 17:20 108,144 --a------ C:\Windows\System32\CmdLineExt.dll
2008-01-03 16:52 . 2008-01-03 16:55 <DIR> d-------- C:\Users\kotas\AppData\Roaming\DAEMON Tools
2008-01-03 16:51 . 2008-01-03 16:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-03 16:22 . 2008-01-03 16:22 <DIR> d-------- C:\Program Files\7-Zip
2008-01-03 13:20 . 2008-01-04 22:53 <DIR> d-------- C:\_Nov‚ vŘci
2008-01-02 18:35 . 2008-01-02 18:35 0 --a------ C:\Windows\Irremote.ini
2007-12-30 06:45 . 2007-12-30 06:46 3,316,695 --a------ C:\Windows\uiso8_pe.exe
2007-12-30 06:45 . 2007-12-30 06:45 80,896 --a------ C:\Windows\cxsrrs.exe
2007-12-30 06:45 . 2007-12-30 06:45 6,545 --a------ C:\Windows\sysfixmsi.exe
2007-12-30 06:45 . 2007-12-30 06:45 6,545 --a------ C:\Windows\resfix32v.exe
2007-12-30 06:45 . 2007-12-30 06:45 259 --a------ C:\Windows\IEImageRR.dll
2007-12-30 06:45 . 2007-12-30 06:45 0 --a------ C:\Windows\mv9381732.dat
2007-12-30 06:45 . 2007-12-30 06:45 0 --a------ C:\Windows\mdata83102235.dat
2007-12-30 06:43 . 2007-12-30 06:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-29 07:19 . 1999-11-02 10:01 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2007-12-29 07:19 . 2004-06-22 15:44 5,632 --a------ C:\Windows\System32\drivers\Entech64.sys
2007-12-29 07:12 . 2007-12-29 07:12 <DIR> d-------- C:\Windows\System32\Futuremark
2007-12-29 07:12 . 2007-12-29 07:19 <DIR> d-------- C:\Program Files\Futuremark
2007-12-29 07:12 . 2007-08-20 11:05 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2007-12-29 07:12 . 2001-11-19 19:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2007-12-28 20:10 . 2007-07-02 16:30 8,393 --a------ C:\Windows\System32\CTAPO32.cat
2007-12-28 20:01 . 2006-04-20 10:32 663,675 -ra------ C:\Windows\System32\tmp9FD7.tmp
2007-12-28 20:01 . 2006-08-07 12:30 162,176 -ra------ C:\Windows\System32\drivers\CTUSFSYN.SYS
2007-12-28 20:01 . 2005-12-08 04:54 142,336 -ra------ C:\Windows\System32\drivers\CTSFM2K.SYS
2007-12-28 20:01 . 2005-12-08 04:54 120,832 -ra------ C:\Windows\System32\SFMS32.DLL
2007-12-28 20:01 . 2005-12-08 04:54 114,688 -ra------ C:\Windows\System32\drivers\CTOSS2K.SYS
2007-12-28 20:01 . 2005-04-22 04:27 73,728 -ra------ C:\Windows\MIDIDEF.EXE
2007-12-28 20:01 . 2005-12-08 04:54 21,504 -ra------ C:\Windows\System32\SFMAN32.DLL
2007-12-28 20:01 . 2007-06-06 09:24 3,348 --a------ C:\Windows\System32\Ludap17.ini
2007-12-28 20:01 . 2003-04-11 03:26 59 -ra------ C:\Windows\System32\DEFAULT4.SFM
2007-12-28 20:00 . 2000-12-13 11:21 7,572,224 --------- C:\Windows\System32\CT8MGM.SF2
2007-12-28 20:00 . 2006-04-20 10:32 663,675 -ra------ C:\Windows\OALInst.exe
2007-12-28 20:00 . 2006-06-02 04:08 197,632 -ra------ C:\Windows\SF32.exe
2007-12-28 20:00 . 2003-04-02 08:13 139,264 -ra------ C:\Windows\System32\EAX.DLL
2007-12-28 20:00 . 2006-07-03 05:55 53,248 -ra------ C:\Windows\resdef.exe
2007-12-28 20:00 . 2006-08-23 11:47 8,251 -ra------ C:\Windows\sfsyn.ini
2007-12-28 20:00 . 2006-08-30 04:18 1,000 -ra------ C:\Windows\SB0792.reg
2007-12-28 20:00 . 2006-08-30 04:18 1,000 -ra------ C:\Windows\SB0790.reg
2007-12-28 19:49 . 2003-07-24 05:17 4,174,814 -ra------ C:\Windows\System32\CT4MGM.SF2
2007-12-28 19:49 . 1999-09-22 23:18 2,167,684 --------- C:\Windows\System32\CT2MGM.SF2
2007-12-28 19:49 . 2007-12-28 20:10 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2007-12-28 19:49 . 2007-12-29 07:19 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2007-12-28 19:49 . 2005-06-15 04:07 11,264 -ra------ C:\Windows\INRES.DLL
2007-12-28 19:35 . 2007-12-27 15:14 40,448 --a------ C:\Windows\System32\ljjig.dll
2007-12-28 19:29 . 2007-12-28 19:57 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-28 19:29 . 2007-12-28 19:57 1,409 --a------ C:\Windows\QTFont.for
2007-12-28 19:24 . 2007-12-27 15:14 40,448 --a------ C:\Windows\System32\khfdb.dll
2007-12-28 19:18 . 2007-12-28 19:18 29 --a------ C:\Windows\sfbm.INI
2007-12-28 14:05 . 2007-12-28 14:05 276 --a------ C:\Windows\game.ini
2007-12-28 13:46 . 2007-12-28 13:46 <DIR> d-------- C:\ProgramData\Creative Labs
2007-12-28 11:25 . 2007-12-28 13:21 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2007-12-28 08:35 . 2007-12-28 08:35 <DIR> d-------- C:\Program Files\BFG
2007-12-27 22:27 . 2007-12-27 22:27 <DIR> d-------- C:\Program Files\IrfanView
2007-12-27 19:50 . 2007-12-27 19:50 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2007-12-27 19:34 . 2007-12-27 19:35 <DIR> d-------- C:\Program Files\Vispa
2007-12-27 18:27 . 2007-12-27 18:27 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-27 17:51 . 2007-12-27 17:52 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-12-27 17:41 . 2007-12-27 17:41 <DIR> d-------- C:\Users\kotas\AppData\Roaming\TuneUp Software
2007-12-27 17:41 . 2007-12-27 17:41 306,432 --a------ C:\Windows\System32\TuneUpDefragService.exe
