KONTROLA LOGU

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 12:52

Nazdar, Chcel by som Vás poprosi o kontrolu logu z MWAV. to druhe okno po skončení som skopíroval, ale je tam strašne veľa vecí, že mi to tu ani nevojde. Preto som to dal do wordu na edisk.cz
Prosím môžete sa nato niekto pozrieť. Nemám s prispievaním to týchto tém veľa skúsenosti, takže ak som niečo zle napísal, resp. urobil tak sory.

http://www.edisk.sk/stahni/01153/Invali ... 0.5KB.html

Ďakujem

Reklama

Příspěvekod **jaro3** » 02 dub 2009 13:12

Vlož log z hJT:
viewtopic.php?f=70&t=5119

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 13:23

Zdar
tu je log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:27, on 2.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adx.allstar.cz/adclick.php?banne ... remium.asp
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translaotr\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translaotr\WEBIE.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9294 bytes

Příspěvekod **jaro3** » 02 dub 2009 13:28

To je síla...

Krok 1*
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Krok 2*
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

EDIT ty stáhnuté ( domnívám se) soubory:
C:\Program Files\Totalcmd\patch.exe
D:\Games\bowling.pps
D:\Games\mravenci_ants.zip
D:\HESLA.doc
D:\Hry.xls
D:\treeinfo.wc
D:\utorrent.exe
D:\Výkres1.dwg
můžeš smazat.

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 14:15

Dr pri expresnej kontrole nič nenasiel.
A výpis z logu Malwarebytes' Anti-Malware je tu

Malwarebytes' Anti-Malware 1.35
Verzia databázy: 1932
Windows 5.1.2600 Service Pack 3

2.4.2009 14:11:32
mbam-log-2009-04-02 (14-11-28).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 79862
Uplynutý cas: 1 minute(s), 56 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 9
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\CLSID\{08165ea0-e946-11cf-9c87-00aa005127ed} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7d559c10-9fe9-11d0-93f7-00aa0059ce02} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7fc0b86e-5fa7-11d1-bc7c-00c04fd929db} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{abbe31d0-6dae-11d0-beca-00c04fd940be} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f5175861-2688-11d0-9c5e-00aa00a45957} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d8bd2030-6fc9-11d0-864f-00aa006809d9} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e3a8bde6-abce-11d0-bc4b-00c04fd929db} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e6cc6978-6b6e-11d0-beca-00c04fd940be} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e8bb6dc0-6b4e-11d0-92db-00a0c90c2bd7} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08165ea0-e946-11cf-9c87-00aa005127ed} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7d559c10-9fe9-11d0-93f7-00aa0059ce02} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7fc0b86e-5fa7-11d1-bc7c-00c04fd929db} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{abbe31d0-6dae-11d0-beca-00c04fd940be} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{f5175861-2688-11d0-9c5e-00aa00a45957} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d8bd2030-6fc9-11d0-864f-00aa006809d9} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e3a8bde6-abce-11d0-bc4b-00c04fd929db} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e6cc6978-6b6e-11d0-beca-00c04fd940be} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e8bb6dc0-6b4e-11d0-92db-00a0c90c2bd7} (Trojan.BHO) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

Takže si to pozri, čo to za čudo

.
Ešte prečo si napísal, že síla...??? príliš veľa tam toho je?

Příspěvekod **jaro3** » 02 dub 2009 14:22

Jo , přesně tak...
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32+deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 14:40

Zatial tu je log z MbaM po odstránení.

