neunavny vírus

[fonkey]

Ahojte mám problém s vírusom v prvom rade pridám screen:

Kód: Vybrat vše

http://img341.imageshack.us/img341/7366/noda.jpg

disk mám na 3 pratície E,D,C toto mi začalo vyhadzovat ked som dával nak kamoseve usb určitú hru neviem začalo to ale až asi o pol hodinu neskôr ako som zapojil USB(mal tam nieake súbory možno to je z neho nvm)
tú tabulku mi hádže neúnavne stále ALE za každým v inej praticii tzn. D:\s1.exe potom C:\s1.exe a potom E:\s1.exe a takto dookola už som skúšal odpojit siet aj usb aj som restartoval PC ,no stále to robí pls HELPPPPPPPPPPPPP plssss

[fonkey]

ogfile of random's system information tool 1.06 (written by random/random)
Run by Uživateľ at 2010-02-28 19:31:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 968 MB (6%) free of 15 GB
Total RAM: 511 MB (17% free)

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:04, on 28. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Uživateľ\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\Uživateľ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15383&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7122 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE90C38C-97CF-4696-B290-C7973DC9675E}]
Little Fighter 2 Toolbar Helper - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll [2009-10-02 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-10-27 1014520]
{C3CD744D-2FAE-4640-8297-16B5DA423104} - Little Fighter 2 Toolbar - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll [2009-10-02 815104]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-01-06 202064]
"cdoosoft"=C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\herss.exe [2010-02-28 97792]

C:\Documents and Settings\Uživateľ\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"D:\Medium games\NTSD1.9\NTSD_beta1.9\NTSD beta1.9.exe"="D:\Medium games\NTSD1.9\NTSD_beta1.9\NTSD beta1.9.exe:*:Enabled:NTSD beta1.9"
"D:\Medium games\little fighter mega\lf2.net.exe"="D:\Medium games\little fighter mega\lf2.net.exe:*:Disabled:lf2.net"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\SUPER GAMES\Microsoft Games\age of empires II\empires2.exe"="D:\SUPER GAMES\Microsoft Games\age of empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\SUPER GAMES\worms 4 mayhem\WORMS 4 MAYHEM.EXE"="D:\SUPER GAMES\worms 4 mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"D:\downloads\metin2cz\metin2.bin"="D:\downloads\metin2cz\metin2.bin:*:Enabled:metin2"
"D:\Medium games\LF2_v2.0a\lf2.exe"="D:\Medium games\LF2_v2.0a\lf2.exe:*:Enabled:lf2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c9a620-0203-11df-b0c3-00a1b0018a34}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c3-0584-11de-8b38-806d6172696f}]
shell\AutoRun\command - s1.exe
shell\open\command - s1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c4-0584-11de-8b38-806d6172696f}]
shell\AutoRun\command - E:\s1.exe
shell\open\command - E:\s1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c6-0584-11de-8b38-806d6172696f}]
shell\AutoRun\command - s1.exe
shell\open\command - s1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9543a0-2488-11df-b0fd-00a1b0018a34}]
shell\AutoRun\command - H:\s1.exe
shell\open\command - H:\s1.exe


======List of files/folders created in the last 1 months======

2010-02-28 19:31:20 ----D---- C:\Program Files\trend micro
2010-02-28 19:31:19 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-02-28 19:31:24 ----D---- C:\WINDOWS\Prefetch
2010-02-28 19:31:21 ----D---- C:\WINDOWS\Temp
2010-02-28 19:31:20 ----RD---- C:\Program Files
2010-02-28 18:58:17 ----D---- C:\Program Files\Mozilla Firefox
2010-02-28 18:54:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 17:43:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 17:43:03 ----HD---- C:\WINDOWS\inf
2010-02-28 17:01:34 ----SHD---- C:\WINDOWS\Installer
2010-02-28 13:34:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-28 12:30:26 ----D---- C:\WINDOWS
2010-02-26 11:41:31 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-22 11:51:27 ----D---- C:\WINDOWS\system32\drivers
2010-02-20 17:41:09 ----D---- C:\Downloads
2010-02-20 15:15:38 ----D---- C:\Documents and Settings\Uživateľ\Data aplikací\U3
2010-02-10 21:17:30 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-05-29 412623]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-30 25280]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 a44pz91b;a44pz91b; C:\WINDOWS\system32\drivers\a44pz91b.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-10-27 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-18 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-18 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]