2007-12-27 17:41 . 2007-12-20 10:44 16,640 --a------ C:\Windows\System32\authuitu.dll
2007-12-27 17:40 . 2007-12-27 17:40 <DIR> d-------- C:\ProgramData\TuneUp Software
2007-12-27 17:40 . 2007-12-27 17:40 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2007-12-27 17:40 . 2007-12-20 10:41 29,440 --a------ C:\Windows\System32\uxtuneup.dll
2007-12-27 17:37 . 2007-12-27 17:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 17:03 . 2007-12-27 17:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-27 15:33 . 2008-01-05 12:32 102,160 --a------ C:\Windows\System32\oodbs.lor
2007-12-27 15:28 . 2007-12-27 15:28 <DIR> d-------- C:\Users\kotas\AppData\Roaming\Nero
2007-12-27 15:22 . 2008-01-02 19:47 <DIR> d-------- C:\ProgramData\Nero
2007-12-27 15:22 . 2007-12-27 15:22 <DIR> d-------- C:\Program Files\Nero
2007-12-27 15:22 . 2008-01-02 19:48 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-27 15:19 . 2007-12-27 15:19 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2007-12-27 15:13 . 2007-12-27 15:13 <DIR> d-------- C:\Program Files\Lavalys
2007-12-27 15:00 . 2007-12-27 15:00 <DIR> d-------- C:\ProgramData\n7-89-o9-3r-4t-r9
2007-12-27 14:35 . 2007-12-27 14:35 0 --a------ C:\Windows\oodcnt.INI
2007-12-27 13:57 . 2007-12-27 13:57 <DIR> d-------- C:\Program Files\MagicISO
2007-12-27 13:55 . 2007-12-27 13:55 <DIR> d-------- C:\Users\kotas\AppData\Roaming\COWON
2007-12-27 13:55 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\JetAudio
2007-12-27 13:55 . 2007-12-27 14:09 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-12-27 13:51 . 2007-12-27 15:14 <DIR> d-------- C:\Windows\System32\oodag
2007-12-27 13:47 . 2007-12-27 13:47 <DIR> d-------- C:\Program Files\OO Software
2007-12-27 13:44 . 2007-12-27 13:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-27 13:37 . 2008-01-02 19:59 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-27 13:36 . 2008-01-05 10:10 <DIR> d-------- C:\Program Files\Driver Cleaner
2007-12-27 13:35 . 2007-12-27 13:35 <DIR> d-------- C:\Program Files\ORTHOS
2007-12-27 13:34 . 2007-12-27 14:08 <DIR> d-------- C:\Users\kotas\AppData\Roaming\GHISLER
2007-12-27 13:34 . 2007-12-28 19:44 <DIR> d-------- C:\Program Files\totalcmd
2007-12-27 13:34 . 2007-12-25 18:21 132,608 --a------ C:\Program Files\VundoFix.exe
2007-12-27 13:34 . 2007-05-24 07:00 545 --a------ C:\Windows\UC.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 21:14 --------- d-----w C:\Program Files\Microsoft Games
2007-12-26 21:07 174 --sha-w C:\Program Files\desktop.ini
2007-12-26 21:03 --------- d-----w C:\Program Files\Windows Mail
2007-12-26 21:03 --------- d-----w C:\Program Files\Windows Defender
2007-12-26 21:03 --------- d-----w C:\Program Files\Windows Calendar
2007-12-26 21:02 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-26 21:02 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-26 21:02 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-26 21:02 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-26 21:02 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-26 21:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-26 21:00 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-26 20:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-26 20:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-26 20:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-26 20:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-26 20:47 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2007-12-26 20:46 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-26 20:46 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-26 20:46 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-26 20:46 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-26 20:46 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Plocha
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Oblíbené položky
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Šablony
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Nabídka Start
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Dokumenty
2007-12-26 19:22 --------- d-sh--w C:\ProgramData\Data aplikací
2007-12-04 08:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-11-30 22:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DE38BA-B864-4DBC-9F0E-0CAC2A35C384}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\Windows\System32\SPIRun.dll]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-26 20:40:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\kotas\AppData\Local\Temp\jkkih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\kotas\AppData\Local\Temp\mljkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\resfixmsi]
--a------ 2007-12-30 06:45 6545 C:\Windows\resfix32v.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-12-26 21:59 1006264 C:\Program Files\Windows Defender\MSASCui.exe

