log z combofix-u:
ComboFix 10-01-15.05 - User 16.01.2010 11:57:17.1.1 - x86
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\avdrn.dat
c:\documents and settings\User\Start Menu\Programs\Startup\siszyd32.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\QIP
c:\program files\QIP\LI\Cesky\_cntry.lng
c:\program files\QIP\LI\Cesky\_intrsts.lng
c:\program files\QIP\LI\Cesky\_langs.lng
c:\program files\QIP\LI\Cesky\_marital.lng
c:\program files\QIP\LI\Cesky\_occup.lng
c:\program files\QIP\LI\Cesky\_orgs.lng
c:\program files\QIP\LI\Cesky\_past.lng
c:\program files\QIP\LI\Cesky\_rndchat.lng
c:\program files\QIP\LI\Cesky\desc.txt
c:\program files\QIP\LI\Cesky\chars_r.ini
c:\program files\QIP\LI\Cesky\chars_t.ini
c:\program files\QIP\LI\Cesky\lang.ini
c:\program files\QIP\LI\current.cfg
c:\program files\QIP\LI\langs.cfg
c:\program files\QIP\Skins\current.cfg
c:\program files\QIP\Skins\skins.cfg
c:\program files\QIP\Users\238669298\_birth.txt
c:\program files\QIP\Users\238669298\_botq.txt
c:\program files\QIP\Users\238669298\_events.txt
c:\program files\QIP\Users\238669298\_eye.txt
c:\program files\QIP\Users\238669298\_groups.txt
c:\program files\QIP\Users\238669298\_m_away.txt
c:\program files\QIP\Users\238669298\_m_depr.txt
c:\program files\QIP\Users\238669298\_m_dnd.txt
c:\program files\QIP\Users\238669298\_m_evil.txt
c:\program files\QIP\Users\238669298\_m_ffc.txt
c:\program files\QIP\Users\238669298\_m_home.txt
c:\program files\QIP\Users\238669298\_m_lunch.txt
c:\program files\QIP\Users\238669298\_m_na.txt
c:\program files\QIP\Users\238669298\_m_occup.txt
c:\program files\QIP\Users\238669298\_m_work.txt
c:\program files\QIP\Users\238669298\_premsg.txt
c:\program files\QIP\Users\238669298\_st_away.txt
c:\program files\QIP\Users\238669298\_st_cust.txt
c:\program files\QIP\Users\238669298\238669298.cl
c:\program files\QIP\Users\238669298\238669298.clg
c:\program files\QIP\Users\238669298\238669298.cli
c:\program files\QIP\Users\238669298\238669298.clv
c:\program files\QIP\Users\238669298\238669298.lcl
c:\program files\QIP\Users\238669298\238669298.nil
c:\program files\QIP\Users\238669298\BackupCL\238669298_2007_10.cl
c:\program files\QIP\Users\238669298\BackupCL\238669298_2007_10.clg
c:\program files\QIP\Users\238669298\BackupCL\238669298_2007_10.cli
c:\program files\QIP\Users\238669298\BackupCL\238669298_2007_10.clv
c:\program files\QIP\Users\238669298\Config.ini
c:\program files\QIP\Users\238669298\Devils\238669298.jpg
c:\program files\QIP\Users\238669298\Devils\337538007.jpg
c:\program files\QIP\Users\238669298\Devils\467599069.jpg
c:\program files\QIP\Users\238669298\History\_srvlog.txt
c:\program files\QIP\Users\238669298\History\388295464.txt
c:\program files\QIP\Users\238669298\History\448601365.txt
c:\program files\QIP\Users\467599069\_birth.txt
c:\program files\QIP\Users\467599069\_botq.txt
c:\program files\QIP\Users\467599069\_events.txt
c:\program files\QIP\Users\467599069\_eye.txt
c:\program files\QIP\Users\467599069\_groups.txt
c:\program files\QIP\Users\467599069\_m_away.txt
c:\program files\QIP\Users\467599069\_m_depr.txt
c:\program files\QIP\Users\467599069\_m_dnd.txt
c:\program files\QIP\Users\467599069\_m_evil.txt
c:\program files\QIP\Users\467599069\_m_ffc.txt
c:\program files\QIP\Users\467599069\_m_home.txt
c:\program files\QIP\Users\467599069\_m_lunch.txt
c:\program files\QIP\Users\467599069\_m_na.txt
c:\program files\QIP\Users\467599069\_m_occup.txt
c:\program files\QIP\Users\467599069\_m_work.txt
c:\program files\QIP\Users\467599069\_premsg.txt
c:\program files\QIP\Users\467599069\_st_away.txt
c:\program files\QIP\Users\467599069\_st_cust.txt
c:\program files\QIP\Users\467599069\467599069.cl
c:\program files\QIP\Users\467599069\467599069.clg
c:\program files\QIP\Users\467599069\467599069.cli
c:\program files\QIP\Users\467599069\467599069.clv
c:\program files\QIP\Users\467599069\467599069.lcl
c:\program files\QIP\Users\467599069\467599069.nil
c:\program files\QIP\Users\467599069\BackupCL\467599069_2007_10.cl
c:\program files\QIP\Users\467599069\BackupCL\467599069_2007_10.clg
c:\program files\QIP\Users\467599069\BackupCL\467599069_2007_10.cli
c:\program files\QIP\Users\467599069\BackupCL\467599069_2007_10.clv
c:\program files\QIP\Users\467599069\Config.ini
c:\program files\QIP\Users\467599069\Devils\238669298.jpg
c:\program files\QIP\Users\467599069\Devils\416953154.jpg
c:\program files\QIP\Users\467599069\Devils\420565595.jpg
c:\program files\QIP\Users\467599069\Devils\467599069.jpg
c:\program files\QIP\Users\467599069\History\_srvlog.txt
c:\program files\QIP\Users\467599069\History\205953980.txt
c:\program files\QIP\Users\467599069\History\268364939.txt
c:\program files\QIP\Users\467599069\History\274731223.txt