[fonkey]

spustim combofix potom vyhodi tabulku niečo ako že sa to načítava načíta sa to a potom nič a dookola to isé raz mi vyhodilo potom tie podmienky dal som áno ale dalej nič,už som aj reštartol PC ale stále mi nechce spustit scan pls čo mam robiť,nedarí sa mi to spustit (spusitm combofix nacita a dalej proste nic)

[fonkey]

All processes killed
========== PROCESSES ==========
No active process named herss.exe was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c3-0584-11de-8b38-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286ec8c3-0584-11de-8b38-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c4-0584-11de-8b38-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286ec8c4-0584-11de-8b38-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286ec8c6-0584-11de-8b38-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286ec8c6-0584-11de-8b38-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9543a0-2488-11df-b0fd-00a1b0018a34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d9543a0-2488-11df-b0fd-00a1b0018a34}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1818264 bytes

User: Uivate
->Temp folder emptied: 0 bytes

User: Uživateľ
->Temp folder emptied: 7050779 bytes
->Temporary Internet Files folder emptied: 9291744 bytes
->Java cache emptied: 39983956 bytes
->FireFox cache emptied: 47427405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12979790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115,00 mb


OTL by OldTimer - Version 3.1.30.3 log created on 02282010_210220

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
1)))to je ten log z toho OTL ostatne kroky ešte idem spraviť
2)))))takže tu je ten ZIP a ešte tu dám aj screen čo mi vyhodilo po tom natstaveni BOOT.ini ...atddd

Kód: Vybrat vše

http://www.ulozisko.sk/266724/ntbtlog.zip

screen:

Kód: Vybrat vše

http://img694.imageshack.us/img694/4753/hlaska.jpg

pls co to vlastne znamena? ked stiknem ok potom mi ukaze to co si mi prikazal v start a spusit.
ten posledný krok tu dám po dokončení skenu DIKES
3))))to je ten rootkiller
HKU\S-1-5-21-602162358-1935655697-1060284298-1003\console_combofixbackup 28. 2. 2010 19:59 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 28. 2. 2009 11:54 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 28. 2. 2009 11:54 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 28. 2. 2010 21:26 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 28. 2. 2010 21:26 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastTraceFailure 28. 2. 2010 21:26 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 6. 3. 2009 9:32 0 bytes Access is denied.
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em002_32.dat 28. 2. 2010 18:34 21.85 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Updfiles\temp\em002_32.dat 28. 2. 2010 19:34 21.85 MB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\A0061787.ver 28. 2. 2010 19:33 44.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\A0061788.ver 28. 2. 2010 10:18 44.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\A0061789.ver 28. 2. 2010 19:33 44.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 28. 2. 2010 21:26 64.00 KB Visible in Windows API, but not in MFT or directory index.
E:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\change.log 28. 2. 2010 22:01 1.11 KB Visible in Windows API, but not in MFT or directory index.
E:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\change.log.7 28. 2. 2010 22:05 1.11 KB Hidden from Windows API.
E:\System Volume Information\_restore{95374BE7-5CB6-4908-B183-D05F5509C91B}\RP129\RestorePointSize 28. 2. 2010 22:05 8 bytes Hidden from Windows API.
4)))))ok ale vyskytol sa mi problém ktorý som nepovažoval za vážny(myslel som že po odstraneni vyrusus pojde preč na chvilu bol preč ale zas je tu(ten nespomenuty problem)
KED CHCEM OTVORIT NIEAKU PARTICIU DISKU CIžE E,D ALEBO E,tak mi píše pomocou akého programu to chcem otvorit proste niečo ako keby som chcel otvorit iso subor PLS CO MAM S TYM ROBIT

