mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 17:31
mam na Viste system alert:trojan-spy.win32@mx a newjem ako to vyriesit pomozte mi plss.dakujem vopred
PC-HELP.CZ
České diskuzní fórum o počítačích
https://pc-help.cnews.cz/
mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Stránka 1 z 2
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 17:36
vlož log z HijackThis.návod mám v podpisu
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 17:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:22 PM, on 4/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Users\Rodina\AppData\Local\Temp\E_S9993.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7BA472D-0F74-490C-8501-4FE57070ACC4}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8246 bytes
Scan saved at 5:41:22 PM, on 4/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Users\Rodina\AppData\Local\Temp\E_S9993.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7BA472D-0F74-490C-8501-4FE57070ACC4}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8246 bytes
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 18:14
máš nákazu NetProject.
použij SDFix
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT
použij SDFix
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 18:16
hej a ako dam nudzovi rezim?
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 18:19
když klikneš na ten modrý nápis nouzový režim, tak se ti otevře návod. zkráceně to lze udělat tak,že restartuješ PC a při bootu budeš mačkat F8 a pak z nabídky spuštění vybereš Stav nouze (né Stav nouze s prací v síti!)
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 18:55
mne to tak nejde.poklikam na to v nudzovom rezime a ono nic.nechapem tomu.
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 19:24
nachapem preco to nejde
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 19:27
SDFix pod Vistama nejde.
Vlož sem log z ComboFix:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Vlož sem log z ComboFix:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 02 dub 2008 20:06
ComboFix 08-04-01.2 - Rodina 2008-04-02 19:51:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1051.18.311 [GMT 2:00]
Running from: C:\Users\Rodina\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rodina\AppData\Roaming\inst.exe
C:\Windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.
2008-04-02 18:35 . 2008-04-02 19:29 <DIR> d-------- C:\SDFix
2008-04-02 17:41 . 2008-04-02 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 15:12 . 2008-03-30 15:12 <DIR> d-------- C:\Windows\System32\Adobe
2008-03-30 15:04 . 2008-03-30 15:13 1,289 --a------ C:\Windows\mozver.dat
2008-03-30 13:31 . 2008-03-30 21:10 <DIR> d-------- C:\Windows\System32\375013
2008-03-30 13:30 . 2008-03-30 22:52 <DIR> d-------- C:\Program Files\NetProject
2008-03-28 18:14 . 2008-03-29 18:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\EPSON
2008-03-12 18:34 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 18:34 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-03 22:26 . 2008-03-03 22:26 <DIR> d-------- C:\Shoty
2008-03-03 18:08 . 2008-03-09 22:26 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\BitTorrent
2008-03-03 18:08 . 2008-03-03 18:08 <DIR> d-------- C:\Program Files\DNA
2008-03-02 14:38 . 2008-03-04 16:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\DAEMON Tools
2008-03-02 14:38 . 2008-03-02 14:41 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-02 14:32 . 2008-03-02 14:32 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\Microsoft Games
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\Users\All Users\Microsoft Games
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\ProgramData\Microsoft Games
2008-03-02 13:46 . 2008-03-02 13:46 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-02 13:31 . 2008-03-02 13:31 <DIR> d-------- C:\Program Files\ScreenShots
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:47 --------- d-----w C:\Users\Rodina\AppData\Roaming\Skype
2008-04-02 16:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-02 15:06 --------- d-----w C:\Users\Rodina\AppData\Roaming\skypePM
2008-03-30 20:44 47,360 ----a-w C:\Users\Rodina\AppData\Roaming\pcouffin.sys
2008-03-30 20:44 --------- d-----w C:\Users\Rodina\AppData\Roaming\Vso
2008-03-30 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 20:43 --------- d-----w C:\Program Files\Atari
2008-03-30 20:30 --------- d-----w C:\Program Files\MAXON
2008-03-30 19:10 --------- d-----w C:\Program Files\Google
2008-03-30 12:41 --------- d-----w C:\Program Files\ICQToolbar
2008-03-13 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-03-02 12:05 --------- d-----w C:\Program Files\Microsoft Games
2008-02-29 18:12 --------- d-----w C:\Program Files\PowerISO
2008-02-25 18:21 --------- d-----w C:\Users\Rodina\AppData\Roaming\SampleView
2008-02-24 16:11 --------- d-----w C:\Program Files\Graffiti Studio 2.0
2008-02-24 14:50 --------- d-----w C:\Program Files\Graffiti Studio
2008-02-22 14:48 --------- d-----w C:\Program Files\Mobility Manager
2008-02-22 14:47 --------- d--h--w C:\Program Files\Zero G Registry
2008-02-22 09:17 737,280 ----a-w C:\Windows\iun6002.exe
2008-02-20 10:32 --------- d-----w C:\ProgramData\Symantec
2008-02-20 10:31 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-02-19 18:49 --------- d-----w C:\Users\Rodina\AppData\Roaming\InterVideo