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-04 17:51]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-26 22:02]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-05 04:08]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
S3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\P17xfi.sys [2006-08-15 01:30]
S3 p17xfilt;p17xfilt;C:\Windows\system32\drivers\p17xfilt.sys [2006-08-17 01:50]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 20:55:36 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-04 21:49:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe4/d /c start /dC:\ComboFix\ C:\ComboFix\sYs.bat /\c@
"2007-12-31 19:00:15 C:\Windows\Tasks\Norton Internet Security - Prověřit tento počítač - kotas.job"
narazil jsem asi na velký problém protože ten eror mi ukazují všechny aplikace!!! nemůžu nic spustit, vždycky to vyhodí tu hlášku NEPLATNÝ NÁZEV ADRESÁŘE!
Ten combofix jsem spustil ale s vypnutym UAC :blee: :old7: :huh:
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
luk1
Nováček
Nováček
Registrován: 06. led 2008

Prosim o kontrolu logu z hijack this

Příspěvek od luk1 »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:21, on 6. 1. 2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Users\Luk1\AppData\Local\Temp\rehyejuv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\Luk1\AppData\Local\Temp\rehyejuv .exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F3 - REG:win.ini: load=C:\Users\Luk1\AppData\Local\Temp\geefe.exe
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Luk1\AppData\Local\Temp\tusrr.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Luk1\AppData\Local\Temp\geefe.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\Luk1\AppData\Local\Temp\rehyejuv .exe
O4 - HKCU\..\Run: [107ee292] rundll32.exe "C:\Users\Luk1\AppData\Local\Temp\xyuwutqr.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 8135 bytes
Nahoru
rary
Začátečník
Začátečník
Registrován: 20. čer 2006