Malwarebytes' Anti-Malware 1.35
Verzia databázy: 1932
Windows 5.1.2600 Service Pack 3

2.4.2009 14:38:43
mbam-log-2009-04-02 (14-38-43).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 79369
Uplynutý cas: 1 minute(s), 8 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 11
Infikovaných registracných hodnôt: 9
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\CLSID\{08165ea0-e946-11cf-9c87-00aa005127ed} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{7d559c10-9fe9-11d0-93f7-00aa0059ce02} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{7fc0b86e-5fa7-11d1-bc7c-00c04fd929db} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{abbe31d0-6dae-11d0-beca-00c04fd940be} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{f5175861-2688-11d0-9c5e-00aa00a45957} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{d8bd2030-6fc9-11d0-864f-00aa006809d9} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{e3a8bde6-abce-11d0-bc4b-00c04fd929db} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{e6cc6978-6b6e-11d0-beca-00c04fd940be} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{e8bb6dc0-6b4e-11d0-92db-00a0c90c2bd7} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted

successfully.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{08165ea0-e946-11cf-9c87-00aa005127ed} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{7d559c10-9fe9-11d0-93f7-00aa0059ce02} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{7fc0b86e-5fa7-11d1-bc7c-00c04fd929db} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{abbe31d0-6dae-11d0-beca-00c04fd940be} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{f5175861-2688-11d0-9c5e-00aa00a45957} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{d8bd2030-6fc9-11d0-864f-00aa006809d9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{e3a8bde6-abce-11d0-bc4b-00c04fd929db} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{e6cc6978-6b6e-11d0-beca-00c04fd940be} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved\{e8bb6dc0-6b4e-11d0-92db-00a0c90c2bd7} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.

idem sa pohrat s Combo.

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 15:26

no konečne prikladam log y ComboFix
Čo s tým ďalej?

ComboFix 09-04-01.01 - Traktor 2009-04-02 14:58:51.1 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.3071.2542 [GMT 2:00]
Running from: c:\documents and settings\Traktor\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive

((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-02 14:08 . 2009-04-02 14:08 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-04-02 14:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 14:07 . 2009-04-02 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 14:07 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 13:33 . 2009-04-02 13:33 <DIR> d-------- c:\documents and settings\Traktor\DoctorWeb
2009-04-02 13:20 . 2009-04-02 13:20 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 04:04 . 2009-04-02 04:04 85 --a------ c:\windows\system32\drivers\fwdrv.err
2009-04-02 02:33 . 2009-04-02 02:33 <DIR> d-a------ c:\windows\system32\runouce.exe
2009-04-02 02:31 . 2009-04-02 04:36 54 --a------ c:\windows\Lic.xxx
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\MicroWorld
2009-04-02 02:30 . 2008-04-14 02:12 146,432 --a------ c:\windows\R.COM
2009-04-02 02:30 . 2008-04-14 02:12 135,680 --a------ c:\windows\system32\T.COM
2009-04-02 02:30 . 2009-04-02 02:30 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-04-02 02:30 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-01 20:02 . 2009-04-01 20:02 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Uniblue
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\windows\Logs
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\program files\EA Sports
2009-04-01 17:44 . 2009-04-01 17:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-31 04:25 . 1998-06-26 04:12 159,744 --a------ c:\windows\system32\Ksiad.dll
2009-03-31 04:25 . 1999-02-04 15:21 53,248 --a------ c:\windows\system32\Opcenum.exe
2009-03-31 02:31 . 2009-03-31 02:31 <DIR> d--h----- c:\windows\PIF
2009-03-31 02:31 . 2009-01-09 21:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-31 02:30 . 2009-03-31 02:30 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Windows Search
2009-03-31 02:16 . 2009-03-31 02:25 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-31 02:11 . 2009-03-31 02:25 <DIR> d-------- c:\windows\NV21201768.TMP
2009-03-31 02:11 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-03-31 02:10 . 2009-03-31 02:10 <DIR> d-------- c:\windows\system32\sk-SK
2009-03-31 02:09 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-31 02:09 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-31 02:09 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-31 02:09 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-31 02:09 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-31 02:09 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-31 02:09 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-31 02:09 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-31 02:09 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-31 02:03 . 2009-03-31 02:47 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-31 02:03 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-31 02:03 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-31 02:03 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-26 00:51 . 2009-03-30 14:39 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-23 21:11 . 2009-03-23 21:11 <DIR> d-------- c:\program files\Lavasoft RegHance
2009-03-23 21:07 . 2009-03-23 21:07 <DIR> d-------- c:\program files\Lavasoft
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\UltraISO
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-03-18 14:35 . 2009-03-18 19:03 <DIR> d-------- c:\documents and settings\Traktor\Application Data\ICQ
2009-03-18 14:34 . 2009-03-18 14:37 <DIR> d-------- c:\program files\ICQ6.5
2009-03-18 13:20 . 2009-03-27 00:01 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-17 11:19 . 2009-03-17 17:33 <DIR> d-------- c:\program files\DefenseWall
2009-03-17 11:19 . 2008-07-25 22:41 86,016 --a------ c:\windows\system32\defensewall_serv.exe
2009-03-17 11:19 . 2009-03-17 11:19 375 --a------ c:\windows\ActiveSkin.ini
2009-03-17 09:46 . 2009-03-17 09:46 <DIR> d-------- c:\documents and settings\Traktor\Application Data\QIP
2009-03-17 09:45 . 2009-03-17 09:45 <DIR> d-------- c:\program files\QIP Infium
2009-03-16 21:04 . 2009-03-16 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-16 19:29 . 2009-03-16 19:29 66 --a------ c:\windows\wininit.ini
2009-03-12 16:16 . 2009-03-19 10:11 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-03-12 16:16 . 2009-03-18 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ICQ
2009-03-10 13:20 . 2009-03-10 13:20 <DIR> d-------- c:\program files\IrfanView
2009-03-10 00:02 . 2009-03-10 00:03 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d---s---- c:\documents and settings\Traktor\UserData
2009-03-02 18:38 . 2009-03-02 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-02 18:15 . 2009-03-02 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-03-02 18:11 . 2006-06-28 05:37 1,009,336 --------- c:\windows\system32\mschrt20.ocx
2009-03-02 18:11 . 2005-03-03 22:09 389,120 --------- c:\windows\system32\Codejock.DockingPane.Unicode.9601.ocx
2009-03-02 18:11 . 2001-07-30 17:40 24,576 --------- c:\windows\system32\msxml3a.dll
2009-03-02 18:09 . 2009-03-02 18:21 <DIR> d-------- c:\program files\ANSYS Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 12:10 --------- d-----w c:\program files\Totalcmd
2009-04-02 10:37 189,072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-02 10:19 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 00:30 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-02 00:30 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-01 19:34 --------- d-----w c:\documents and settings\Traktor\Application Data\BSplayer Pro
2009-04-01 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 07:42 --------- d-----w c:\program files\Java
2009-03-25 04:30 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks
2009-03-24 20:56 --------- d-----w c:\documents and settings\Traktor\Application Data\Skype
2009-03-24 00:18 --------- d-----w c:\program files\SolidWorks
2009-03-23 19:09 --------- d-----w c:\documents and settings\Traktor\Application Data\Lavasoft
2009-03-19 14:21 --------- d-----w c:\program files\Alcohol 120
2009-03-12 14:10 --------- d-----w c:\program files\ICQ6
2009-03-09 22:10 --------- d-----w c:\program files\Opera
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-02 16:39 --------- d-----w c:\documents and settings\Traktor\Application Data\Ansys
2009-03-02 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 08:53 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-28 13:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 19:28 --------- d-----w c:\program files\ICQToolbar
2009-02-25 12:06 --------- d-----w c:\documents and settings\Traktor\Application Data\Autodesk
2009-02-24 08:08 --------- d-----w c:\documents and settings\Traktor\Application Data\CyberLink
2009-02-18 20:39 --------- d-----w c:\program files\Mv2Player
2009-02-17 15:50 --------- d-----w c:\program files\Activision
2009-02-17 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\COSMOS Applications
2009-02-17 09:04 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2009-02-17 09:03 --------- d-----w c:\program files\DWGeditor
2009-02-17 09:03 --------- d-----w c:\documents and settings\Traktor\Application Data\DWGeditor
2009-02-17 09:02 --------- d-----w c:\program files\SolidWorks Installation Manager
2009-02-17 09:01 --------- d-----w c:\program files\Common Files\eDrawings2007
2009-02-17 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 08:43 --------- d-----w c:\program files\Common Files\Solidworks Data
2009-02-17 08:35 --------- d-----w c:\program files\ARPR
2009-02-17 08:27 --------- d-----w c:\program files\AGEIA Technologies
2009-02-17 01:32 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks 2009
2009-02-17 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks
2009-02-13 18:20 --------- d-----w c:\program files\BSplayerPro
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-03 16:58 --------- d-----w c:\program files\CCleaner
2009-02-03 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-05 16:43 316 ----a-w C:\drmHeader.bin
2008-11-16 10:38 22,328 ----a-w c:\documents and settings\Traktor\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-01 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-25 08:47 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-03 20:02 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-25 08:47 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 c:\program files\Ulead VideoStudio 10\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Install\\Napalene\\utorrent_1.6.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JobManagerService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMAdmin.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMPassword.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\ScriptHostService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-12-15 81920]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-01 15424]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2009-03-02 1294336]
R2 JobManagerService110;Ansys JobManager Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe [2007-01-16 20480]
R2 ScriptHostService110;Ansys ScriptHost Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe [2007-01-16 20480]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-02-28 69120]
S3 RTCore;RTCore;\??\d:\install\TRam\RTCore.sys --> d:\install\TRam\RTCore.sys [?]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://adx.allstar.cz/adclick.php?banne ... remium.asp
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translaotr\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Traktor\Application Data\Mozilla\Firefox\Profiles\5s1wra3o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 15:06:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Traktor\LOCALS~1\Temp\RGI4.tmp 6932 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-261903793-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\intel\ansyslmd.exe
c:\program files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 15:10:08 - machine was rebooted [Traktor]
ComboFix-quarantined-files.txt 2009-04-02 13:10:03

