Prosím o kotrolu... Podozrenie na virus Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 10 črc 2009 21:24

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Pak udělej ten script CF a vlož sem z něj log.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod Kobra.svk » 10 črc 2009 22:24

ktory script?? ten posledny s reader_s.exe??

Malwarebytes' Anti-Malware 1.38
Database version: 2403
Windows 5.1.2600 Service Pack 2

10.7.2009 22:22:08
mbam-log-2009-07-10 (22-22-08).txt

Scan type: Quick Scan
Objects scanned: 100983
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (Pup.BitSpirit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 11 črc 2009 09:18

Jo , přesně ten a potom log z CF.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod Kobra.svk » 11 črc 2009 16:32

ComboFix 09-07-09.02 - Kobra 11.07.2009 16:10.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1791.1236 [GMT 2:00]
Running from: c:\documents and settings\Kobra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kobra\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\DeathMaker\reader_s.exe"
.

((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 14:15 . 2009-07-11 14:15 -------- d-----w- c:\windows\LastGood
2009-07-11 12:49 . 2009-07-11 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-11 12:20 . 2009-07-11 12:20 -------- d-----w- c:\program files\Alcohol Soft
2009-07-11 12:16 . 2009-07-11 12:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-10 17:00 . 2009-07-10 17:00 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-09 18:38 . 2009-07-07 12:49 34304 ----a-w- c:\windows\system32\svchost.exe
2009-07-08 19:55 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-08 18:44 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-08 18:44 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-08 18:44 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-08 18:44 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-08 18:44 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-08 18:44 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-08 18:44 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-08 18:44 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-08 18:43 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-08 18:43 . 2004-08-03 22:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-08 18:43 . 2004-08-03 20:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-08 18:42 . 2004-08-03 21:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-07-08 18:42 . 2004-08-03 20:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-07-08 18:42 . 2001-08-17 10:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-07-08 18:42 . 2001-08-17 11:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-07-08 18:42 . 2001-08-17 20:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-07-08 18:42 . 2001-08-17 20:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-07-08 18:42 . 2001-08-17 11:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-07-08 18:42 . 2004-08-03 20:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-07-08 18:42 . 2001-08-17 10:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-07-08 18:40 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-07-08 18:39 . 2001-08-17 20:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-07-08 18:38 . 2001-08-17 11:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-07-08 18:37 . 2001-08-17 10:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-07-08 18:37 . 2001-08-17 20:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-07-08 18:37 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-07-08 18:37 . 2001-08-17 20:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-07-08 18:37 . 2001-08-17 11:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-07-08 18:37 . 2001-08-17 12:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-07-08 18:35 . 2001-08-17 12:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2009-07-08 18:34 . 2001-08-17 11:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-07-08 18:34 . 2001-08-17 11:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-07-08 18:34 . 2001-08-17 11:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-07-08 18:34 . 2001-08-17 11:53 10880 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-07-08 18:34 . 2001-08-17 11:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-07-08 18:34 . 2001-08-17 11:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-07-08 18:34 . 2001-08-17 11:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-07-08 18:29 . 2009-07-07 14:36 121344 ----a-w- c:\windows\system32\schtasks.exe