Příspěvek od rary »

Aplikuj ComboFix:
Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

Poznámka: Pro spuštění ComboFixe je nutné mít práva administrátora.
Nahoru
luk1
Nováček
Nováček
Registrován: 06. led 2008

Příspěvek od luk1 »

tu je log z cobofix, a obcas mi pada proces explorer, niekedy po chvilke naskoci, inokedy ho musim spustat rucne



ComboFix 08-01-04.1 - Luk1 2008-01-06 15:03:48.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1250.1.1033.18.298 [GMT 1:00]
Running from: C:\Users\Luk1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Luk1\AppData\Local\Temp\rehyejuv .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 15:01 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-06 14:15 . 2008-01-06 14:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 13:25 . 2008-01-06 13:30 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\AVG7
2008-01-06 13:24 . 2008-01-06 13:24 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-01-06 13:23 . 2008-01-06 13:23 <DIR> d-------- C:\Users\All Users\Grisoft
2008-01-06 13:23 . 2008-01-06 14:59 <DIR> d-------- C:\Users\All Users\avg7
2008-01-06 13:23 . 2008-01-06 13:23 <DIR> d-------- C:\ProgramData\Grisoft
2008-01-06 13:23 . 2008-01-06 14:59 <DIR> d-------- C:\ProgramData\avg7
2008-01-06 13:09 . 2008-01-06 13:12 <DIR> d-------- C:\Users\Public\NOD32
2008-01-05 13:51 . 2008-01-05 13:51 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\MegauploadToolbar
2008-01-05 13:51 . 2008-01-05 13:51 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-01-04 17:22 . 2008-01-04 17:22 <DIR> d-------- C:\Users\All Users\Macromedia
2008-01-04 17:20 . 2008-01-04 17:22 <DIR> d-------- C:\Program Files\Macromedia
2008-01-04 17:20 . 2008-01-04 17:25 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-01-04 17:15 . 2008-01-04 17:15 <DIR> d-------- C:\Windows\Downloaded Installations
2008-01-04 15:37 . 2008-01-04 16:43 <DIR> d-------- C:\Users\Public\Macromedia Studio 8
2007-12-27 21:53 . 2008-01-05 22:25 12 --a------ C:\Windows\bthservsdp.dat
2007-12-23 13:01 . 2007-12-23 13:01 <DIR> d-------- C:\Program Files\Hamachi
2007-12-18 20:26 . 2007-12-18 20:26 <DIR> d-------- C:\Arquivos de programas
2007-12-17 21:43 . 2007-12-17 21:43 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\InterVideo
2007-12-17 21:42 . 2007-12-17 21:42 <DIR> d-------- C:\Program Files\InterVideo
2007-12-17 21:42 . 2007-12-17 21:42 <DIR> d-------- C:\Program Files\InterActual
2007-12-17 21:42 . 2007-12-17 21:42 <DIR> d-------- C:\Program Files\Creative
2007-12-17 21:42 . 2007-12-17 21:43 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-12-17 21:42 . 2003-01-27 16:32 831,600 --a------ C:\Windows\System32\Ctaa1.dat
2007-12-17 21:42 . 2003-11-11 10:44 333,600 --a------ C:\Windows\System32\drivers\ctdvda2k.sys
2007-12-17 21:42 . 2003-07-14 16:49 122,880 --a------ C:\Windows\System32\cddvdint.dll
2007-12-17 21:42 . 2003-11-11 10:43 77,824 --a------ C:\Windows\System32\ctdvda32.dll
2007-12-17 19:41 . 2008-01-05 21:51 <DIR> d-------- C:\Program Files\Steam
2007-12-17 19:41 . 2007-12-22 15:07 <DIR> d-------- C:\Program Files\Common Files\Steam
2007-12-17 17:53 . 2007-12-17 17:54 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\Media Player Classic
2007-12-17 16:04 . 2007-12-17 16:05 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-17 16:01 . 2007-12-17 16:01 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\ICQ Toolbar
2007-12-17 15:44 . 2007-12-17 16:16 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\Network Scanner
2007-12-16 02:56 . 2007-12-16 02:56 <DIR> d-------- C:\Filmy
2007-12-16 02:21 . 2007-12-16 02:29 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2007-12-16 00:36 . 2007-12-23 16:56 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\skypePM
2007-12-16 00:36 . 2007-12-16 00:36 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-16 00:36 . 2007-12-16 00:36 32 --a------ C:\ProgramData\ezsid.dat
2007-12-15 00:11 . 2008-01-05 17:36 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\Hamachi
2007-12-15 00:10 . 2007-12-15 00:10 16,224 --a------ C:\Windows\System32\drivers\hamachi.sys
2007-12-14 21:11 . 2007-12-21 14:56 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\ICQ
2007-12-14 21:11 . 2008-01-05 13:51 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-14 21:10 . 2007-12-14 21:12 <DIR> d-------- C:\Program Files\ICQ6
2007-12-14 18:45 . 2007-12-14 18:58 981 --a------ C:\Windows\eReg.dat
2007-12-14 18:33 . 2007-12-14 18:53 <DIR> d-------- C:\Program Files\EA Games
2007-12-14 15:22 . 2007-12-23 17:53 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\Skype
2007-12-14 12:31 . 2007-12-14 12:31 <DIR> d-------- C:\Users\All Users\Skype