[fonkey]

nabotrovat s podporou site?????NETWORK? mam tam len network,minimal,dspair(mozno neviem ci myslis toto)

[fonkey]

oki,tak ja som teraz ako 1. spravil ten combo fix tu je vysledok:(ten mcofing som este nesptavil (nvm ci je to podstatne)

ComboFix 10-03-01.01 - Uživateľ . 03. 2010 20:54:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.252 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživateľ\Plocha\abraka.com.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\UIVATE~1\LOCALS~1\Temp\cvasds0.dll
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-28 18:31 . 2010-02-28 18:32 -------- d-----w- c:\program files\trend micro
2010-02-28 18:31 . 2010-02-28 18:32 -------- d-----w- C:\rsit
2010-02-22 10:51 . 2010-02-22 10:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 15:55 . 2010-01-02 15:55 -------- d-----w- c:\program files\Ask.com
2010-01-02 15:54 . 2010-01-02 15:54 -------- d-----w- c:\program files\DsNET Corp
2009-12-13 08:48 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 08:48 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2009-10-19 12:07 . 2009-10-19 12:07 2080 ----a-w- c:\program files\Uninstall.ini
2009-10-19 12:07 . 2009-01-07 18:24 74330 ----a-w- c:\program files\Uninstall.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE90C38C-97CF-4696-B290-C7973DC9675E}]
2009-10-02 15:09 815104 ----a-w- c:\program files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 17:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3CD744D-2FAE-4640-8297-16B5DA423104}"= "c:\program files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll" [2009-10-02 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{c3cd744d-2fae-4640-8297-16b5da423104}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C3CD744D-2FAE-4640-8297-16B5DA423104}"= "c:\program files\Little Fighter 2 Toolbar\v3.3.0.2\Little_Fighter_2_Toolbar.dll" [2009-10-02 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{c3cd744d-2fae-4640-8297-16b5da423104}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-01-06 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\U§ivate–\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Metin2"=C:\Metin2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"d:\\Medium games\\NTSD1.9\\NTSD_beta1.9\\NTSD beta1.9.exe"=
"d:\\Medium games\\little fighter mega\\lf2.net.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\SUPER GAMES\\Microsoft Games\\age of empires II\\empires2.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\SUPER GAMES\\worms 4 mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\downloads\\metin2cz\\metin2.bin"=
"d:\\Medium games\\LF2_v2.0a\\lf2.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21. 12. 2007 8:21 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 9:16 472280]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5. 3. 2009 8:31 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6. 3. 2009 8:58 685816]
S3 DMZGBMZ;DMZGBMZ;c:\docume~1\UIVATE~1\LOCALS~1\Temp\DMZGBMZ.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\DMZGBMZ.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22. 2. 2010 11:51 23456]
S3 LQR;LQR;c:\docume~1\UIVATE~1\LOCALS~1\Temp\LQR.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\LQR.exe [?]
S3 MJIGUZLUNR;MJIGUZLUNR;c:\docume~1\UIVATE~1\LOCALS~1\Temp\MJIGUZLUNR.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\MJIGUZLUNR.exe [?]
S3 OWGEISPDFJRLG;OWGEISPDFJRLG;c:\docume~1\UIVATE~1\LOCALS~1\Temp\OWGEISPDFJRLG.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\OWGEISPDFJRLG.exe [?]
S3 VIZTCOUNATRZ;VIZTCOUNATRZ;c:\docume~1\UIVATE~1\LOCALS~1\Temp\VIZTCOUNATRZ.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\VIZTCOUNATRZ.exe [?]
S3 XNPLKQRDP;XNPLKQRDP;c:\docume~1\UIVATE~1\LOCALS~1\Temp\XNPLKQRDP.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\XNPLKQRDP.exe [?]
S3 ZXP;ZXP;c:\docume~1\UIVATE~1\LOCALS~1\Temp\ZXP.exe --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\ZXP.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-03-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 17:40]

