zdravim, nainstaloval som si tento programcek s pocitom ze mi pomoze ale bol mi nanic a po odstraneni mi ostala jeho cast v kompe a na dolnej liste mi stale vyhadzuje bublinu system alert so zltym vykricnikom, ktora ma vzdy vyhadzuje ked pisem a podobne, pri kliku na nu ma odkaze na stranku kde si mozem antivirgear kupit cize domyselna reklama
neviem si poradit s jej odstranenim kedze subory co ju aktivuju mam vzdy medzi aktivnymi procesmi a ich cinnost sa mi neda ukoncit
poradi dakto jak sa toho zbavit?
AntiVirGear
- jakkal
- Nováček
-
- Registrován: 22. čer 2007
- Bydliště: Slovensko
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Re: AntiVirGear
Ja osobne ani taky antivir nepoznam, ale urcite pojde o neaky Adware, ked vyhadzuje reklamu. Mohol by si sem dat log z programu HijackThis?
- jakkal
- Nováček
-
- Registrován: 22. čer 2007
- Bydliště: Slovensko
oki log je:
Logfile of HijackThis v1.99.1
Scan saved at 14:33:11, on 4.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\michal\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-01-21:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {D7515C61-A66C-4319-A0E0-D416CB8059E3} - C:\Program Files\Common Files\Relive.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispečér v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_5747609] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\Michal\Programy\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Michal\Programy, typy, zaujimavosti\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:33:11, on 4.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\michal\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-01-21:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {D7515C61-A66C-4319-A0E0-D416CB8059E3} - C:\Program Files\Common Files\Relive.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuFE5\toolbaru.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispečér v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_5747609] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\Michal\Programy\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Michal\Programy, typy, zaujimavosti\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Este prosim urob log z combofixu:
stahnete a ulozte na plochu [http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix[/url]
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
- jakkal
- Nováček
-
- Registrován: 22. čer 2007
- Bydliště: Slovensko
oki:
ComboFix 08-02.05.3 - michal 2008-02-04 23:39:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\michal\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\michal\Data aplikací\FunWebProducts
C:\Documents and Settings\michal\err.log
C:\Program Files\Common Files\Relive.dll
C:\Program Files\Online Video Add-on
C:\Program Files\Online Video Add-on\isfmdl.dll
C:\Program Files\Online Video Add-on\isfmm.txt
C:\Program Files\Online Video Add-on\isfmntr.pdf
C:\WINDOWS\system32\hteogat.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-01-30 09:17 . 2008-02-04 08:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 09:17 . 2008-01-30 09:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Program Files\CyberLink
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Program Files\ASUSTek
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-27 20:45 . 2008-01-27 20:45 <DIR> d-------- C:\spoolerlogs
2008-01-24 12:25 . 2008-01-24 12:25 <DIR> d-------- C:\MP3
2008-01-23 13:29 . 2008-01-26 17:52 <DIR> d-------- C:\Program Files\StrongDC++ ROBUR 2.11
2008-01-20 11:32 . 2008-01-20 11:32 <DIR> d-------- C:\Program Files\Google
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\Program Files\Hamachi
2008-01-13 13:46 . 2008-01-13 13:47 <DIR> d-------- C:\Documents and Settings\michal\Data aplikací\Teleca
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-01-13 13:41 . 2008-01-13 13:41 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-01-13 13:41 . 2008-01-13 13:41 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-01-13 13:41 . 2008-01-13 13:41 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-01-13 13:41 . 2008-01-13 13:41 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-01-13 13:40 . 2008-01-13 13:41 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-08 14:39 . 2008-01-08 14:40 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 22:43 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Azureus
2008-02-04 07:30 --------- d-----w C:\Program Files\Michal
2008-02-03 22:37 11,948 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-03 16:30 --------- d-----w C:\Program Files\Martinka
2008-01-31 13:51 --------- d-----w C:\Program Files\Warcraft III
2008-01-30 07:49 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Skype
2008-01-29 20:40 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Ahead