c:\program files\QIP\Users\467599069\History\420565595.txt
c:\program files\QIP\Users\467599069\History\493442246.txt
c:\program files\QIP\Users\Accounts.cfg
c:\program files\QIP\Users\Default.cfg
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-10 16:30 . 2010-01-10 16:30 118 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-09 12:26 . 2010-01-09 12:26 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-09 12:25 . 2010-01-09 12:25 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-02 16:23 . 2010-01-02 16:23 6868368 ----a-w- c:\documents and settings\User\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
2009-12-28 21:24 . 2009-12-28 21:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 21:22 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-28 21:15 . 2009-12-28 21:15 -------- d-----w- c:\program files\Ubisoft
2009-12-28 21:08 . 2010-01-16 08:24 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-28 21:07 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools Lite
2009-12-28 21:06 . 2009-12-28 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:44 . 2006-08-20 07:32 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-14 09:34 . 2008-03-08 00:16 -------- d-----w- c:\program files\Opera
2010-01-14 09:24 . 2006-07-25 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 21:48 . 2007-02-22 09:26 -------- d-----w- c:\program files\Java
2010-01-12 21:35 . 2007-09-17 07:37 -------- d-----w- c:\program files\eMule
2010-01-10 16:30 . 2010-01-10 16:30 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2010-01-09 16:56 . 2007-03-08 10:53 -------- d-----w- c:\program files\Nobilis
2009-12-28 21:15 . 2006-07-24 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 21:08 . 2008-04-15 10:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 21:07 . 2007-02-18 17:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-28 04:19 . 2006-10-09 10:58 -------- d-----w- c:\program files\AstraScan Scanner
2009-12-28 04:18 . 2008-01-30 09:12 1926924 ----a-w- C:\sam.tmp
2009-12-05 12:13 . 2006-11-10 18:00 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss
2009-12-05 08:59 . 2009-12-05 08:59 -------- d-----w- c:\program files\uTorrent
2009-10-30 13:32 . 2007-02-03 11:28 10 -c--a-w- c:\windows\popcinfo.dat
2007-05-20 14:46 . 2007-05-20 14:43 2100 ----a-w- c:\program files\voidmp3fm.ini
2006-10-06 09:39 . 2007-05-20 14:36 802816 ----a-w- c:\program files\voidMP3FM.exe
2006-09-23 17:59 . 2006-09-23 17:59 8282187 ----a-w- c:\program files\vlc-0.8.5-win32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Rapidown.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Rapidown.lnk
backup=c:\windows\pss\Rapidown.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-11-08 12:27 222208 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU]
2005-02-25 02:22 208896 -c--a-w- c:\windows\inf\MSI\SlowDownCPU\SlowDownCPU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-05-28 02:39 401408 ----a-w- c:\program files\Creative\Software Update 3\SoftAuto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 01:36 81920 -c--a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-07 12:06 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2007 18:38 691696]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [25.7.2006 16:47 52544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [19.3.2007 4:51 15424]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [24.7.2006 16:47 23424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.80\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.80\MediaManager\grab.html
LSP: c:\windows\system32\imon.dll
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 12:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\wuauclt.exe.wusetup.265578.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.270156.bak 1809944 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmv.sys >>UNKNOWN [0x82F90938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8668f28
\Driver\ACPI -> ACPI.sys @ 0xf83f0cb8
\Driver\atapi -> atapi.sys @ 0xf83abb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a1bb0
PacketIndicateHandler -> NDIS.sys @ 0xf82aea21
SendHandler -> NDIS.sys @ 0xf828c87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-01-16 12:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-16 11:23
Pre-Run: 24 993 783 808 bytes free
Post-Run: 19 adresárov, 25 004 404 736 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 788BBE128A006953B29D3FA34CC3B46A
Dakujem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC napadnuty siszyd32.exe , prosim jak odstranit?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
deziderdezo
- Návštěvník
- Příspěvky: 78
- Registrován: 16 led 2010 10:41