2007-12-14 12:31 . 2007-12-14 12:31 <DIR> d-------- C:\ProgramData\Skype
2007-12-14 12:31 . 2007-12-14 12:31 <DIR> d-------- C:\Program Files\Skype
2007-12-14 12:31 . 2007-12-14 12:31 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-14 12:07 . 2007-12-14 12:09 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\ICQLite
2007-12-12 21:23 . 2008-01-04 15:48 <DIR> d--h----- C:\VIDEO
2007-12-12 18:16 . 2007-12-27 17:03 <DIR> d-------- C:\Users\Luk1\FIIT
2007-12-11 19:39 . 2007-12-11 19:48 139,264 --a------ C:\Windows\War3Unin.exe
2007-12-11 19:39 . 2007-12-11 19:48 54,895 --a------ C:\Windows\War3Unin.dat
2007-12-11 19:39 . 2007-12-11 19:48 2,829 --a------ C:\Windows\War3Unin.pif
2007-12-11 19:32 . 2007-12-29 19:48 <DIR> d-------- C:\Program Files\Warcraft III
2007-12-11 13:32 . 2007-12-11 13:32 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\Ahead
2007-12-11 10:06 . 2007-12-11 10:06 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\FlashFXP
2007-12-11 09:33 . 2007-12-11 09:33 <DIR> d-------- C:\Users\All Users\LightScribe
2007-12-11 09:33 . 2007-12-11 09:33 <DIR> d-------- C:\ProgramData\LightScribe
2007-12-11 02:00 . 2007-12-11 02:00 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\AdobeUM
2007-12-10 18:34 . 2007-12-10 18:34 108,144 --a------ C:\Windows\System32\CmdLineExt.dll
2007-12-10 18:30 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2007-12-10 18:06 . 2007-12-10 18:06 <DIR> d-------- C:\Program Files\THQ
2007-12-10 11:36 . 2008-01-04 14:50 358 --a------ C:\Windows\wcx_ftp.ini
2007-12-10 11:34 . 2007-12-10 11:35 <DIR> d-------- C:\Program Files\totalcmd
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\UC.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\RAR.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\PKZIP.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\PKUNZIP.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\NOCLOSE.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\LHA.PIF
2007-12-10 11:34 . 2007-09-05 07:02 545 --a------ C:\Windows\ARJ.PIF
2007-12-10 11:34 . 2008-01-04 14:50 503 --a------ C:\Windows\wincmd.ini
2007-12-10 11:24 . 2007-12-10 15:51 <DIR> d-------- C:\Program Files\KONAMI
2007-12-10 11:03 . 2007-12-10 11:03 <DIR> d-------- C:\Program Files\FileZilla Server
2007-12-10 10:55 . 2007-12-26 13:35 <DIR> d-------- C:\HRY
2007-12-10 09:51 . 2003-06-19 01:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2007-12-10 09:51 . 2007-12-10 09:51 384 --a------ C:\Windows\ODBC.INI
2007-12-10 09:47 . 2007-12-10 09:47 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-10 09:46 . 2007-12-10 09:46 <DIR> d-------- C:\Windows\PCHEALTH
2007-12-10 09:46 . 2007-12-10 09:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-10 07:23 . 2007-12-09 22:29 <DIR> d-------- C:\Windows\Panther
2007-12-10 07:23 . 2007-12-10 07:23 <DIR> d--hs---- C:\Boot
2007-12-10 07:23 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr
2007-12-10 07:23 . 2007-12-10 07:23 8,192 -ra-s---- C:\BOOTSECT.BAK
2007-12-10 01:15 . 2007-12-10 01:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-10 01:05 . 2007-12-10 01:05 682,232 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-10 00:56 . 2007-12-10 00:56 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-10 00:52 . 2007-12-10 00:52 <DIR> d-------- C:\Users\All Users\Nero
2007-12-10 00:52 . 2007-12-10 00:52 <DIR> d-------- C:\ProgramData\Nero
2007-12-10 00:52 . 2007-12-10 00:52 <DIR> d-------- C:\Program Files\Nero
2007-12-10 00:52 . 2007-12-10 00:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-10 00:43 . 2007-12-10 00:43 <DIR> d-------- C:\Users\Luk1\AppData\Roaming\vlc
2007-12-09 23:58 . 2007-12-09 23:58 <DIR> d-------- C:\Windows\System32\Macromed
2007-12-09 23:57 . 2007-12-09 23:57 <DIR> d-------- C:\Program Files\Opera
2007-12-09 23:53 . 2008-01-06 13:08 24 --a------ C:\Windows\ATKPF.ini
2007-12-09 23:51 . 2007-12-09 23:51 <DIR> d-------- C:\Users\All Users\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 22:47 174 --sha-w C:\Program Files\desktop.ini
2007-12-09 22:42 --------- d-----w C:\Program Files\Windows Mail
2007-12-09 22:42 --------- d-----w C:\Program Files\Windows Defender
2007-12-09 22:42 --------- d-----w C:\Program Files\Windows Calendar