2010-03-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživateľ\Data aplikací\Mozilla\Firefox\Profiles\eirr5rkz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.warxtreme.com/index.php
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU3&o=15380&locale=en_EU&q=

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 20:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-01 21:01:32
ComboFix-quarantined-files.txt 2010-03-01 20:01

Před spuštěním: 1 039 527 936
Po spuštění: 1 011 503 104

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog

- - End Of File - - 92FCD79D3D9FD5454FB31BDB21B5CC0A

DAL SEM TEN SAFE BOOT A DAL K TOMU NETWORK A TED MAM ONLY NUDZOVY REZIM S NETOM ,mg TERAZ TO MM ZMENIT NA KTORE?

[fonkey]

myslim ze niej e ptorebne sme vkladat ten log z testu(úplného) s tym Malwarbytes lebo mi tma nenašlo žiadnu infekciu
TAK TO Už JE MôJ PC čISTý?
šak ten combofix to vymazal či nie?(aj on)

[fonkey]

v tom otl mi to sekne asi(nvm presne ten cely nazov) pri tomto:[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
2x som skúšal ale seklo to a nepohlo sa to už proste

[fonkey]

tu je ten auto scan:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-03 15:35:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF8430FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8431340]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823681E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 820CE790

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

ted jdu delat to OTL a pak full scan
v safe mode ten otl aj tak sekol
pridavam screen po rýchlom scane gmer:

Kód: Vybrat vše

http://img156.imageshack.us/img156/4109/gmerjpeg.jpg

ktore mam odskrtnut a ktore nie??(sry ja som z toho co si písal pochopil ze nechat len C disk a IAT/EAT

[fonkey]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 18:30:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF842B0D0]
SSDT sptd.sys ZwEnumerateKey [0xF8430FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8431340]
SSDT sptd.sys ZwOpenKey [0xF842B0B0]
SSDT sptd.sys ZwQueryKey [0xF8431418]
SSDT sptd.sys ZwQueryValueKey [0xF8431298]
SSDT sptd.sys ZwSetValueKey [0xF84314AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F788E8AC 5 Bytes JMP 81EB6770
? System32\Drivers\awkhh00o.SYS Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[304] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F844206C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8442018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84649AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844206C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842C61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F844129A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823681E8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 81F2D790
Device \Driver\PCI_NTPNP2768 \Device\00000040 sptd.sys
Device \Driver\usbohci \Device\USBPDO-0 8215F790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823D81E8
Device \Driver\dmio \Device\DmControl\DmConfig 823D81E8
Device \Driver\dmio \Device\DmControl\DmPnP 823D81E8
Device \Driver\dmio \Device\DmControl\DmInfo 823D81E8
Device \Driver\usbohci \Device\USBPDO-1 8215F790

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8236A1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8236A1E8
Device \Driver\Cdrom \Device\CdRom0 81F8D438
Device \Driver\Ftdisk \Device\HarddiskVolume3 8236A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8C0DA5C2-363A-481D-8958-5D4286F00DD6} 820C51E8
Device \Driver\Cdrom \Device\CdRom1 81F8D438
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F837FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F837FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F837FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F837FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 820C51E8
Device \Driver\NetBT \Device\NetbiosSmb 820C51E8
Device \Driver\usbohci \Device\USBFDO-0 8215F790
Device \Driver\usbohci \Device\USBFDO-1 8215F790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8209D620
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8209D620
Device \Driver\Ftdisk \Device\FtControl 8236A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A0CE4EB-DC51-4F58-9F62-59436C70AB3E} 820C51E8
Device \Driver\awkhh00o \Device\Scsi\awkhh00o1Port2Path0Target0Lun0 81F0E438
Device \Driver\awkhh00o \Device\Scsi\awkhh00o1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\awkhh00o \Device\Scsi\awkhh00o1 81F0E438
Device \Driver\awkhh00o \Device\Scsi\awkhh00o1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81F2D790

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 81F17790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0xCB 0x2E 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x62 0x62 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0x15 0x0E 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x77 0x9C 0xEF 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x7E 0xEC 0x99 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0xCB 0x2E 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x62 0x62 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0x15 0x0E 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x77 0x9C 0xEF 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x7E 0xEC 0x99 0x7F ...