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\fjhdyfhsn.bat
c:\documents and settings\LocalService\Application Data\fvgqad.dat
MBR::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
deziderdezo
- Návštěvník
- Příspěvky: 78
- Registrován: 16 led 2010 10:41
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
vysledny log z combofixu po vlození citace
ComboFix 10-01-15.05 - User 16.01.2010 12:59:07.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.511.259 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
file zipped: c:\documents and settings\LocalService\Application Data\fvgqad.dat
file zipped: c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\fvgqad.dat
C:\Thumbs.db
c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-09 12:26 . 2010-01-09 12:26 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-09 12:25 . 2010-01-09 12:25 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-02 16:23 . 2010-01-02 16:23 6868368 ----a-w- c:\documents and settings\User\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
2009-12-28 21:24 . 2009-12-28 21:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 21:22 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-28 21:15 . 2009-12-28 21:15 -------- d-----w- c:\program files\Ubisoft
2009-12-28 21:07 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools Lite
2009-12-28 21:06 . 2009-12-28 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:44 . 2006-08-20 07:32 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-14 09:34 . 2008-03-08 00:16 -------- d-----w- c:\program files\Opera
2010-01-14 09:24 . 2006-07-25 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 21:48 . 2007-02-22 09:26 -------- d-----w- c:\program files\Java
2010-01-12 21:35 . 2007-09-17 07:37 -------- d-----w- c:\program files\eMule
2010-01-09 16:56 . 2007-03-08 10:53 -------- d-----w- c:\program files\Nobilis
2009-12-28 21:15 . 2006-07-24 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 21:08 . 2008-04-15 10:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 21:07 . 2007-02-18 17:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-28 04:19 . 2006-10-09 10:58 -------- d-----w- c:\program files\AstraScan Scanner
2009-12-28 04:18 . 2008-01-30 09:12 1926924 ----a-w- C:\sam.tmp
2009-12-05 12:13 . 2006-11-10 18:00 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss
2009-12-05 08:59 . 2009-12-05 08:59 -------- d-----w- c:\program files\uTorrent
2009-10-30 13:32 . 2007-02-03 11:28 10 -c--a-w- c:\windows\popcinfo.dat
2007-05-20 14:46 . 2007-05-20 14:43 2100 ----a-w- c:\program files\voidmp3fm.ini
2006-10-06 09:39 . 2007-05-20 14:36 802816 ----a-w- c:\program files\voidMP3FM.exe
2006-09-23 17:59 . 2006-09-23 17:59 8282187 ----a-w- c:\program files\vlc-0.8.5-win32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-11-08 12:27 222208 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-05-28 02:39 401408 ----a-w- c:\program files\Creative\Software Update 3\SoftAuto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 01:36 81920 -c--a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-07 12:06 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2007 18:38 691696]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [25.7.2006 16:47 52544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [19.3.2007 4:51 15424]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SlowDownCPU;SlowDownCPU;\??\c:\windows\INF\MSI\SlowDownCPU\NTGLM7X.sys --> c:\windows\INF\MSI\SlowDownCPU\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.80\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.80\MediaManager\grab.html
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 13:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spls.sys >>UNKNOWN [0x82F90938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8668f28
\Driver\ACPI -> ACPI.sys @ 0xf83f0cb8
\Driver\atapi -> atapi.sys @ 0xf83abb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a1bb0
PacketIndicateHandler -> NDIS.sys @ 0xf82aea21
SendHandler -> NDIS.sys @ 0xf828c87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-16 13:11:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-16 12:11
ComboFix2.txt 2010-01-16 11:24
Pre-Run: 25 512 923 136 bytes free
Post-Run: 19 adresárov, 25 480 351 744 voľných bajtov
- - End Of File - - DB2B5B08B8C66A8C09F1F5B177641AB8
ComboFix 10-01-15.05 - User 16.01.2010 12:59:07.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.511.259 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
file zipped: c:\documents and settings\LocalService\Application Data\fvgqad.dat
file zipped: c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\fvgqad.dat
C:\Thumbs.db
c:\windows\system32\fjhdyfhsn.bat
.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.