2009-07-08 18:29 . 2001-08-17 11:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-07-08 18:29 . 2001-08-17 11:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-07-08 18:29 . 2004-08-03 20:59 43136 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-07-08 18:29 . 2001-08-17 20:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2009-07-08 18:29 . 2001-08-17 10:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-07-08 18:27 . 2001-08-17 20:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-07-08 18:27 . 2001-08-17 10:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-07-08 18:27 . 2004-08-03 20:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-07-08 18:27 . 2001-08-17 10:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-07-08 18:27 . 2001-08-17 20:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-07-08 18:25 . 2001-08-17 11:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-07-08 18:25 . 2001-08-17 11:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-07-08 18:25 . 2001-08-17 11:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-07-08 18:25 . 2001-08-17 20:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-07-08 18:25 . 2001-08-17 11:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-07-08 18:25 . 2001-08-17 11:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-07-08 18:25 . 2001-08-17 11:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2009-07-08 18:25 . 2001-08-17 11:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-07-08 18:25 . 2001-08-17 11:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2009-07-08 18:25 . 2001-08-17 11:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2009-07-08 18:25 . 2004-08-03 21:00 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2009-07-08 18:24 . 2001-08-17 11:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2009-07-08 18:24 . 2001-08-17 11:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2009-07-08 18:24 . 2001-08-17 11:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2009-07-08 18:24 . 2004-08-03 22:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-08 18:24 . 2001-08-17 20:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2009-07-08 18:24 . 2001-08-17 20:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2009-07-08 18:24 . 2004-08-03 22:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-07-08 18:24 . 2001-08-17 11:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2009-07-08 18:24 . 2004-08-03 21:00 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2009-07-08 18:24 . 2001-08-17 11:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2009-07-08 18:24 . 2001-08-17 11:53 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2009-07-08 18:23 . 2001-08-17 11:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-07-08 18:23 . 2001-08-17 20:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-07-08 18:23 . 2001-08-17 12:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2009-07-08 18:23 . 2001-08-17 12:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2009-07-08 18:23 . 2001-08-17 12:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2009-07-08 18:23 . 2001-08-17 20:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2009-07-08 18:23 . 2001-08-17 12:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2009-07-08 18:23 . 2004-08-03 22:56 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2009-07-08 18:23 . 2004-08-03 22:56 211712 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2009-07-08 18:23 . 2004-08-03 21:06 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2009-07-08 18:23 . 2004-08-03 21:06 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2009-07-08 18:21 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-07-08 18:21 . 2001-08-17 10:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-07-08 18:20 . 2001-08-17 10:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-07-08 18:20 . 2001-08-17 11:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-07-08 18:20 . 2001-08-17 11:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-07-08 18:20 . 2004-08-03 21:00 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-07-08 18:20 . 2001-08-17 10:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-07-08 18:20 . 2001-08-17 10:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-07-08 18:19 . 2001-08-17 10:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-07-08 18:19 . 2004-08-03 20:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-07-08 18:19 . 2001-08-17 10:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-07-08 18:17 . 2001-08-17 10:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-07-08 18:17 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-08 18:17 . 2004-08-03 21:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-07-08 18:17 . 2001-08-17 11:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-07-08 18:16 . 2001-08-17 12:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-07-08 18:16 . 2004-08-03 21:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-07-08 18:16 . 2001-08-17 12:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-07-08 18:15 . 2001-08-17 11:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-07-08 18:15 . 2004-08-03 21:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-07-08 18:15 . 2001-08-17 11:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-07-08 18:14 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-07-08 18:14 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-07-08 18:13 . 