2008-01-29 11:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 12:09 --------- d-----w C:\Program Files\SubRip
2008-01-24 11:24 --------- d-----w C:\Program Files\StrongDC++
2008-01-23 12:55 --------- d-----w C:\Program Files\Maroš
2008-01-14 12:33 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Hamachi
2008-01-14 12:30 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-01 08:04 --------- d-----w C:\Program Files\ICQLite
2007-12-22 17:52 --------- d-----w C:\Documents and Settings\michal\Data aplikací\InstallShield
2007-12-18 11:55 --------- d-----w C:\Program Files\YouTube Video Downloader
2007-12-13 00:29 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Autodesk
2007-12-13 00:21 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-13 00:21 --------- d-----w C:\Program Files\Autodesk
2007-12-13 00:19 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-13 00:17 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2005-04-03 19:22 1,108,779 ----a-w C:\Program Files\sewer.dat
2005-04-03 13:42 841,839 ----a-w C:\Program Files\insanity.dat
2004-06-07 20:04 774 ----a-w C:\Program Files\sinister.epd
2004-06-06 20:28 3,643 ----a-w C:\Program Files\yard.dat
2007-07-16 14:01 56 --sh--r C:\WINDOWS\system32\7B77FC0151.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{84938242-5C5B-4A55-B6B9-A1507543B418}"= C:\Program Files\Video Access ActiveX Object\iesplugin.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 18:43 90112]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"E06AXLRD_5747609"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [2005-06-03 09:30 301776]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2007-03-13 12:09 3144800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57 143360]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 87751 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 14:02 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-11 14:04 180269]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
"Siemens SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-03-16 09:15 45056]
"pdfFactory Pro Dispečér v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-08-03 15:33 503808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-26 07:54 1115728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{634be415-da12-496b-b89e-329b73c4807f}"= C:\WINDOWS\system32\tvomnc.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CD68AC9-FF63-3E61-626B-B663E62F6236}"= C:\Program Files\Internet Explorer\romdrivers.dll [2008-02-04 23:39 14891]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys []
S3 gel90xne;gel90xne;C:\DOCUME~1\michal\LOCALS~1\Temp\gel90xne.sys [2002-06-18 14:26]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{add5994e-b7f9-11dc-ab34-000c6ee9fcb7}]
\Shell\Auto\command - G:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 23:44:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-04 23:46:27
ComboFix-quarantined-files.txt 2008-02-04 22:46:24
ComboFix 08-02.05.3 - michal 2008-02-04 23:39:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\michal\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\michal\Data aplikací\FunWebProducts
C:\Documents and Settings\michal\err.log
C:\Program Files\Common Files\Relive.dll
C:\Program Files\Online Video Add-on
C:\Program Files\Online Video Add-on\isfmdl.dll
C:\Program Files\Online Video Add-on\isfmm.txt
C:\Program Files\Online Video Add-on\isfmntr.pdf
C:\WINDOWS\system32\hteogat.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-01-30 09:17 . 2008-02-04 08:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 09:17 . 2008-01-30 09:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Program Files\CyberLink
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Program Files\ASUSTek
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-27 20:45 . 2008-01-27 20:45 <DIR> d-------- C:\spoolerlogs
2008-01-24 12:25 . 2008-01-24 12:25 <DIR> d-------- C:\MP3
2008-01-23 13:29 . 2008-01-26 17:52 <DIR> d-------- C:\Program Files\StrongDC++ ROBUR 2.11
2008-01-20 11:32 . 2008-01-20 11:32 <DIR> d-------- C:\Program Files\Google
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\Program Files\Hamachi
2008-01-13 13:46 . 2008-01-13 13:47 <DIR> d-------- C:\Documents and Settings\michal\Data aplikací\Teleca
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2008-01-13 13:45 . 2008-01-13 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2008-01-13 13:41 . 2008-01-13 13:41 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-01-13 13:41 . 2008-01-13 13:41 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-01-13 13:41 . 2008-01-13 13:41 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-01-13 13:41 . 2008-01-13 13:41 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-01-13 13:40 . 2008-01-13 13:41 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-08 14:39 . 2008-01-08 14:40 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 22:43 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Azureus