2008-02-19 09:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 09:39 --------- d-----w C:\ProgramData\EPSON
2008-02-19 09:31 --------- d-----w C:\ProgramData\UDL
2008-02-19 09:30 --------- d-----w C:\Program Files\epson
2008-02-18 22:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-18 21:36 --------- d-----w C:\Users\Rodina\AppData\Roaming\ICQ Toolbar
2008-02-18 21:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-18 21:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-18 21:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-18 21:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-18 21:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-18 21:12 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-18 21:12 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-18 21:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-18 21:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-18 21:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-18 21:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-18 21:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-18 21:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-18 21:12 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-18 21:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-18 21:11 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-18 21:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-18 21:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-18 21:11 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-18 21:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-18 21:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-18 21:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-18 21:11 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-18 21:10 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-18 21:10 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-18 21:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-18 21:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-18 21:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-18 21:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-18 21:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 21:10 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-18 21:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-18 21:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-18 21:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-18 21:08 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-18 21:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-18 21:07 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-18 21:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 21:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-18 21:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-18 21:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 20:40 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-18 20:40 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-18 20:40 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-18 20:40 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-18 20:38 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-18 20:38 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-18 20:38 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-18 20:37 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-18 20:37 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-18 19:37 --------- d-----w C:\Users\Rodina\AppData\Roaming\ICQ
2008-02-18 19:37 --------- d-----w C:\Program Files\ICQ6
2008-02-18 19:34 --------- d-----w C:\Program Files\Alwil Software
2008-02-18 19:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-18 19:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-18 19:23 --------- d-----w C:\ProgramData\Skype
2008-02-18 19:23 --------- d-----w C:\Program Files\Skype
2008-02-18 19:23 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-18 16:12 --------- d-----w C:\Users\Rodina\AppData\Roaming\Hewlett-Packard
2008-02-18 15:59 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-18 15:57 --------- d-----w C:\Program Files\Broadcom
2008-02-18 15:56 --------- d-----w C:\Users\Rodina\AppData\Roaming\Hewlett Packard
2008-02-18 15:56 --------- d-----w C:\ProgramData\InstallShield
2008-02-18 15:56 --------- d-----w C:\Program Files\Macrovision Corp
2008-02-18 15:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-18 15:55 --------- d-----w C:\Program Files\InterVideo
2008-02-18 15:53 --------- d-----w C:\Users\Rodina\AppData\Roaming\InstallShield
2008-02-18 15:53 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-18 15:52 0 --sha-r C:\Windows\system32\drivers\103C_HP_bNB_530 Notebook PC(KD092AA#AKR)_Y5336AN_0U_QCND7490C14_E450767-025_4A_I30D5_SHP_V82.15_68MVU F.05_T071008_WV2-0_L41B_M1015_J120_7Intel_86EC_91.83_#071112_N80861068;80864222_(KD092AA#AKR)_XMOBILE_CN10_Z.MRK