2001-08-17 11:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-07-08 18:12 . 2001-08-17 12:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-07-08 18:12 . 2001-08-17 10:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-07-08 18:12 . 2004-08-03 21:00 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-07-08 18:12 . 2001-08-17 20:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-07-08 18:12 . 2001-08-17 11:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-07-08 18:12 . 2001-08-17 10:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-07-08 18:12 . 2001-08-17 11:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2009-07-08 18:12 . 2001-08-17 20:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2009-07-08 18:12 . 2001-08-17 10:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2009-07-08 18:12 . 2001-08-17 20:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2009-07-08 18:12 . 2001-08-17 10:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2009-07-08 18:11 . 2004-08-03 20:39 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2009-07-08 18:11 . 2001-08-17 11:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 12:22 . 2009-05-13 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 12:16 . 2009-05-17 15:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-11 10:42 . 2009-05-13 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-11 10:42 . 2009-05-13 14:11 3316 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-07-11 08:46 . 2009-05-13 19:07 -------- d-----w- c:\program files\QIP Infium
2009-07-10 20:32 . 2009-05-13 15:28 -------- d-----w- c:\documents and settings\Kobra\Application Data\Xfire
2009-07-10 18:49 . 2009-05-23 19:27 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-10 18:49 . 2009-05-23 19:27 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-09 15:29 . 2009-05-13 15:28 -------- d-----w- c:\program files\Xfire
2009-07-08 18:05 . 2009-05-30 18:11 139152 ----a-w- c:\documents and settings\Kobra\Application Data\PnkBstrK.sys
2009-07-08 18:05 . 2009-05-30 18:11 139152 ----a-w- c:\documents and settings\Kobra\Application Data\PnkBstrK.sys
2009-07-08 18:04 . 2009-05-23 19:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-08 18:04 . 2009-07-08 18:04 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-08 16:28 . 2009-05-27 19:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 16:28 . 2009-05-27 19:21 -------- d-----w- c:\documents and settings\Kobra\Application Data\SUPERAntiSpyware.com
2009-07-07 14:40 . 2009-05-13 14:07 358400 ----a-w- c:\windows\system32\wbem\wmic.exe
2009-07-07 14:40 . 2009-05-13 14:08 196096 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2009-07-07 14:40 . 2009-05-13 14:08 115712 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-07-07 14:40 . 2009-05-13 14:08 36352 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-07-07 14:40 . 2009-05-13 14:07 15872 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-07-07 14:37 . 2001-08-23 12:00 30208 ----a-w- c:\windows\system32\xcopy.exe
2009-07-07 14:37 . 2006-09-28 16:56 145920 ----a-w- c:\windows\system32\WudfHost.exe
2009-07-07 14:37 . 2009-05-13 14:41 165376 ----a-w- c:\windows\system32\wuauclt1.exe
2009-07-07 14:37 . 2009-05-13 14:41 13312 ----a-w- c:\windows\system32\wscntfy.exe
2009-07-07 14:37 . 2001-08-23 12:00 114688 ----a-w- c:\windows\system32\wscript.exe
2009-07-07 14:37 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\wpnpinst.exe
2009-07-07 14:37 . 2006-10-18 18:00 16896 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2009-07-07 14:37 . 2001-08-23 12:00 31744 ----a-w- c:\windows\system32\wpabaln.exe
2009-07-07 14:37 . 2002-08-29 03:41 77824 ----a-w- c:\windows\system32\wmpstub.exe
2009-07-07 14:37 . 2002-08-29 03:41 171008 ----a-w- c:\windows\system32\wjview.exe
2009-07-07 14:37 . 2006-10-26 11:45 292864 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-07-07 14:37 . 2001-08-23 12:00 5120 ----a-w- c:\windows\system32\winver.exe
2009-07-07 14:35 . 2009-05-13 14:08 13312 ----a-w- c:\windows\system32\rdsaddin.exe
2009-07-07 14:34 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\logman.exe
2009-07-07 14:33 . 2001-08-23 12:00 98304 ----a-w- c:\windows\system32\cscript.exe
2009-07-07 14:22 . 2009-05-13 14:10 150016 ----a-w- c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe
2009-07-07 14:22 . 2009-05-13 14:09 18432 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
2009-07-07 14:22 . 2009-05-13 14:09 157696 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
2009-07-07 14:21 . 2009-05-13 14:09 743424 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2009-07-07 14:21 . 2009-05-13 14:09 768000 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
2009-07-07 14:06 . 2002-08-29 03:41 283136 ----a-w- c:\windows\winhlp32.exe
2009-07-07 14:06 . 2009-05-13 14:31 577536 ----a-w- c:\windows\soundman.exe
2009-07-07 14:06 . 2009-05-22 06:52 45568 ----a-w- c:\windows\setdebug.exe