Pre-Run: 5 094 555 648 bytes free
Post-Run: 5,227,622,400 voľných bajtov

284 --- E O F --- 2009-03-31 00:36:05

Příspěvekod **jaro3** » 02 dub 2009 17:45

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\system32\runouce.exe
c:\windows\SxsCaPendDel

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\Ksiad.dll
c:\windows\system32\Codejock.DockingPane.Unicode.9601.ocx
Vlož sem pak odkazy výsledků.

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 19:05

tak tu sú konečné výsledky :

Combofix:

ComboFix 09-04-01.01 - Traktor 2009-04-02 18:36:53.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.3071.2510 [GMT 2:00]
Running from: c:\documents and settings\Traktor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Traktor\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 33
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Could Not Find c:\combofix\temp03
Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SxsCaPendDel
c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-02 15:46 . 2009-04-02 15:46 <DIR> d-------- c:\program files\HyCam2
2009-04-02 14:08 . 2009-04-02 14:08 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-04-02 14:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 14:07 . 2009-04-02 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 14:07 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 13:33 . 2009-04-02 13:33 <DIR> d-------- c:\documents and settings\Traktor\DoctorWeb
2009-04-02 13:20 . 2009-04-02 13:20 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 04:04 . 2009-04-02 04:04 85 --a------ c:\windows\system32\drivers\fwdrv.err
2009-04-02 02:31 . 2009-04-02 04:36 54 --a------ c:\windows\Lic.xxx
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\MicroWorld
2009-04-02 02:30 . 2008-04-14 02:12 146,432 --a------ c:\windows\R.COM
2009-04-02 02:30 . 2008-04-14 02:12 135,680 --a------ c:\windows\system32\T.COM
2009-04-02 02:30 . 2009-04-02 02:30 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-04-02 02:30 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-01 20:02 . 2009-04-01 20:02 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Uniblue
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\windows\Logs
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\program files\EA Sports
2009-04-01 17:44 . 2009-04-01 17:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-31 04:25 . 1998-06-26 04:12 159,744 --a------ c:\windows\system32\Ksiad.dll
2009-03-31 04:25 . 1999-02-04 15:21 53,248 --a------ c:\windows\system32\Opcenum.exe
2009-03-31 02:31 . 2009-03-31 02:31 <DIR> d--h----- c:\windows\PIF
2009-03-31 02:31 . 2009-01-09 21:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-31 02:30 . 2009-03-31 02:30 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Windows Search
2009-03-31 02:11 . 2009-03-31 02:25 <DIR> d-------- c:\windows\NV21201768.TMP
2009-03-31 02:11 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-03-31 02:10 . 2009-03-31 02:10 <DIR> d-------- c:\windows\system32\sk-SK
2009-03-31 02:09 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-31 02:09 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-31 02:09 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-31 02:09 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-31 02:09 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-31 02:09 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-31 02:09 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-31 02:09 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-31 02:09 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-31 02:03 . 2009-03-31 02:47 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-31 02:03 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-31 02:03 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-31 02:03 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-26 00:51 . 2009-03-30 14:39 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-23 21:11 . 2009-03-23 21:11 <DIR> d-------- c:\program files\Lavasoft RegHance
2009-03-23 21:07 . 2009-03-23 21:07 <DIR> d-------- c:\program files\Lavasoft
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\UltraISO
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-03-18 14:35 . 2009-03-18 19:03 <DIR> d-------- c:\documents and settings\Traktor\Application Data\ICQ
2009-03-18 14:34 . 2009-03-18 14:37 <DIR> d-------- c:\program files\ICQ6.5
2009-03-18 13:20 . 2009-03-27 00:01 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-17 11:19 . 2009-03-17 17:33 <DIR> d-------- c:\program files\DefenseWall
2009-03-17 11:19 . 2008-07-25 22:41 86,016 --a------ c:\windows\system32\defensewall_serv.exe
2009-03-17 11:19 . 2009-03-17 11:19 375 --a------ c:\windows\ActiveSkin.ini
2009-03-17 09:46 . 2009-03-17 09:46 <DIR> d-------- c:\documents and settings\Traktor\Application Data\QIP
2009-03-17 09:45 . 2009-03-17 09:45 <DIR> d-------- c:\program files\QIP Infium
2009-03-16 21:04 . 2009-03-16 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-16 19:29 . 2009-03-16 19:29 66 --a------ c:\windows\wininit.ini
2009-03-12 16:16 . 2009-03-19 10:11 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-03-12 16:16 . 2009-03-18 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ICQ
2009-03-10 13:20 . 2009-03-10 13:20 <DIR> d-------- c:\program files\IrfanView
2009-03-10 00:02 . 2009-03-10 00:03 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d---s---- c:\documents and settings\Traktor\UserData
