Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nejde sa pripojit na microsoft.com / avast.cz

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#16 Příspěvek od stell »

samozrejme pripoj aj externy disk,ziadne data nestratis ak budes postupovat presne ako pisem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#17 Příspěvek od Nostradamus »

Mám ešte jednu otázku. USB som všetky vičistil, ale!. Mám doma jeden router, na ten router je pripojený další wifi router. JE možné, že vírus zasiahol len mňa a brata? že další router už nie? je to prepojené, ale tam www.microsoft.com avast.cz avira.com samozrejme ide...

ĎAkujem

°
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#18 Příspěvek od stell »

takto,Router nie je infikovany,,ak by si mal tam napriklad Wareout tak moze byt aj router zasiahnuty,,ale ty mas tam conficker,ale nakolko ste prenasali USB-cka hore dole pravdepodobne mate vsetci infikovane pocitace,to ze bratovi idu stranky neznamena nic.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#19 Příspěvek od Nostradamus »

Práveže ja ani brat čo ma infikovaný pc, sme tie USB nepoužívali. Používala ich mama, len na svoje potreby, majú tam origo nod 32 scanuju všetko.
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#20 Příspěvek od stell »

takto,,ja teraz neviem co vlastne chces,,treba pokracovat tak ako som napisal,,fixdownadup a combofix,ak brat tiez ma infikovane pc nech otvori novu temu a da skontrolovat log,,mama tiez ma infikovane pc,,nakolko USB-cka vsetky boli infikovane ,to ze tam ma NOD neznamena nic.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#21 Příspěvek od Nostradamus »

No vieš, nikto z nich ten vírus odstrániť nechce.. Ako dačo poviem, povedia, Že nie, a koniec.. LOG z pc, prosím skontroluj mi to, už 2 pc, som vyclearoval, combofix hodím hneď.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eva Gazdová at 2010-02-04 19:18:16
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 1 GB (3%) free of 35 GB
Total RAM: 383 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:19, on 04.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Eva Gazdová\Plocha\RSIT.exe
C:\Program Files\trend micro\Eva Gazdová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EVAGAZ~1\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - http://televizia.joj.sk/fileadmin/joj_p ... Player.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: sapping - Unknown owner - C:\WINDOWS\srvsap\srvany.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (file missing)

--
End of file - 6588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A61293F3-A6A4-4FEA-A4A7-A0BC12CB5BC0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2001-10-09 818688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-21 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-17 185896]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-06-12 700416]
"cdoosoft"=C:\DOCUME~1\EVAGAZ~1\LOCALS~1\Temp\herss.exe [2010-02-04 113152]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hotkey.lnk - C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-18 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\System32\LEXPPS.EXE"="C:\WINDOWS\System32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"F:\counter strike 1.6\hl.exe"="F:\counter strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Eva Gazdová\Plocha\MGazda\counter strike 1.6\hl.exe"="C:\Documents and Settings\Eva Gazdová\Plocha\MGazda\counter strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{268beb64-b267-11dd-8b7c-0015f2d7f860}]
shell\AutoRun\command - F:\WUDFHOST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ea1f598-f800-11dc-898b-0015f2d7f860}]
shell\AutoRun\command - F:\xmor.exe
shell\open\command - F:\xmor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bba9d112-c2fb-11dd-8bb7-0015f2d7f860}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cab7dd46-7cfc-11de-8db9-0015f2d7f860}]
shell\AutoRun\command - G:\RECYCLER.exe J:\
shell\Explore\command - G:\RECYCLER.exe J:\
shell\Open\command - G:\RECYCLER.exe J:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edbca7ca-a819-11de-8e10-0015f2d7f860}]
shell\AutoRun\command - F:\kgji.exe
shell\open\command - F:\kgji.exe