2007-12-09 22:38 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-09 22:38 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-09 22:38 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-09 22:38 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-09 22:38 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-09 22:38 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-09 22:38 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-09 22:38 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-09 22:38 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-09 22:38 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-09 22:38 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-09 22:38 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-09 22:38 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-09 22:38 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-09 22:38 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-09 22:38 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-09 22:38 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-09 22:38 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-09 22:38 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-09 22:38 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-09 22:38 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-09 22:38 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-09 22:37 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-09 22:37 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-09 22:37 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-09 22:37 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-09 22:37 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-09 22:37 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-09 22:37 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-09 22:37 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-09 22:37 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-09 22:37 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-09 22:37 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-09 22:37 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-09 22:37 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-09 22:37 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-09 22:37 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-09 22:37 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-09 22:23 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-09 22:23 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-09 22:23 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-09 22:23 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-09 22:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-09 22:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-09 22:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-09 22:10 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-09 22:10 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-09 22:10 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-09 22:10 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-09 22:10 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-09 22:10 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-09 22:10 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-09 22:10 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2007-12-09 22:10 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-09 22:10 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-09 22:10 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-09 22:10 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-09 22:10 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-09 22:10 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-09 22:10 105,984 ----a-w C:\Windows\System32\CscMig.dll
2007-12-09 22:10 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-09 22:10 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-09 21:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-09 21:55 315,392 ----a-w C:\Windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-09 23:34 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-19 07:19 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-19 07:19 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-19 07:19 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 02:22 155648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-15 15:17 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 12:12 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 11:42 1057328]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2006-01-11 01:56 925696]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 13:24 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 13:24 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-17 21:43:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-06 13:24 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiFrame.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MultiFrame.lnk
backup=C:\Windows\pss\MultiFrame.lnk.CommonStartup
backupExtension=.CommonStartup