2008-02-04 07:30 --------- d-----w C:\Program Files\Michal
2008-02-03 22:37 11,948 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-03 16:30 --------- d-----w C:\Program Files\Martinka
2008-01-31 13:51 --------- d-----w C:\Program Files\Warcraft III
2008-01-30 07:49 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Skype
2008-01-29 20:40 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Ahead
2008-01-29 11:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 12:09 --------- d-----w C:\Program Files\SubRip
2008-01-24 11:24 --------- d-----w C:\Program Files\StrongDC++
2008-01-23 12:55 --------- d-----w C:\Program Files\Maroš
2008-01-14 12:33 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Hamachi
2008-01-14 12:30 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-01 08:04 --------- d-----w C:\Program Files\ICQLite
2007-12-22 17:52 --------- d-----w C:\Documents and Settings\michal\Data aplikací\InstallShield
2007-12-18 11:55 --------- d-----w C:\Program Files\YouTube Video Downloader
2007-12-13 00:29 --------- d-----w C:\Documents and Settings\michal\Data aplikací\Autodesk
2007-12-13 00:21 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-13 00:21 --------- d-----w C:\Program Files\Autodesk
2007-12-13 00:19 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-13 00:17 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2005-04-03 19:22 1,108,779 ----a-w C:\Program Files\sewer.dat
2005-04-03 13:42 841,839 ----a-w C:\Program Files\insanity.dat
2004-06-07 20:04 774 ----a-w C:\Program Files\sinister.epd
2004-06-06 20:28 3,643 ----a-w C:\Program Files\yard.dat
2007-07-16 14:01 56 --sh--r C:\WINDOWS\system32\7B77FC0151.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{84938242-5C5B-4A55-B6B9-A1507543B418}"= C:\Program Files\Video Access ActiveX Object\iesplugin.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 18:43 90112]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"E06AXLRD_5747609"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [2005-06-03 09:30 301776]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2007-03-13 12:09 3144800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57 143360]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 11:44 87751 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 16:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 14:02 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-11 14:04 180269]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
"Siemens SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-03-16 09:15 45056]
"pdfFactory Pro Dispečér v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-08-03 15:33 503808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-26 07:54 1115728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{634be415-da12-496b-b89e-329b73c4807f}"= C:\WINDOWS\system32\tvomnc.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CD68AC9-FF63-3E61-626B-B663E62F6236}"= C:\Program Files\Internet Explorer\romdrivers.dll [2008-02-04 23:39 14891]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys []
S3 gel90xne;gel90xne;C:\DOCUME~1\michal\LOCALS~1\Temp\gel90xne.sys [2002-06-18 14:26]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{add5994e-b7f9-11dc-ab34-000c6ee9fcb7}]
\Shell\Auto\command - G:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 23:44:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-04 23:46:27
ComboFix-quarantined-files.txt 2008-02-04 22:46:24
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Stiahni si avengera odtialto:
http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracuj k tomu okne a do neho skopiruj nasledovne :
Pocitac sa restartuje a po nom naskoci log.Ten skopiruj sem. Je ulozeny aj v c:\avenger.txt. Potom sem daj novy log z combofixu a Hijackthisu.
http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracuj k tomu okne a do neho skopiruj nasledovne :
DONE >> SEMAFOR >> OKDrivers to unload:
gel90xne
Files to delete:
C:\Program Files\Internet Explorer\romdrivers.dll
C:\WINDOWS\system32\tvomnc.dll
C:\Program Files\yard.dat
C:\WINDOWS\system32\7B77FC0151.sys
C:\Program Files\sinister.epd
C:\Program Files\insanity.dat
C:\Program Files\sewer.dat
Registry values to delete:
hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler | {634be415-da12-496b-b89e-329b73c4807f}
hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks | {0CD68AC9-FF63-3E61-626B-B663E62F6236}
Pocitac sa restartuje a po nom naskoci log.Ten skopiruj sem. Je ulozeny aj v c:\avenger.txt. Potom sem daj novy log z combofixu a Hijackthisu.