======List of files/folders created in the last 1 months======

2010-02-04 19:18:27 ----D---- C:\Program Files\trend micro
2010-02-04 19:18:16 ----D---- C:\rsit
2010-02-04 18:42:30 ----RSH---- C:\ws.exe
2010-01-31 17:11:23 ----D---- C:\Documents and Settings\Eva Gazdová\Data aplikací\Creative
2010-01-31 14:09:42 ----SHD---- C:\FOUND.014
2010-01-31 13:27:35 ----RSH---- C:\1hqup.exe
2010-01-30 13:55:28 ----RSH---- C:\mvmdh.exe
2010-01-27 18:18:00 ----RSH---- C:\0fpdq2dw.exe
2010-01-24 18:02:04 ----RSH---- C:\c2e.exe
2010-01-21 20:55:52 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-21 20:55:46 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-21 20:06:56 ----RSH---- C:\qkm.exe
2010-01-12 20:49:46 ----D---- C:\mato
2010-01-12 18:48:09 ----RSH---- C:\kmj.exe
2010-01-12 16:18:53 ----RSH---- C:\olu392qj.exe
2010-01-10 12:43:20 ----RSH---- C:\8xcrbho6.exe
2010-01-08 07:08:44 ----RSH---- C:\f2kmj.exe
2010-01-05 15:28:06 ----RSH---- C:\e9naq.exe

======List of files/folders modified in the last 1 months======

2010-01-31 17:36:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-31 15:43:10 ----A---- C:\WINDOWS\wincmd.ini
2010-01-30 20:19:34 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-28 15:50:18 ----A---- C:\WINDOWS\eporadca_0811.ini
2010-01-21 20:55:50 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 10:58:04 ----N---- C:\WINDOWS\system32\occache.dll
2010-01-05 10:58:04 ----A---- C:\WINDOWS\system32\wininet.dll
2010-01-05 10:58:04 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-01-05 10:58:04 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-01-05 10:58:04 ----A---- C:\WINDOWS\system32\url.dll
2010-01-05 10:58:04 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-01-05 10:58:02 ----N---- C:\WINDOWS\system32\mstime.dll
2010-01-05 10:58:02 ----N---- C:\WINDOWS\system32\msrating.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-01-05 10:58:02 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-01-05 10:58:00 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-01-05 10:58:00 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-01-05 10:58:00 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-01-05 10:58:00 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-01-05 10:57:58 ----N---- C:\WINDOWS\system32\corpol.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\icardie.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\dxtrans.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\advpack.dll
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-02-29 51072]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-31 1198080]
R3 BCM43XX;ASUS 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2005-08-28 510592]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-22 1034752]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-05-22 216832]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-08-08 70144]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-02-28 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-08-03 221376]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-18 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-22 716288]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 M9207;M9207 USB Digital TV BOX; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2006-05-25 36096]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ipswuio;ipswuio; C:\WINDOWS\System32\DRIVERS\ipswuio.sys [2005-06-08 34944]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-13 88960]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-31 368640]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-21 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-10-09 300544]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sapping;sapping; C:\WINDOWS\srvsap\srvany.exe [1997-05-15 13312]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#22 Příspěvek od stell »

toto je co za log??tiez je infikovany vsetkym moznym,,
Pouxit :Vypnut SVI,TFC,USBFIX,MALWAREBYTES,COMBOFIX
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#23 Příspěvek od Nostradamus »

To bol log maminho pc. Ok moj log, všetko podľa teba.