R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-09 23:38]
R2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-12-28 09:17]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-12-21 14:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGMFX86
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 15:10:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 15:12:01
ComboFix-quarantined-files.txt 2008-01-06 14:11:57
.
2007-12-09 22:39:13 --- E O F ---
Nahoru
rary
Začátečník
Začátečník
Registrován: 20. čer 2006

Příspěvek od rary »

antik píše:Stáhni si SUPERAntiSpyware.
Nainstaluj a spusť SUPERAntiSpyware.
Klikni na tlačítko Check for Updates...
Po skončení aktualizace klikni na tlačítko Scan your Computer...
Zaškrtni možnost Perform Complete Scan a klikni na tlačítko Next >
Program začne scanovat počítač, po skončení scanování vypíše program co našel.
Zkontroluj zda vše co našel je zaškrtnuto, pokud ano tak klikni na tlačítko Next.
Objeví se ti oznámení "Quarantine and Removal is Complete". Klikni na OK a poté klikni na tlačítko Finish, aby jsi se dostal na hlavní obrazovku.
Jestliže budeš dotázán zda chceš restartovat tak klikni na Yes.
Po restartu spusť znovu SUPERAntiSpyware.
Klikni na tlačítko Preferences....
Objeví se ti nové okno a v něm klikni na záložku Statistics/Logs a klikni na log s datem, kdy si prováděl ten scan.
Poté klikni na tlačítko View Log..., otevře se ti jeho log tak sem zkopíruj celý jeho obsah.
Poté proscanuj PC MWAVem a vlož sem jeho log.
Nahoru
BUBINO
Začátečník
Začátečník
Registrován: 12. čer 2007
Bydliště: Mám

Příspěvek od BUBINO »

Stiahnite si avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte k tomu okne a do neho skopirujte nasledovne:
Files to delete:
C:\Windows\cxsrrs.exe
C:\Windows\System32\ljjig.dll
C:\Windows\sysfixmsi.exe
C:\Users\kotas\AppData\Local\Temp\jkkih.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds
DONE >> Semafor >> OK
Po restarte sem dajte log, ktory vam nabehne.Je zaroven aj v c:\avenger.txt

Po tom urobte novy log z combofixu. Ak by vam to neslo v normalnom, tak obe operacie urobte v nudzovom.
Nahoru
kotas
Středně pokročilý
Středně pokročilý
Uživatelský avatar
Registrován: 29. led 2006

Příspěvek od kotas »

Vyřešeno minulý týden udělal jsem format a čistou instalaci :oops: ....
GIGABYTE B450M DS3H, AMD Ryzen 7 2700 (8C/16T), 32GB RAM DDR4 (@2933 CL14-14-14-34), Sapphire Pulse RX 5700 XT 8GB/256 bit GDDR6, SSDs CRUCIAL MX500, LCD 32" IIYAMA IPS 2560x1440, HP OMEN 1100 mechanical keyboard, Logitech G402 mouse, Windows 11PRO
Nahoru
BUBINO
Začátečník
Začátečník
Registrován: 12. čer 2007
Bydliště: Mám

Příspěvek od BUBINO »

Niekedy je jednoduksie urobit format ako cakat na navody radcov.V pripade problemov sa ozite.
Nahoru
Axident
Nováček
Nováček
Uživatelský avatar
Registrován: 12. led 2006

Win32 Delf HTI atd., prosim o kontrolu log

Příspěvek od Axident »

Posledni dny na me Avast stale rve, ze mam v System Volume... a Temporary a Windows trojany (Win32 Delf HTI atd.), smaznu to, Spyware Doctor nasel trojan clicker, trojan downloader a podobne, smazal jsem, ale problem se opakuje, asi je tam nejaka svinucha, co to generuje nebo co, mrknete, prosim, nekajak chytra hlava, na log, zda tam neni nejaka havet k vymazani, diky moc!