2009-03-02 18:38 . 2009-03-02 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-02 18:15 . 2009-03-02 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-03-02 18:11 . 2006-06-28 05:37 1,009,336 --------- c:\windows\system32\mschrt20.ocx
2009-03-02 18:11 . 2005-03-03 22:09 389,120 --------- c:\windows\system32\Codejock.DockingPane.Unicode.9601.ocx
2009-03-02 18:11 . 2001-07-30 17:40 24,576 --------- c:\windows\system32\msxml3a.dll
2009-03-02 18:09 . 2009-03-02 18:21 <DIR> d-------- c:\program files\ANSYS Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 12:10 --------- d-----w c:\program files\Totalcmd
2009-04-02 10:37 189,072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-02 10:19 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 00:30 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-02 00:30 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-01 19:34 --------- d-----w c:\documents and settings\Traktor\Application Data\BSplayer Pro
2009-04-01 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 07:42 --------- d-----w c:\program files\Java
2009-03-25 04:30 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks
2009-03-24 20:56 --------- d-----w c:\documents and settings\Traktor\Application Data\Skype
2009-03-24 00:18 --------- d-----w c:\program files\SolidWorks
2009-03-23 19:09 --------- d-----w c:\documents and settings\Traktor\Application Data\Lavasoft
2009-03-19 14:21 --------- d-----w c:\program files\Alcohol 120
2009-03-12 14:10 --------- d-----w c:\program files\ICQ6
2009-03-09 22:10 --------- d-----w c:\program files\Opera
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-02 16:39 --------- d-----w c:\documents and settings\Traktor\Application Data\Ansys
2009-03-02 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 08:53 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-28 13:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 19:28 --------- d-----w c:\program files\ICQToolbar
2009-02-25 12:06 --------- d-----w c:\documents and settings\Traktor\Application Data\Autodesk
2009-02-24 08:08 --------- d-----w c:\documents and settings\Traktor\Application Data\CyberLink
2009-02-18 20:39 --------- d-----w c:\program files\Mv2Player
2009-02-17 15:50 --------- d-----w c:\program files\Activision
2009-02-17 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\COSMOS Applications
2009-02-17 09:04 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2009-02-17 09:03 --------- d-----w c:\program files\DWGeditor
2009-02-17 09:03 --------- d-----w c:\documents and settings\Traktor\Application Data\DWGeditor
2009-02-17 09:02 --------- d-----w c:\program files\SolidWorks Installation Manager
2009-02-17 09:01 --------- d-----w c:\program files\Common Files\eDrawings2007
2009-02-17 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 08:43 --------- d-----w c:\program files\Common Files\Solidworks Data
2009-02-17 08:35 --------- d-----w c:\program files\ARPR
2009-02-17 08:27 --------- d-----w c:\program files\AGEIA Technologies
2009-02-17 01:32 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks 2009
2009-02-17 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks
2009-02-13 18:20 --------- d-----w c:\program files\BSplayerPro
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-03 16:58 --------- d-----w c:\program files\CCleaner
2009-02-03 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-05 16:43 316 ----a-w C:\drmHeader.bin
2008-11-16 10:38 22,328 ----a-w c:\documents and settings\Traktor\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-02_15.08.19.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 13:03:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_19c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-01 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-25 08:47 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-03 20:02 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-25 08:47 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 c:\program files\Ulead VideoStudio 10\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Install\\Napalene\\utorrent_1.6.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JobManagerService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMAdmin.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMPassword.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\ScriptHostService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-12-15 81920]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-01 15424]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2009-03-02 1294336]
R2 JobManagerService110;Ansys JobManager Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe [2007-01-16 20480]
R2 ScriptHostService110;Ansys ScriptHost Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe [2007-01-16 20480]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-02-28 69120]
S3 RTCore;RTCore;\??\d:\install\TRam\RTCore.sys --> d:\install\TRam\RTCore.sys [?]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://adx.allstar.cz/adclick.php?banne ... remium.asp
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translaotr\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Traktor\Application Data\Mozilla\Firefox\Profiles\5s1wra3o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 18:40:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-261903793-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-02 18:42:56
ComboFix-quarantined-files.txt 2009-04-02 16:42:52
ComboFix2.txt 2009-04-02 13:10:11