ComboFix 10-02-03.08 - Matej 04.02.2010 19:23:53.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1726 [GMT 1:00]
Running from: c:\documents and settings\Matej\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 16:48 . 2010-02-04 16:48 2269056 ----a-w- C:\FixDownadup.exe
2010-02-04 16:06 . 2010-02-04 16:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:06 . 2010-02-04 16:07 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Adobe
2010-02-03 14:36 . 2010-02-03 14:36 -------- d-----w- c:\documents and settings\Matej\Application Data\teamspeak2
2010-02-03 14:36 . 2010-02-03 14:36 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-02-02 18:05 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-02 18:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-02 18:03 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-02 18:03 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2010-02-02 18:03 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-02 18:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-02 18:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-02 18:02 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-02 18:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-02 18:02 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-02 18:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-02 18:02 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-02 18:02 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-02-02 17:54 . 2010-02-04 17:18 1077786 ----a-w- C:\UsbFix_Upload_Me_IT-3119B06F5BA4.zip
2010-02-02 17:54 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2010-02-02 17:54 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2010-02-02 17:54 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2010-02-02 17:54 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2010-02-02 17:54 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-02-02 17:54 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-02-02 17:50 . 2010-02-04 17:18 -------- d-----w- C:\UsbFix
2010-02-02 17:15 . 2010-02-02 17:15 -------- d-----w- C:\_OTM
2010-02-02 17:05 . 2010-02-02 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 17:05 . 2007-08-15 12:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2010-02-02 17:05 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-02-02 17:05 . 1999-02-09 20:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2010-02-02 17:05 . 2010-02-02 17:09 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-02-02 16:55 . 2010-02-02 16:55 -------- d-----w- C:\rsit
2010-02-02 12:19 . 2010-02-02 20:56 -------- d-----w- C:\SERIA 1
2010-02-01 12:36 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-01 12:36 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-01 12:36 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-01 12:36 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-01 08:40 . 2010-02-01 08:41 -------- d-----w- c:\program files\Prime95
2010-02-01 06:49 . 2010-02-01 06:53 -------- d---a-w- C:\xampp
2010-01-31 23:17 . 2010-01-31 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-31 18:12 . 2010-01-31 18:12 -------- d-----w- c:\windows\system32\Adobe
2010-01-30 22:37 . 2010-02-01 15:24 -------- d-----w- C:\Stranka
2010-01-30 12:19 . 2010-01-30 12:19 -------- d-----w- c:\program files\CCleaner
2010-01-30 12:15 . 2008-01-07 13:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-01-30 12:00 . 2010-01-30 12:00 -------- d-----w- c:\program files\Trend Micro
2010-01-30 11:50 . 2010-01-30 11:50 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\ESET
2010-01-30 11:38 . 2010-01-30 11:38 -------- d-----w- c:\program files\ESET
2010-01-30 11:38 . 2010-01-30 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-28 11:50 . 2010-01-28 11:50 -------- d-----w- C:\mato
2010-01-26 18:32 . 2010-01-26 18:33 69 ----a-w- c:\documents and settings\Matej\jagex_runescape_preferences2.dat
2010-01-26 18:31 . 2010-01-26 18:33 39 ----a-w- c:\documents and settings\Matej\jagex_runescape_preferences.dat
2010-01-26 18:31 . 2010-01-26 18:31 -------- d-----w- c:\windows\.jagex_cache_32
2010-01-26 18:31 . 2010-01-26 18:31 -------- d-----w- c:\windows\Sun
2010-01-26 18:30 . 2010-01-26 18:30 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 18:30 . 2010-01-26 18:30 348160 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\msvcr71.dll
2010-01-26 18:30 . 2010-01-26 18:30 61440 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-739b1875-n\decora-sse.dll
2010-01-26 18:30 . 2010-01-26 18:30 503808 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\msvcp71.dll
2010-01-26 18:30 . 2010-01-26 18:30 499712 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\jmc.dll
2010-01-26 18:30 . 2010-01-26 18:30 12800 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-739b1875-n\decora-d3d.dll
2010-01-26 18:30 . 2010-01-26 18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 18:29 . 2010-01-26 18:29 -------- d-----w- c:\program files\Java
2010-01-19 16:08 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-18 20:30 . 2010-01-18 20:30 -------- d-----w- c:\program files\Electronic Arts
2010-01-18 18:53 . 2010-01-18 18:54 -------- d-----w- C:\Fraps
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-17 12:26 . 2010-01-30 12:14 -------- d-----w- c:\program files\BitComet
2010-01-16 20:40 . 2010-01-16 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-16 20:40 . 2010-01-16 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-16 20:40 . 2010-01-16 20:40 -------- d-----w- c:\program files\OpenAL
2010-01-16 11:32 . 2010-02-02 17:03 -------- d-----w- c:\program files\Halflife 2 Episode 2 DeLEGiON
2010-01-16 10:14 . 2010-01-16 10:14 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Downloaded Installations
2010-01-14 17:24 . 2010-01-14 17:24 -------- d-----w- c:\windows\Eurobattle.net
2010-01-14 17:06 . 2010-01-14 17:27 -------- d-----w- c:\program files\Warcraft III
2010-01-11 13:45 . 2010-01-28 06:50 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Temp
2010-01-07 14:49 . 2010-01-07 14:49 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Opera
2010-01-07 14:49 . 2010-01-31 21:12 -------- d-----w- c:\program files\Opera
2010-01-07 13:50 . 2010-01-31 22:49 -------- d-----w- c:\documents and settings\Matej\Application Data\gtk-2.0
2010-01-07 13:50 . 2010-01-07 13:50 -------- d-----w- c:\documents and settings\Matej\.thumbnails
2010-01-07 13:42 . 2010-01-31 22:57 -------- d-----w- c:\documents and settings\Matej\.gimp-2.6
2010-01-07 13:41 . 2010-01-07 13:41 -------- d-----w- c:\program files\GIMP-2.0
2010-01-07 13:17 . 2010-01-07 13:17 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Identities
2010-01-06 18:00 . 2010-01-16 11:59 -------- d-----w- c:\program files\Lavalys
2010-01-05 20:51 . 2010-02-02 18:57 -------- d-----w- c:\documents and settings\Matej\Application Data\dvdcss
2010-01-05 18:46 . 2010-01-16 11:27 -------- d-----w- C:\Films