---- EOF - GMER 1.0.15 ----

[fonkey]

neviem, vypol som nod a všetky aplikacie aj RAM merač proste komplet a stiahol som otl ked sa stiahol premenoval som a seklo to zas na tom (asi tomto)
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[fonkey]

tak ja sem ten txt dokument pod tým jménem presunul na abraka.com.exe pak se resetl comp a delalo vše jak pri normal zapnutí combofixu po té co se to dodelalo txt document se vytratik log:
ComboFix 10-03-01.01 - Uživateľ . 03. 2010 19:21:56.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.261 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživateľ\Plocha\abraka.com.exe
Použité ovládací přepínače :: c:\documents and settings\Uživateľ\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\system32\drivers\DrvAgent32.sys"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-02 11:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 11:50 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 11:50 . 2010-03-02 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 20:02 . 2010-02-28 20:02 -------- d-----w- C:\_OTL
2010-02-28 18:31 . 2010-02-28 18:32 -------- d-----w- c:\program files\trend micro
2010-02-28 18:31 . 2010-02-28 18:32 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 08:48 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2009-12-13 08:48 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2009-10-19 12:07 . 2009-10-19 12:07 2080 ----a-w- c:\program files\Uninstall.ini
2009-10-19 12:07 . 2009-01-07 18:24 74330 ----a-w- c:\program files\Uninstall.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-01_19.59.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 18:27 . 2010-03-03 18:27 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-01-06 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\U§ivate–\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Metin2"=C:\Metin2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"d:\\Medium games\\NTSD1.9\\NTSD_beta1.9\\NTSD beta1.9.exe"=
"d:\\Medium games\\little fighter mega\\lf2.net.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\SUPER GAMES\\Microsoft Games\\age of empires II\\empires2.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\SUPER GAMES\\worms 4 mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\downloads\\metin2cz\\metin2.bin"=
"d:\\Medium games\\LF2_v2.0a\\lf2.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6. 3. 2009 8:58 685816]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21. 12. 2007 8:21 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 9:16 472280]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5. 3. 2009 8:31 246520]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-03-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.viry.cz/forum
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Uživateľ\Data aplikací\Mozilla\Firefox\Profiles\eirr5rkz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.warxtreme.com/index.php
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU3&o=15380&locale=en_EU&q=

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 19:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x8238A8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8589f28
\Driver\ACPI -> ACPI.sys @ 0xf83eacb8
\Driver\atapi -> sfsync02.sys @ 0xf85568b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8289bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8295a21
SendHandler -> NDIS.sys @ 0xf8289d44
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(320)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-03 19:31:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-03 18:31
ComboFix2.txt 2010-03-01 20:01

Před spuštěním: 941 817 856
Po spuštění: 908 247 040

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 655EEFA2B74C1E71E1D5C8ABD9042064

CHCI SE ZEPTAT PROč MáM V C DISC TAKOVE SúBORY CO MAJí SLABé PREKRYTí IKONY

[fonkey]

mne v tedy blbol net takže combofix mam 1 2 3 a abraka.com len jednu a pisal som všetky názvy a system to nemože najst

[fonkey]

ok porobil som to ale ja neviem v tych logoch z rsit je toho viac(aj z minula) tak tu je upload
:

Kód: Vybrat vše

http://www.ulozisko.sk/267977/rsit.rar

[fonkey]

BIG thX
fak velká díky jak je i videt máš kopu skušeností , hh co já nemám ani mít nebudu(možná j) proste dík HELPNUL SI MI V nouzi