2007-11-12 08:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-30 13:31 10240 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 23:08 1232896]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 14:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-12 09:43 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-12 19:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-12 19:33 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-12 19:33 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 23:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 02:12 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 19:12 71176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-12 12:03 77824]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 19:47 159744]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 09:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MobilityManager"="C:\Program Files\Mobility Manager\MobilityManager" [ ]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 04:24 184320]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-02-18 17:53:02 192512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F28650BB-EC6F-47D7-802D-2B4276F0AF35}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{7D7A9390-2243-4402-A1B6-70E16162DE24}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{776C285E-8AB1-49E3-BD88-7B2783B10DA4}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{C1EBE19E-732B-4C23-BEBC-1B67843A08FD}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7E976629-2307-4EB4-9D3B-5450BD0ED74C}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{99027228-2EA4-4ED9-A2D3-01286980C3EA}C:\\program files\\graffiti studio 2.0\\graffiti studio.exe"= UDP:C:\program files\graffiti studio 2.0\graffiti studio.exe:Macromedia Projector
"UDP Query User{949CAE57-0EEE-40D3-92AE-28655DC65BF6}C:\\program files\\graffiti studio 2.0\\graffiti studio.exe"= TCP:C:\program files\graffiti studio 2.0\graffiti studio.exe:Macromedia Projector
"TCP Query User{9B4C0754-BE21-44E3-A8B7-5127FED270C6}C:\\program files\\graffiti studio\\graffiti studio.exe"= UDP:C:\program files\graffiti studio\graffiti studio.exe:Macromedia Projector
"UDP Query User{8BFDA910-5DFB-4F0A-9315-0E247DC7522E}C:\\program files\\graffiti studio\\graffiti studio.exe"= TCP:C:\program files\graffiti studio\graffiti studio.exe:Macromedia Projector
"{D8ADEF04-2C8D-49C3-8F36-37C5CA27858C}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{0A843A58-0630-4E62-8795-FF834FD8C02A}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{833B33F9-3276-499C-882B-294EF3036115}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A1471306-3055-4F77-9726-337E0252EF14}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{15674951-52B0-4795-A944-A890FFE41904}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{EC63DE8D-B37C-4B6D-BBC4-CD4332EA2256}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{77CAB905-45DD-4403-B59C-8CC4A2D81CBC}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DC501C3C-503F-4061-AA72-9C4FFB4D85B3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 FMMService;FMMService;C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-04-10 18:08]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 04:44]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 14:39]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 ft1000;Flarion Flash OFDM wireless service;C:\Windows\system32\DRIVERS\ft100v.sys [2007-03-01 23:50]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 20:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49fa3c-de7f-11dc-bc4a-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 20:38:48 C:\Windows\Tasks\HPCeeScheduleForRodina.job"
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-04-02 16:00:10 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 19:57:22
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-02 19:58:34
ComboFix-quarantined-files.txt 2008-04-02 17:58:28
Pre-Run: 72,524,664,832 bytes free
Post-Run: 72,529,915,904 bytes free
.
2008-04-02 12:35:34 --- E O F ---
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1051.18.311 [GMT 2:00]
Running from: C:\Users\Rodina\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Rodina\AppData\Roaming\inst.exe
C:\Windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.
2008-04-02 18:35 . 2008-04-02 19:29 <DIR> d-------- C:\SDFix
2008-04-02 17:41 . 2008-04-02 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 15:12 . 2008-03-30 15:12 <DIR> d-------- C:\Windows\System32\Adobe
2008-03-30 15:04 . 2008-03-30 15:13 1,289 --a------ C:\Windows\mozver.dat
2008-03-30 13:31 . 2008-03-30 21:10 <DIR> d-------- C:\Windows\System32\375013
2008-03-30 13:30 . 2008-03-30 22:52 <DIR> d-------- C:\Program Files\NetProject
2008-03-28 18:14 . 2008-03-29 18:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\EPSON
2008-03-12 18:34 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 18:34 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-03 22:26 . 2008-03-03 22:26 <DIR> d-------- C:\Shoty
2008-03-03 18:08 . 2008-03-09 22:26 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\BitTorrent
2008-03-03 18:08 . 2008-03-03 18:08 <DIR> d-------- C:\Program Files\DNA
2008-03-02 14:38 . 2008-03-04 16:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\DAEMON Tools
2008-03-02 14:38 . 2008-03-02 14:41 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-02 14:32 . 2008-03-02 14:32 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\Users\Rodina\AppData\Roaming\Microsoft Games
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\Users\All Users\Microsoft Games
2008-03-02 14:10 . 2008-03-02 14:10 <DIR> d-------- C:\ProgramData\Microsoft Games
2008-03-02 13:46 . 2008-03-02 13:46 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-02 13:31 . 2008-03-02 13:31 <DIR> d-------- C:\Program Files\ScreenShots
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:47 --------- d-----w C:\Users\Rodina\AppData\Roaming\Skype