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:15 . 2009-12-26 15:32 16608 ----a-w- c:\windows\gdrv.sys
2010-02-04 18:08 . 2010-01-02 19:10 -------- d-----w- c:\documents and settings\Matej\Application Data\Hamachi
2010-02-04 18:08 . 2010-01-01 18:22 -------- d-----w- c:\program files\Steam
2010-02-04 17:56 . 2009-12-31 22:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-04 17:00 . 2009-12-26 15:43 -------- d-----w- c:\documents and settings\Matej\Application Data\Skype
2010-02-04 14:45 . 2010-01-01 17:42 -------- d-----w- c:\documents and settings\Matej\Application Data\TeamViewer
2010-02-04 14:06 . 2009-12-26 15:46 -------- d-----w- c:\documents and settings\Matej\Application Data\skypePM
2010-02-03 19:47 . 2009-12-27 19:51 -------- d-----w- c:\documents and settings\Matej\Application Data\vlc
2010-01-22 20:01 . 2009-12-27 08:16 13104 ----a-w- c:\documents and settings\Matej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 20:36 . 2009-12-26 15:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 12:50 . 2009-12-26 15:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 10:15 . 2009-12-26 15:33 -------- d-----w- c:\program files\AMD
2010-01-16 07:53 . 2010-01-02 19:42 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-16 07:52 . 2010-01-02 19:42 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 15:15 . 2009-12-30 21:21 -------- d-----w- c:\program files\Zaparit
2010-01-07 20:06 . 2010-01-01 17:16 -------- d-----w- c:\program files\BitSpirit
2010-01-03 20:12 . 2010-01-03 20:10 -------- d-----w- c:\documents and settings\Matej\Application Data\PSpad
2010-01-03 20:10 . 2010-01-03 20:10 -------- d-----w- c:\program files\PSPad editor
2010-01-02 20:53 . 2010-01-02 20:53 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-01-02 19:41 . 2010-01-02 19:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-02 19:10 . 2010-01-02 19:10 -------- d-----w- c:\program files\Hamachi
2010-01-02 19:10 . 2009-09-23 08:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-02 18:33 . 2010-01-02 18:33 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-02 18:09 . 2010-01-02 18:09 -------- d-----w- c:\program files\EA GAMES
2010-01-02 12:19 . 2010-01-02 12:19 -------- d-----w- c:\program files\directx
2010-01-02 12:19 . 2010-01-02 12:19 -------- d-----w- c:\program files\Rockstar Games
2010-01-01 21:26 . 2009-12-26 15:27 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 21:26 . 2009-12-26 15:27 2748 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-01 17:16 . 2010-01-01 17:16 -------- d-----w- c:\documents and settings\Matej\Application Data\BitSpirit
2010-01-01 11:22 . 2009-12-26 15:54 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 11:16 . 2010-01-01 10:58 -------- d-----w- c:\documents and settings\Matej\Application Data\DAEMON Tools Lite
2010-01-01 10:58 . 2010-01-01 10:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-01 10:58 . 2010-01-01 10:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-01 10:58 . 2010-01-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-31 19:13 . 2009-12-31 19:13 -------- d-----w- c:\program files\7-Zip
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-30 10:30 . 2009-12-28 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-30 00:35 . 2009-12-30 00:35 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-28 19:06 . 2009-12-28 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-12-28 19:06 . 2009-12-28 19:05 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-12-28 16:22 . 2009-12-26 15:27 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-28 09:23 . 2009-12-26 15:47 -------- d-----w- c:\program files\QIP
2009-12-27 19:50 . 2009-12-27 19:50 -------- d-----w- c:\program files\VideoLAN
2009-12-27 12:58 . 2009-12-27 12:58 -------- d-----w- c:\program files\Sierra
2009-12-26 15:46 . 2009-12-26 15:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-26 15:43 . 2009-12-26 15:41 -------- d-----w- c:\documents and settings\Matej\Application Data\GHISLER
2009-12-26 15:42 . 2009-12-26 15:42 -------- d-----w- c:\program files\Google
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----r- c:\program files\Skype
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-26 15:41 . 2009-12-26 15:41 0 ----a-w- c:\windows\nsreg.dat
2009-12-26 15:40 . 2009-12-26 15:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 15:40 . 2009-12-26 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 15:37 . 2009-12-26 15:37 -------- d-----w- c:\program files\EXPERTool
2009-12-26 15:35 . 2009-12-26 15:33 -------- d-----w- c:\program files\Realtek
2009-12-26 15:33 . 2009-12-26 15:33 -------- d-----w- c:\documents and settings\Matej\Application Data\InstallShield
2009-12-26 15:33 . 2009-12-26 15:33 -------- d-----w- c:\program files\Browser Configuration Utility
2009-12-26 15:32 . 2009-12-26 15:32 -------- d-----w- c:\program files\Gigabyte
2009-12-26 15:28 . 2009-12-26 15:28 -------- d-----w- c:\program files\microsoft frontpage
2009-12-26 15:25 . 2009-12-26 15:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-22 05:21 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-01 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Matej\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-1-2 625952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-05-12 14:43 2181672 ----a-w- c:\program files\EXPERTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-01 19:20 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8886:TCP"= 8886:TCP:xfyxjrot
"26572:TCP"= 26572:TCP:BitComet 26572 TCP
"26572:UDP"= 26572:UDP:BitComet 26572 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/26/2009 4:32 PM 68136]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/1/2010 11:58 AM 691696]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [10/22/2009 3:49 AM 136544]
S2 cxqxqnbd;Server Installer;c:\windows\system32\svchost.exe -k netsvcs [2/28/2006 1:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
udfgxoz
cxqxqnbd
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2052111302-682003330-1004Core.job
- c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-11 13:45]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2052111302-682003330-1004UA.job
- c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-11 13:45]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ÓA±EIO3«ÁéIÂÔO(&B)
TCP: {C28CE3DE-C973-4432-9412-4D776BC518C8} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 19:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cxqxqnbd]
"ServiceDll"="c:\windows\system32\mqmfnfl.dll"
.
Completion time: 2010-02-04 19:26:15
ComboFix-quarantined-files.txt 2010-02-04 18:26