2009-07-07 14:06 . 2009-05-13 16:00 68608 ----a-w- c:\windows\notepad.exe
2009-07-07 14:06 . 2002-08-29 03:41 145920 ----a-w- c:\windows\regedit.exe
2009-07-07 14:05 . 2009-05-13 14:30 306176 ----a-w- c:\windows\IsUninst.exe
2009-07-07 14:05 . 2002-08-29 03:41 10240 ----a-w- c:\windows\hh.exe
2009-07-07 14:05 . 2009-05-13 14:31 315392 ----a-w- c:\windows\alcupd.exe
2009-07-07 14:05 . 2009-05-13 14:31 217088 ----a-w- c:\windows\Alcrmv.exe
2009-07-07 13:04 . 2009-05-13 14:58 36352 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiinst.exe
2009-07-07 13:03 . 2009-05-13 14:58 82944 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiexec.exe
2009-07-07 12:48 . 2001-08-23 12:00 224256 ----a-w- c:\windows\system32\dmadmin.exe
2009-07-07 12:48 . 2002-08-29 03:41 35328 ----a-w- c:\windows\system32\ctfmon.exe
2009-07-07 12:48 . 2001-08-23 12:00 5120 ----a-w- c:\windows\system32\cisvc.exe
2009-07-07 12:48 . 2001-08-23 12:00 388096 ----a-w- c:\windows\system32\cmd.exe
2009-07-07 12:48 . 2001-08-23 12:00 32768 ----a-w- c:\windows\system32\clipsrv.exe
2009-07-07 12:48 . 2009-05-13 14:24 593920 ----a-w- c:\windows\system32\ati2sgag.exe
2009-07-07 12:48 . 2009-02-25 21:27 622592 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-07 12:48 . 2002-08-29 03:41 44032 ----a-w- c:\windows\system32\alg.exe
2009-07-07 12:48 . 2002-08-29 03:41 1053184 ----a-w- c:\windows\explorer.exe
2009-07-05 18:25 . 2002-08-29 02:09 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-05 17:21 . 2009-05-13 16:36 -------- d-----w- c:\documents and settings\Kobra\Application Data\HLSW
2009-07-05 11:57 . 2009-05-13 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-03 19:08 . 2009-06-01 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-03 16:56 . 2009-07-03 16:56 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-02 19:45 . 2009-05-23 18:44 -------- d-----w- c:\documents and settings\Kobra\Application Data\teamspeak2
2009-06-28 18:59 . 2009-05-13 15:28 -------- d-----w- c:\program files\mIRC
2009-06-23 17:13 . 2009-05-18 19:18 -------- d-----w- c:\program files\CENZURA
2009-06-15 12:29 . 2009-05-13 16:48 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-13 13:23 . 2009-05-14 19:48 25304 ----a-w- c:\documents and settings\OCINO a MAMINA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 22:40 . 2009-06-09 09:04 -------- d-----w- c:\documents and settings\Kobra\Application Data\TeamViewer
2009-06-11 20:51 . 2009-06-09 09:03 -------- d-----w- c:\program files\TeamViewer
2009-06-11 11:23 . 2009-05-13 14:47 25304 ----a-w- c:\documents and settings\Kobra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 11:10 . 2009-05-13 15:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-11 11:04 . 2009-06-11 11:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 09:06 . 2009-05-22 11:06 -------- d-----w- c:\program files\MDM
2009-06-11 08:59 . 2009-05-13 15:38 -------- d-----w- c:\program files\Winamp
2009-06-11 08:57 . 2009-05-13 16:37 -------- d-----w- c:\program files\CCleaner
2009-06-11 08:48 . 2009-06-11 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-11 08:42 . 2009-06-09 07:44 -------- d-----w- c:\documents and settings\Kobra\Application Data\Download Manager
2009-06-10 21:10 . 2009-06-10 21:10 -------- d-----w- c:\program files\Adobe Media Player
2009-06-10 21:08 . 2009-06-10 21:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-10 08:38 . 2009-05-13 16:33 -------- d-----w- c:\documents and settings\Kobra\Application Data\Nero
2009-06-09 14:28 . 2009-06-09 14:27 -------- d-----w- c:\program files\Common Files\Lingea Shared
2009-06-09 14:27 . 2009-05-13 17:36 -------- d-----w- c:\program files\Lingea
2009-06-06 15:30 . 2009-06-06 15:30 -------- d-----w- c:\documents and settings\OCINO a MAMINA\Application Data\Uniblue
2009-06-01 17:27 . 2009-06-01 17:27 -------- d-----w- c:\program files\Realtek AC97
2009-06-01 17:15 . 2009-06-01 17:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-01 15:48 . 2009-06-01 15:48 -------- d-s---w- c:\program files\HLSW
2009-05-31 09:11 . 2009-05-29 22:39 -------- d-----w- c:\program files\Mouse Meter
2009-05-30 20:20 . 2009-05-13 14:31 -------- d-----w- c:\program files\AvRack
2009-05-30 16:34 . 2009-05-30 16:34 -------- d-----w- c:\documents and settings\Kobra\Application Data\Allstar
2009-05-30 15:39 . 2009-05-22 07:29 -------- d-----w- c:\documents and settings\Kobra\Application Data\Hamachi
2009-05-28 20:11 . 2009-05-28 20:11 -------- d-----w- c:\program files\PHM
2009-05-28 19:00 . 2009-05-28 19:00 -------- d-----w- c:\documents and settings\Kobra\Application Data\DAEMON Tools Lite
2009-05-27 20:34 . 2009-05-27 20:34 -------- d-----w- c:\program files\Trend Micro
2009-05-27 19:21 . 2009-05-27 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-25 15:44 . 2009-05-25 15:44 -------- d-----w- c:\program files\Apple Software Update
2009-05-25 15:44 . 2009-05-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-23 20:41 . 2009-05-23 20:41 -------- d-----w- c:\documents and settings\Kobra\Application Data\GRETECH
.