2008-04-02 16:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-02 15:06 --------- d-----w C:\Users\Rodina\AppData\Roaming\skypePM
2008-03-30 20:44 47,360 ----a-w C:\Users\Rodina\AppData\Roaming\pcouffin.sys
2008-03-30 20:44 --------- d-----w C:\Users\Rodina\AppData\Roaming\Vso
2008-03-30 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 20:43 --------- d-----w C:\Program Files\Atari
2008-03-30 20:30 --------- d-----w C:\Program Files\MAXON
2008-03-30 19:10 --------- d-----w C:\Program Files\Google
2008-03-30 12:41 --------- d-----w C:\Program Files\ICQToolbar
2008-03-13 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-03-02 12:05 --------- d-----w C:\Program Files\Microsoft Games
2008-02-29 18:12 --------- d-----w C:\Program Files\PowerISO
2008-02-25 18:21 --------- d-----w C:\Users\Rodina\AppData\Roaming\SampleView
2008-02-24 16:11 --------- d-----w C:\Program Files\Graffiti Studio 2.0
2008-02-24 14:50 --------- d-----w C:\Program Files\Graffiti Studio
2008-02-22 14:48 --------- d-----w C:\Program Files\Mobility Manager
2008-02-22 14:47 --------- d--h--w C:\Program Files\Zero G Registry
2008-02-22 09:17 737,280 ----a-w C:\Windows\iun6002.exe
2008-02-20 10:32 --------- d-----w C:\ProgramData\Symantec
2008-02-20 10:31 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-02-19 18:49 --------- d-----w C:\Users\Rodina\AppData\Roaming\InterVideo
2008-02-19 09:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 09:39 --------- d-----w C:\ProgramData\EPSON
2008-02-19 09:31 --------- d-----w C:\ProgramData\UDL
2008-02-19 09:30 --------- d-----w C:\Program Files\epson
2008-02-18 22:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-18 21:36 --------- d-----w C:\Users\Rodina\AppData\Roaming\ICQ Toolbar
2008-02-18 21:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-18 21:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-18 21:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-02-18 21:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-02-18 21:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-18 21:12 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-02-18 21:12 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-02-18 21:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-18 21:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-18 21:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-18 21:12 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-18 21:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-18 21:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-18 21:12 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-18 21:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-18 21:11 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-18 21:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-18 21:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-18 21:11 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-18 21:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-18 21:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-18 21:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-18 21:11 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-18 21:10 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-02-18 21:10 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-02-18 21:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-18 21:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-18 21:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-18 21:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-18 21:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 21:10 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-18 21:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-18 21:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-18 21:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-18 21:08 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-18 21:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-18 21:07 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-02-18 21:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 21:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-18 21:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-18 21:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 20:40 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-18 20:40 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-18 20:40 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-18 20:40 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-18 20:38 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-18 20:38 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-18 20:38 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-18 20:37 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-18 20:37 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-18 19:37 --------- d-----w C:\Users\Rodina\AppData\Roaming\ICQ
2008-02-18 19:37 --------- d-----w C:\Program Files\ICQ6
2008-02-18 19:34 --------- d-----w C:\Program Files\Alwil Software
2008-02-18 19:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-18 19:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-18 19:23 --------- d-----w C:\ProgramData\Skype
2008-02-18 19:23 --------- d-----w C:\Program Files\Skype
2008-02-18 19:23 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-18 16:12 --------- d-----w C:\Users\Rodina\AppData\Roaming\Hewlett-Packard