Pre-Run: 448 156 921 856 bytes free
Post-Run: 448 127 500 288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - A97BF71883AC87A3FF802E0607E6A4D7
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#24 Příspěvek od stell »

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
cxqxqnbd
udfgxoz
NetSvc::
cxqxqnbd
udfgxoz
DDS::
uDefault_Search_URL = hxxp://search.qip.ru
IE: ÓA±EIO3«ÁéIÂÔO(&B)
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cxqxqnbd]
"ServiceDll"=-
Rootkit::
c:\windows\system32\mqmfnfl.dll
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#25 Příspěvek od Nostradamus »

ComboFix 10-02-03.08 - Matej 04.02.2010 19:51:09.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1627 [GMT 1:00]
Running from: c:\documents and settings\Matej\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Matej\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CXQXQNBD
-------\Service_cxqxqnbd


((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 16:48 . 2010-02-04 16:48 2269056 ----a-w- C:\FixDownadup.exe
2010-02-04 16:06 . 2010-02-04 16:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:06 . 2010-02-04 16:07 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Adobe
2010-02-03 14:36 . 2010-02-03 14:36 -------- d-----w- c:\documents and settings\Matej\Application Data\teamspeak2
2010-02-03 14:36 . 2010-02-03 14:36 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-02-02 18:05 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-02 18:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-02 18:03 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-02 18:03 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2010-02-02 18:03 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-02 18:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-02 18:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-02 18:02 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-02 18:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-02 18:02 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-02 18:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-02 18:02 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-02 18:02 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-02-02 17:54 . 2010-02-04 17:18 1077786 ----a-w- C:\UsbFix_Upload_Me_IT-3119B06F5BA4.zip
2010-02-02 17:54 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2010-02-02 17:54 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2010-02-02 17:54 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2010-02-02 17:54 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2010-02-02 17:54 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-02-02 17:54 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-02-02 17:50 . 2010-02-04 17:18 -------- d-----w- C:\UsbFix
2010-02-02 17:15 . 2010-02-02 17:15 -------- d-----w- C:\_OTM
2010-02-02 17:05 . 2010-02-02 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 17:05 . 2007-08-15 12:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2010-02-02 17:05 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-02-02 17:05 . 1999-02-09 20:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2010-02-02 17:05 . 2010-02-02 17:09 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-02-02 16:55 . 2010-02-02 16:55 -------- d-----w- C:\rsit
2010-02-02 12:19 . 2010-02-02 20:56 -------- d-----w- C:\SERIA 1
2010-02-01 12:36 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-01 12:36 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-01 12:36 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-01 12:36 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-01 08:40 . 2010-02-01 08:41 -------- d-----w- c:\program files\Prime95
2010-02-01 06:49 . 2010-02-01 06:53 -------- d---a-w- C:\xampp
2010-01-31 23:17 . 2010-01-31 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-31 18:12 . 2010-01-31 18:12 -------- d-----w- c:\windows\system32\Adobe
2010-01-30 22:37 . 2010-02-01 15:24 -------- d-----w- C:\Stranka
2010-01-30 12:19 . 2010-01-30 12:19 -------- d-----w- c:\program files\CCleaner
2010-01-30 12:15 . 2008-01-07 13:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-01-30 12:00 . 2010-01-30 12:00 -------- d-----w- c:\program files\Trend Micro
2010-01-30 11:50 . 2010-01-30 11:50 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\ESET
2010-01-30 11:38 . 2010-01-30 11:38 -------- d-----w- c:\program files\ESET
2010-01-30 11:38 . 2010-01-30 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-28 11:50 . 2010-01-28 11:50 -------- d-----w- C:\mato
2010-01-26 18:32 . 2010-01-26 18:33 69 ----a-w- c:\documents and settings\Matej\jagex_runescape_preferences2.dat
2010-01-26 18:31 . 2010-01-26 18:33 39 ----a-w- c:\documents and settings\Matej\jagex_runescape_preferences.dat
2010-01-26 18:31 . 2010-01-26 18:31 -------- d-----w- c:\windows\.jagex_cache_32
2010-01-26 18:31 . 2010-01-26 18:31 -------- d-----w- c:\windows\Sun
2010-01-26 18:30 . 2010-01-26 18:30 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 18:30 . 2010-01-26 18:30 348160 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\msvcr71.dll