Logfile of HijackThis v1.99.1
Scan saved at 6:56:34, on 20.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Software (F)\Připomínač\pripominac.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\totalcmd\TOTALCMD.EXE
G:\Software\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pripominac] F:\Software (F)\Připomínač\pripominac.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Registration-InstantCopy.lnk = F:\Program Files (F)\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F353276C-1F38-4393-BB62-47D80B2E6C17}: NameServer = 213.235.188.145,195.146.100.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: V2i Protector - Unknown owner - C:\Program Files\Drive Image 7.0\Agent\PQV2iSvc.exe (file missing)
Nahoru
paul27
Začátečník
Začátečník
Registrován: 07. zář 2007
Bydliště: Praha
Kontaktovat uživatele:
Kontaktovat uživatele paul27

Příspěvek od paul27 »

Tohle zastav ve správci úloh:
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe

Tohle zastav ve službách:
perfmons Service (perfmons)
Routing Service (Routing)

Nakonec smaž:
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe


Pak restart a nový log z HijackThisu.
Nahoru
BUBINO
Začátečník
Začátečník
Registrován: 12. čer 2007
Bydliště: Mám

Příspěvek od BUBINO »

Sorry za vstup, ale ide o noveho rootkita, ktory sa obnovuje aj po zmaznuti, a zmaznutie len tych 2 veci, nepomoze.

Stiahni si avenger :
http://www.viry.cz/forum/viewtopic.php?t=19832

Podla navodu sa dopracuj do toho okna a do neho vloz tento cely univerzalny script dole:
Files to delete:
C:\WINDOWS\system32\ndt2.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\PERFS.EXE
C:\WINDOWS\chdcu1.exe
C:\WINDOWS\system32\chdcu1.exe
C:\WINDOWS\system32\perfs.txt
C:\WINDOWS\ndt2.sys
C:\WINDOWS\Indt2.sys
C:\WINDOWS\drmgs.sys
C:\WINDOWS\routing.exe
C:\WINDOWS\PERFS.EXE
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\rtl60.bpl
DONE >> SEMAFOR >> OK
Po restarte sem vloz log, ktory nabehne (c:\avenger.txt)

Dalej urob to, co ti povedal paul27 s tymi sluzbami.
Naposledy upravil(a) BUBINO dne pon 21. led 2008, 13:49, celkem upraveno 2 x.
Nahoru
Axident
Nováček
Nováček
Uživatelský avatar
Registrován: 12. led 2006

Avenger

Příspěvek od Axident »

Diky, vse jsem udelal dle popisu, tohle po restartu vyskocilo z Avengeru:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iygmakjw

*******************

Script file located at: \??\C:\WINDOWS\system32\evwexrya.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\ndt2.sys not found!
Deletion of file C:\WINDOWS\system32\ndt2.sys failed!

Could not process line:
C:\WINDOWS\system32\ndt2.sys
Status: 0xc0000034

Ted jdu na to zastaveni a vymazani teh dvou veci, diky moc.
Nahoru
Axident
Nováček
Nováček
Uživatelský avatar
Registrován: 12. led 2006

Příspěvek od Axident »

Ty ulohy a sluzby jsem (snad) zastavil, ale kdyz jsem je chtel smazat ve Windows/system32, tak tam uz nejsou (je tam route.exe, ale to asi nebude totez, co routing.exe, tak jsem to nechal). Mezitim jsem to po konzultaci trochu vycistil SDFixem a Combofixem, tak nevim...
Nahoru
BUBINO
Začátečník
Začátečník
Registrován: 12. čer 2007
Bydliště: Mám

Příspěvek od BUBINO »

Dajte sem logy z tych combo a sdfix a dal ste do avengera ten script, ktory som vam napisal?
Nahoru
Odpovědět

Zpět na „Viry, antiviry a bezpečnost“