2010-01-09 12:26 . 2010-01-09 12:26 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-09 12:25 . 2010-01-09 12:25 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-02 16:23 . 2010-01-02 16:23 6868368 ----a-w- c:\documents and settings\User\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
2009-12-28 21:24 . 2009-12-28 21:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-28 21:22 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-12-28 21:15 . 2009-12-28 21:15 -------- d-----w- c:\program files\Ubisoft
2009-12-28 21:07 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools Lite
2009-12-28 21:06 . 2009-12-28 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:44 . 2006-08-20 07:32 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-14 09:34 . 2008-03-08 00:16 -------- d-----w- c:\program files\Opera
2010-01-14 09:24 . 2006-07-25 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 21:48 . 2007-02-22 09:26 -------- d-----w- c:\program files\Java
2010-01-12 21:35 . 2007-09-17 07:37 -------- d-----w- c:\program files\eMule
2010-01-09 16:56 . 2007-03-08 10:53 -------- d-----w- c:\program files\Nobilis
2009-12-28 21:15 . 2006-07-24 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 21:08 . 2008-04-15 10:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 21:07 . 2007-02-18 17:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-28 04:19 . 2006-10-09 10:58 -------- d-----w- c:\program files\AstraScan Scanner
2009-12-28 04:18 . 2008-01-30 09:12 1926924 ----a-w- C:\sam.tmp
2009-12-05 12:13 . 2006-11-10 18:00 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss
2009-12-05 08:59 . 2009-12-05 08:59 -------- d-----w- c:\program files\uTorrent
2009-10-30 13:32 . 2007-02-03 11:28 10 -c--a-w- c:\windows\popcinfo.dat
2007-05-20 14:46 . 2007-05-20 14:43 2100 ----a-w- c:\program files\voidmp3fm.ini
2006-10-06 09:39 . 2007-05-20 14:36 802816 ----a-w- c:\program files\voidMP3FM.exe
2006-09-23 17:59 . 2006-09-23 17:59 8282187 ----a-w- c:\program files\vlc-0.8.5-win32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-11-08 12:27 222208 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-05-28 02:39 401408 ----a-w- c:\program files\Creative\Software Update 3\SoftAuto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 01:36 81920 -c--a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-07 12:06 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
2005-09-14 19:44 65536 ----a-w- c:\program files\USB Disk Win98 Driver\Res.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.2.2007 18:38 691696]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [25.7.2006 16:47 52544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [19.3.2007 4:51 15424]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 12:42 64000]
S3 SlowDownCPU;SlowDownCPU;\??\c:\windows\INF\MSI\SlowDownCPU\NTGLM7X.sys --> c:\windows\INF\MSI\SlowDownCPU\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.80\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.80\MediaManager\grab.html
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 13:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spls.sys >>UNKNOWN [0x82F90938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8668f28
\Driver\ACPI -> ACPI.sys @ 0xf83f0cb8
\Driver\atapi -> atapi.sys @ 0xf83abb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a1bb0
PacketIndicateHandler -> NDIS.sys @ 0xf82aea21
SendHandler -> NDIS.sys @ 0xf828c87b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-16 13:11:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-16 12:11
ComboFix2.txt 2010-01-16 11:24
Pre-Run: 25 512 923 136 bytes free
Post-Run: 19 adresárov, 25 480 351 744 voľných bajtov
- - End Of File - - DB2B5B08B8C66A8C09F1F5B177641AB8
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
Ještě udělejte log z MBR: http://www2.gmer.net/mbr/mbr.exe a vložte sem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
deziderdezo
- Návštěvník
- Příspěvky: 78
- Registrován: 16 led 2010 10:41
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
deziderdezo
- Návštěvník
- Příspěvky: 78
- Registrován: 16 led 2010 10:41
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
Vypada ze vsetko je OK.
Mnohokrat dakujem za pomoc. Uz po niekolkykrat.
Prajem mnoho uspechov.
Mnohokrat dakujem za pomoc. Uz po niekolkykrat.
Prajem mnoho uspechov.
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napadnuty siszyd32.exe , prosim jak odstranit?
Vše vypadá čisté. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?