2010-01-26 18:30 . 2010-01-26 18:30 61440 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-739b1875-n\decora-sse.dll
2010-01-26 18:30 . 2010-01-26 18:30 503808 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\msvcp71.dll
2010-01-26 18:30 . 2010-01-26 18:30 499712 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a1d2622-n\jmc.dll
2010-01-26 18:30 . 2010-01-26 18:30 12800 ----a-w- c:\documents and settings\Matej\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-739b1875-n\decora-d3d.dll
2010-01-26 18:30 . 2010-01-26 18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 18:29 . 2010-01-26 18:29 -------- d-----w- c:\program files\Java
2010-01-19 16:08 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-18 20:30 . 2010-01-18 20:30 -------- d-----w- c:\program files\Electronic Arts
2010-01-18 18:53 . 2010-01-18 18:54 -------- d-----w- C:\Fraps
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-17 12:26 . 2010-01-30 12:14 -------- d-----w- c:\program files\BitComet
2010-01-16 20:40 . 2010-01-16 20:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-16 20:40 . 2010-01-16 20:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-16 20:40 . 2010-01-16 20:40 -------- d-----w- c:\program files\OpenAL
2010-01-16 11:32 . 2010-02-02 17:03 -------- d-----w- c:\program files\Halflife 2 Episode 2 DeLEGiON
2010-01-16 10:14 . 2010-01-16 10:14 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Downloaded Installations
2010-01-14 17:24 . 2010-01-14 17:24 -------- d-----w- c:\windows\Eurobattle.net
2010-01-14 17:06 . 2010-01-14 17:27 -------- d-----w- c:\program files\Warcraft III
2010-01-11 13:45 . 2010-01-28 06:50 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Temp
2010-01-07 14:49 . 2010-01-07 14:49 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Opera
2010-01-07 14:49 . 2010-01-31 21:12 -------- d-----w- c:\program files\Opera
2010-01-07 13:50 . 2010-01-31 22:49 -------- d-----w- c:\documents and settings\Matej\Application Data\gtk-2.0
2010-01-07 13:50 . 2010-01-07 13:50 -------- d-----w- c:\documents and settings\Matej\.thumbnails
2010-01-07 13:42 . 2010-01-31 22:57 -------- d-----w- c:\documents and settings\Matej\.gimp-2.6
2010-01-07 13:41 . 2010-01-07 13:41 -------- d-----w- c:\program files\GIMP-2.0
2010-01-07 13:17 . 2010-01-07 13:17 -------- d-----w- c:\documents and settings\Matej\Local Settings\Application Data\Identities
2010-01-06 18:00 . 2010-01-16 11:59 -------- d-----w- c:\program files\Lavalys
2010-01-05 20:51 . 2010-02-02 18:57 -------- d-----w- c:\documents and settings\Matej\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:54 . 2010-01-02 19:10 -------- d-----w- c:\documents and settings\Matej\Application Data\Hamachi
2010-02-04 18:53 . 2010-01-01 18:22 -------- d-----w- c:\program files\Steam
2010-02-04 18:53 . 2009-12-26 15:32 16608 ----a-w- c:\windows\gdrv.sys
2010-02-04 17:56 . 2009-12-31 22:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-04 17:00 . 2009-12-26 15:43 -------- d-----w- c:\documents and settings\Matej\Application Data\Skype
2010-02-04 14:45 . 2010-01-01 17:42 -------- d-----w- c:\documents and settings\Matej\Application Data\TeamViewer
2010-02-04 14:06 . 2009-12-26 15:46 -------- d-----w- c:\documents and settings\Matej\Application Data\skypePM
2010-02-03 19:47 . 2009-12-27 19:51 -------- d-----w- c:\documents and settings\Matej\Application Data\vlc
2010-01-22 20:01 . 2009-12-27 08:16 13104 ----a-w- c:\documents and settings\Matej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 20:36 . 2009-12-26 15:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 12:50 . 2009-12-26 15:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 10:15 . 2009-12-26 15:33 -------- d-----w- c:\program files\AMD
2010-01-16 07:53 . 2010-01-02 19:42 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-16 07:52 . 2010-01-02 19:42 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-08 15:15 . 2009-12-30 21:21 -------- d-----w- c:\program files\Zaparit
2010-01-07 20:06 . 2010-01-01 17:16 -------- d-----w- c:\program files\BitSpirit
2010-01-03 20:12 . 2010-01-03 20:10 -------- d-----w- c:\documents and settings\Matej\Application Data\PSpad
2010-01-03 20:10 . 2010-01-03 20:10 -------- d-----w- c:\program files\PSPad editor
2010-01-02 20:53 . 2010-01-02 20:53 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-01-02 19:41 . 2010-01-02 19:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-02 19:10 . 2010-01-02 19:10 -------- d-----w- c:\program files\Hamachi
2010-01-02 19:10 . 2009-09-23 08:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-02 18:33 . 2010-01-02 18:33 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-02 18:09 . 2010-01-02 18:09 -------- d-----w- c:\program files\EA GAMES
2010-01-02 12:19 . 2010-01-02 12:19 -------- d-----w- c:\program files\directx
2010-01-02 12:19 . 2010-01-02 12:19 -------- d-----w- c:\program files\Rockstar Games