------- Sigcheck -------

[-] 2009-07-07 14:12 12288 1818574CBB0E68B92D58F61F2E8ED682 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2009-07-07 14:27 13824 32A3229A36F4E4E060F68E1D449FF1E3 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2009-07-07 14:32 13824 C671E95E5AA0C6DA18CED026AC35816F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2009-07-07 12:49 34304 !HASH: ERROR_LOCK_VIOLATION ! c:\windows\system32\svchost.exe

[-] 2002-08-29 02:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2009-07-05 18:25 212480 !HASH: ERROR_LOCK_VIOLATION ! c:\windows\system32\drivers\ndis.sys

[-] 2009-07-07 12:48 1053184 168A73337570929D4822AC8B6AFD488F c:\windows\explorer.exe
[-] 2009-07-07 14:07 1032704 844447E99055FB7FE06CC40E3FD0F15E c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2009-07-07 14:09 1003520 7A2771E15EC77BBEDA6856176B7CAC9C c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2009-07-07 14:30 1033216 ABFE3E7F54CC1655134C545BF1250E94 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe

[-] 2009-07-07 14:09 12800 C147D23BF89C31212D5A185ADFFEBD00 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2009-07-07 14:23 14848 0D38ED7D6A82D69315BC306728647F76 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-07-07 14:29 14848 9ADAB7F23FDAAB4639005B2C701FD08D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2009-07-07 12:48 35328 7E08BB5A4B4BB601579F4F37E69569C4 c:\windows\system32\ctfmon.exe

[-] 2009-07-07 14:12 21504 B796BD51CF01C72E66A7FA1B7E21C6E9 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2009-07-07 14:28 24064 655353AC4DB3575C97ABEB8D5E738964 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-07-07 14:32 25600 49714C9364E8B2365CF50990DA79D6E4 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2009-07-07 12:49 24064 655353AC4DB3575C97ABEB8D5E738964 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 14:14 . 2009-07-11 14:14 16384 c:\windows\temp\Perflib_Perfdata_54c.dat
+ 2009-07-05 12:33 . 2009-06-17 09:27 38160 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-07-05 12:33 . 2009-06-17 09:27 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-07-09 18:28 . 2009-07-09 19:18 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{48D151C1-6CB6-11DE-9B98-0011D8AD3AAF}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-07 35328]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-07-07 196608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2009-07-07 35328]

c:\documents and settings\Kobra\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-2 3190096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:6d2e01c8

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\KONAMI\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\RapGet Downloads\\GRemoteServer.exe"=
"c:\\Program Files\\GBM\\GRemote Pro\\GRemoteServer.exe"=
"d:\\Warcraft III demon craft\\Demon Craft\\Warcraft III.exe"=
"d:\\Program Files\\NAMCO BANDAI Games\\Mage Knight(TM) Apocalypse\\GameServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [13.5.2009 16:31 77312]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.6.2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [9.7.2009 20:38 34304]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 7408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 11:12 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kobra\Application Data\Mozilla\Firefox\Profiles\61ndr1x4.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\documents and settings\Kobra\Application Data\Mozilla\Firefox\Profiles\61ndr1x4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 16:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,0a,7d,bc,13,3c,4f,40,8b,75,1c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,07,0a,7d,bc,13,3c,4f,40,8b,75,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\WININET.dll
c:\program files\Xfire\xfire_toucan_37857.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\OLD23F.tmpe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\ICQ6.5\ICQ.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Razer\Habu\razertra.exe
c:\program files\Razer\Habu\razerofa.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-07-11 16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 14:19
ComboFix2.txt 2009-07-10 16:57
ComboFix3.txt 2009-07-09 18:38

Pre-Run: 1 411 411 968 bytes free
Post-Run: 1 390 170 112 bytes free

474 --- E O F --- 2009-07-09 15:32
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 11 črc 2009 18:51

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe
c:\windows\system32\OLD23F.tmpe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
***************************************************************************************************************************************
Toto otestuj na Virustotal
c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiinst.exe
2009-07-07 13:03 . 2009-05-13 14:58 82944 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiexec.exe
c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
c:\windows\system32\ctfmon.exe
c:\program files\Razer\Habu\razerhid.exe
c:\windows\system32\webcheck.dll
Vlož sem pak odkazy výsledků.
*****************************************************************************************************************************************
vlož nový log z HJT.


Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

-Ve vistě musíš prohlížeč otevřít jako administrátor. K užití skeneru je třeba stáhnout a nainstalovat programové soubory a databázi.
-V Linuxu skener neskenuje RAM, boot. sektor a MBR, takže nemůže detekovat nákazy v těchto místech.
-Skener detekuje nákazy, které jsou již v PC, takže se potom dají manuálně smazat.
-Před skenem je vhodné vypnout rez. ochranu antiviru a antispywaru.
Klikni na Accept, k potvrzení podmínek.
Pokud se Ti objeví okno zabezpečení prostředí java- dej přijmout.
- Začne se stahovat databáze a program.
- Po jeho skončení klikni vlevo na pod Scan na My computer
Začne sken Tvého PC.
Sken může trvat i několik hodin.. Po ukončení skenu klikni na Scan Report.
Poté zvol Save a název zvol: KAV.
Obsah mi sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod Kobra.svk » 12 črc 2009 13:42

OTM:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\OLD23F.tmpe not found.
File/Folder c:\windows\system32\OLD23F.tmpe not found.
File/Folder c:\windows\system32\OLD23F.tmpe not found.
File/Folder c:\windows\system32\OLD23F.tmpe not found.
File/Folder c:\windows\system32\OLD23F.tmpe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: DeathMaker

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kobra
->Temp folder emptied: 52485582 bytes
->Temporary Internet Files folder emptied: 2107700 bytes
->Java cache emptied: 127535 bytes
->FireFox cache emptied: 124891488 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: OCINO a MAMINA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 66015388 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234,33 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07122009_132501

Files moved on Reboot...

Registry entries deleted on Reboot...

subory otestovane na virustotla...podla poradia..
http://www.virustotal.com/cs/analisis/887c08feadd5c05e2124cda13c0a92a4cc6c1453b7523e381f605ab92f6a4955-1247398695

http://www.virustotal.com/cs/analisis/6b750554303fa5633aee26cf12e07692cb5eaebf3bf5236e9ac7e652971ac970-1247398728

http://www.virustotal.com/cs/analisis/97cd31598a95baf227bd4763ae721dcbf2e7bbb951e95f33b56c94c3b1d7cf4a-1247398749

http://www.virustotal.com/cs/analisis/6693f1637e58a7f414f784e9f6a7f72883f4d8bbdc2d19b7d224750b5c8bd1a1-1247398761

http://www.virustotal.com/cs/analisis/ac3855949ce53f62fe1352ecb1b432c37dfec4dc4321e32411c44b7da1b6a998-1247398781

http://www.virustotal.com/cs/analisis/6319c0580ffda989a2726814667c330f6a5c864d34b8c87645dd5a98e7a2c7fb-1247398795

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:45, on 12.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6016 bytes
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 12 črc 2009 15:19

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


Virus Total , nedělal jsi něco špatně ? Máš tam ty soubory? Musíš mít povoleno zobrazování skrytých souborů a složek
Nástroje -možnosti složky-zobrazení a též odejmout zatržítko u : skrýt chráněné soubory oper. systému.

Kaspersky jsi provedl?
Jak se chová comp , hlášky?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod Kobra.svk » 12 črc 2009 15:41

kaspersky prave fici teraz (nieco nasiel zatial) a na virus total tie subory odoslalo......hmm tomu nechapem...normalne mi to hodilo vysledky ale trz ked kliknem na odkaz tak napise ze subor neexistuje......to je divne...no nic...ked skonci kaspersky tak to dam znovu cheknut

tu je log z kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 12, 2009 10:32:53
Records in database: 2462534
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 98291
Threat name: 2
Infected objects: 53
Suspicious objects: 0
Duration of the scan: 02:28:40