2008-02-18 15:59 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-18 15:57 --------- d-----w C:\Program Files\Broadcom
2008-02-18 15:56 --------- d-----w C:\Users\Rodina\AppData\Roaming\Hewlett Packard
2008-02-18 15:56 --------- d-----w C:\ProgramData\InstallShield
2008-02-18 15:56 --------- d-----w C:\Program Files\Macrovision Corp
2008-02-18 15:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-18 15:55 --------- d-----w C:\Program Files\InterVideo
2008-02-18 15:53 --------- d-----w C:\Users\Rodina\AppData\Roaming\InstallShield
2008-02-18 15:53 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-18 15:52 0 --sha-r C:\Windows\system32\drivers\103C_HP_bNB_530 Notebook PC(KD092AA#AKR)_Y5336AN_0U_QCND7490C14_E450767-025_4A_I30D5_SHP_V82.15_68MVU F.05_T071008_WV2-0_L41B_M1015_J120_7Intel_86EC_91.83_#071112_N80861068;80864222_(KD092AA#AKR)_XMOBILE_CN10_Z.MRK
2007-11-12 08:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-30 13:31 10240 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-18 23:08 1232896]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 14:05 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-12 09:43 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-12 19:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-12 19:33 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-12 19:33 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 23:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 02:12 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 19:12 71176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-12 12:03 77824]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 19:47 159744]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 09:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MobilityManager"="C:\Program Files\Mobility Manager\MobilityManager" [ ]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 04:24 184320]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-02-18 17:53:02 192512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F28650BB-EC6F-47D7-802D-2B4276F0AF35}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{7D7A9390-2243-4402-A1B6-70E16162DE24}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{776C285E-8AB1-49E3-BD88-7B2783B10DA4}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{C1EBE19E-732B-4C23-BEBC-1B67843A08FD}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7E976629-2307-4EB4-9D3B-5450BD0ED74C}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{99027228-2EA4-4ED9-A2D3-01286980C3EA}C:\\program files\\graffiti studio 2.0\\graffiti studio.exe"= UDP:C:\program files\graffiti studio 2.0\graffiti studio.exe:Macromedia Projector
"UDP Query User{949CAE57-0EEE-40D3-92AE-28655DC65BF6}C:\\program files\\graffiti studio 2.0\\graffiti studio.exe"= TCP:C:\program files\graffiti studio 2.0\graffiti studio.exe:Macromedia Projector
"TCP Query User{9B4C0754-BE21-44E3-A8B7-5127FED270C6}C:\\program files\\graffiti studio\\graffiti studio.exe"= UDP:C:\program files\graffiti studio\graffiti studio.exe:Macromedia Projector
"UDP Query User{8BFDA910-5DFB-4F0A-9315-0E247DC7522E}C:\\program files\\graffiti studio\\graffiti studio.exe"= TCP:C:\program files\graffiti studio\graffiti studio.exe:Macromedia Projector
"{D8ADEF04-2C8D-49C3-8F36-37C5CA27858C}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{0A843A58-0630-4E62-8795-FF834FD8C02A}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{833B33F9-3276-499C-882B-294EF3036115}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A1471306-3055-4F77-9726-337E0252EF14}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{15674951-52B0-4795-A944-A890FFE41904}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{EC63DE8D-B37C-4B6D-BBC4-CD4332EA2256}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{77CAB905-45DD-4403-B59C-8CC4A2D81CBC}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DC501C3C-503F-4061-AA72-9C4FFB4D85B3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 FMMService;FMMService;C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-04-10 18:08]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 04:44]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 14:39]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 ft1000;Flarion Flash OFDM wireless service;C:\Windows\system32\DRIVERS\ft100v.sys [2007-03-01 23:50]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 20:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49fa3c-de7f-11dc-bc4a-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 20:38:48 C:\Windows\Tasks\HPCeeScheduleForRodina.job"
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-04-02 16:00:10 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 19:57:22
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-02 19:58:34
ComboFix-quarantined-files.txt 2008-04-02 17:58:28
Pre-Run: 72,524,664,832 bytes free
Post-Run: 72,529,915,904 bytes free
.
2008-04-02 12:35:34 --- E O F ---
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 03 dub 2008 14:26
uz mi to tu neviskakuje ale v IE mam nastavenu domovsku stranku a vzdy mi to otvori daky http://asecureforum.com/ ale predtym sa ma pyta daco a mam moznosti OK alebo zrusit.vzdy dam zrusit a mozem pokracovat ale nechcem to tam.
Re: mam na Viste system alert:trojan-spy.win32@mx a newjem ako t
Napsal: 03 dub 2008 14:39
Vlož sem nový log z ComboFix.