2010-01-01 21:26 . 2009-12-26 15:27 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 21:26 . 2009-12-26 15:27 2748 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-01 17:16 . 2010-01-01 17:16 -------- d-----w- c:\documents and settings\Matej\Application Data\BitSpirit
2010-01-01 11:22 . 2009-12-26 15:54 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 11:16 . 2010-01-01 10:58 -------- d-----w- c:\documents and settings\Matej\Application Data\DAEMON Tools Lite
2010-01-01 10:58 . 2010-01-01 10:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-01 10:58 . 2010-01-01 10:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-01 10:58 . 2010-01-01 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-31 19:13 . 2009-12-31 19:13 -------- d-----w- c:\program files\7-Zip
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-30 10:30 . 2009-12-28 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-30 00:35 . 2009-12-30 00:35 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-28 19:06 . 2009-12-28 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-12-28 19:06 . 2009-12-28 19:05 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2009-12-28 16:22 . 2009-12-26 15:27 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-28 09:23 . 2009-12-26 15:47 -------- d-----w- c:\program files\QIP
2009-12-27 19:50 . 2009-12-27 19:50 -------- d-----w- c:\program files\VideoLAN
2009-12-27 12:58 . 2009-12-27 12:58 -------- d-----w- c:\program files\Sierra
2009-12-26 15:46 . 2009-12-26 15:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-26 15:43 . 2009-12-26 15:41 -------- d-----w- c:\documents and settings\Matej\Application Data\GHISLER
2009-12-26 15:42 . 2009-12-26 15:42 -------- d-----w- c:\program files\Google
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----r- c:\program files\Skype
2009-12-26 15:41 . 2009-12-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-26 15:41 . 2009-12-26 15:41 0 ----a-w- c:\windows\nsreg.dat
2009-12-26 15:40 . 2009-12-26 15:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 15:40 . 2009-12-26 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 15:37 . 2009-12-26 15:37 -------- d-----w- c:\program files\EXPERTool
2009-12-26 15:35 . 2009-12-26 15:33 -------- d-----w- c:\program files\Realtek
2009-12-26 15:33 . 2009-12-26 15:33 -------- d-----w- c:\documents and settings\Matej\Application Data\InstallShield
2009-12-26 15:33 . 2009-12-26 15:33 -------- d-----w- c:\program files\Browser Configuration Utility
2009-12-26 15:32 . 2009-12-26 15:32 -------- d-----w- c:\program files\Gigabyte
2009-12-26 15:28 . 2009-12-26 15:28 -------- d-----w- c:\program files\microsoft frontpage
2009-12-26 15:25 . 2009-12-26 15:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-22 05:21 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 22:49 . 2009-11-07 22:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_18.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-04 18:53 . 2010-02-04 18:53 16384 c:\windows\temp\Perflib_Perfdata_378.dat
+ 2010-02-04 18:53 . 2010-02-04 18:53 16384 c:\windows\temp\Perflib_Perfdata_338.dat
+ 2006-02-28 12:00 . 2010-02-04 18:27 41408 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2010-02-04 18:19 41408 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-02-04 18:27 314292 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-02-04 18:19 314292 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-01 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-11 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Matej\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-1-2 625952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-05-12 14:43 2181672 ----a-w- c:\program files\EXPERTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-01 19:20 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8886:TCP"= 8886:TCP:xfyxjrot
"26572:TCP"= 26572:TCP:BitComet 26572 TCP
"26572:UDP"= 26572:UDP:BitComet 26572 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.1.2010 11:58 691696]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [26.12.2009 16:32 68136]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 3:49 136544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2052111302-682003330-1004Core.job
- c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-11 13:45]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2052111302-682003330-1004UA.job
- c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-11 13:45]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ÓA±EIO3«ÁéIÂÔO(&B)
TCP: {C28CE3DE-C973-4432-9412-4D776BC518C8} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\
FF - component: c:\documents and settings\Matej\Application Data\Mozilla\Firefox\Profiles\zddp3o62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 19:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spft.sys >>UNKNOWN [0x8A69E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d38bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d45a21
SendHandler -> NDIS.sys @ 0xb7d2387b
user & kernel MBR OK