Pre-Run: 5 229 596 672 bytes free
Post-Run: 5,218,275,328 voľných bajtov

270 --- E O F --- 2009-03-31 00:36:05

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:16, on 2.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adx.allstar.cz/adclick.php?banne ... remium.asp
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translaotr\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translaotr\WEBIE.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8529 bytes

ODKAZY z Virutotal
Prvy súbor
http://www.virustotal.com/cs/analisis/8 ... 0987a3feaf
Druhý súbor
http://www.virustotal.com/cs/analisis/7 ... cddd38bb89

neviem či si chcel odkazy na nwt alebo skopirovane logy? Mám to skopírovane v notepade, ak by to trebalo
Dakujem

Příspěvekod **jaro3** » 02 dub 2009 19:21

Jo , je to správně.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud nejsou problémy , je to vše.

juraj11 · Příspěvekod **juraj11** » 02 dub 2009 19:36

Dúfam, že tak skoro nebudú.
Veľmi pekne Vám ďakujem za pomoc.
Ešte by som sa rád opýtal na Váš názor na ochranu PC
Napr. ja používam - ESET+Kerio
Ďalej Ad-aware, spybot, CCleaner.
aká je najlepšia kombinácia

Ešte raz ĎAKUJEM

KONTROLA LOGU Vyřešeno

KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Re: KONTROLA LOGU

Kdo je online