File name / Threat name / Threats count
C:\Program Files\ICQ6.5\services\icqXtraz\ver1\content\contact_list\index_ga.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\Program Files\ICQ6.5\services\icqXtraz\ver1\content\contact_list\main_ga.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\Program Files\ICQ6.5\services\icqXtraz\ver1\content\contact_list\preload.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\Program Files\Mozilla Firefox\res\hiddenWindow.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\error.aspx Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EU5XCX65\default[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FZDKJBCR\default[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FZDKJBCR\im[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\01[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\01[2].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\default[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\default[2].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\im[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UVGT8X8S\ToastMini[1].htm Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\RapGet Downloads\Plugins_SV9.rar Infected: not-a-virus:AdWare.Win32.EShoper.am 1
D:\Test Site\beez\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\component.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\css\DESIGN_CSS_IMAGES\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\html\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\images\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\J_CSS_Designer.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\component.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\css\DESIGN_CSS_IMAGES\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\html\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\images\header.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\images\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\images\new_age.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\images\Návrh-Webu---New-Age-maximum.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\images\Návrh-Webu---New-Age.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\New_Age\J_CSS_Designer.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\component.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\css\DESIGN_CSS_IMAGES\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\html\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\images\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\Pokus\J_CSS_Designer.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\rhuk_milkyway\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\rhuk_milkyway\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\component.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\css\DESIGN_CSS_IMAGES\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\html\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\images\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\index.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\Test Site\skusam\J_CSS_Designer.html Infected: Trojan-Clicker.HTML.IFrame.ait 1
D:\WEB\simply\index.php Infected: Trojan-Clicker.HTML.IFrame.ait 1

The selected area was scanned.

znova vysledky z virustotal:

http://www.virustotal.com/cs/analisis/887c08feadd5c05e2124cda13c0a92a4cc6c1453b7523e381f605ab92f6a4955-1247411478
http://www.virustotal.com/cs/analisis/6b750554303fa5633aee26cf12e07692cb5eaebf3bf5236e9ac7e652971ac970-1247411711
http://www.virustotal.com/cs/analisis/97cd31598a95baf227bd4763ae721dcbf2e7bbb951e95f33b56c94c3b1d7cf4a-1247411914
http://www.virustotal.com/cs/analisis/6693f1637e58a7f414f784e9f6a7f72883f4d8bbdc2d19b7d224750b5c8bd1a1-1247412444
http://www.virustotal.com/cs/analisis/ac3855949ce53f62fe1352ecb1b432c37dfec4dc4321e32411c44b7da1b6a998-1247412713
http://www.virustotal.com/cs/analisis/6319c0580ffda989a2726814667c330f6a5c864d34b8c87645dd5a98e7a2c7fb-1247412973
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 12 črc 2009 18:11

Vše , co našel Kaspersky ( soubory) smaž.

Odkaz odkazuje jen poslední. Když dáváš odkaz , musíš počkat ,až je sken všech antivirů hotov , objeví se např.0/38 atd. , pak stránku(adresu) zkopíruj a vlož sem .

Jak se chová comp , hlášky?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod Kobra.svk » 12 črc 2009 19:22

co nasiel kaspersky som zmazal... a pockal som az kym to uplne skonci...dokonca som aj skusil odkaz ci funguje a normalne mi link nabehol, nemaze sa to nahodou po nejakom case ked sa na ten link nikto nepozrie??...a comp sa chova normalne...ale obcas sa mi stane ako keby sa mys odpojila a znova zapojila....
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kotrolu... Podozrenie na virus

Příspěvekod jaro3 » 12 črc 2009 19:38

Je to tak ,ten log se musí uložit : soubor -uložit jako...
Snad je to tedy vše. Zkus ovladač myši přeinstalovat.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Kobra.svk
Level 2
Level 2
Příspěvky: 219
Registrován: leden 08
Bydliště: Pezinok
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Kobra.svk

Re: Prosím o kotrolu... Podozrenie na virus  Vyřešeno

Příspěvekod Kobra.svk » 13 črc 2009 19:06

snad to bude naozaj vsetko...keby nieco tak sa este ozvem =) Diki za cas ktory si stravil pri mne a mojom pc =)) este raz THX =) ak budes nieco potrebovat tak sa ozvi =)
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 116 hostů