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Matej\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-02-04 19:55:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 18:55
ComboFix2.txt 2010-02-04 18:26

Pre-Run: 448 139 624 448 bytes free
Post-Run: 448 065 896 448 bytes free

- - End Of File - - 2D63E8CC62FCA9A8D2F19CF199159E3B
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#26 Příspěvek od stell »

:arrow: Mamu a brata nepustaj ku tvojmu pc,maju tazko infikovane pocitace. :!:

:arrow: odinstaluj combofix>klik start-klik spustit>zkopiruj prikaz combofix /uninstall

:arrow: stahni OTListIt2>> OTL
- spust
-zafajkni
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>zaboduj>Use SafeList
-klik Run SCAN
-scan trva [10-15 min]>.potom vloz sem
-OTL.txt (bude na ploche).
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#27 Příspěvek od Nostradamus »

Ok, cez sieť sa to neprenáša dúfam.
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#28 Příspěvek od stell »

nemalo by ak nie ste zosietovany,a si za Routrom,ale Flashky nepozicaj nikomu. :)
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Nostradamus
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 02 úno 2010 18:19

Re: Nejde sa pripojit na microsoft.com / avast.cz

#29 Příspěvek od Nostradamus »

Super si ma potešil. Tak to je ide router, a z routra idú 2 káble, jeden ku mne jeden ku nemu :happy: :cap:
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: Nejde sa pripojit na microsoft.com / avast.cz

#30 Příspěvek od stell »

v pohode, :D ,daj log z OTL,nakolko este tam nieco mas a combofix nedokazal s tym poradit.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“