po vymazani viru nejde net
Napsal: 26 pro 2010 15:41
Podla navodu http://www.fasterpccleanclean.com/remov ... virus-2011 bol vymazany, predtym isiel net, teraz je viac odoslanych paketov ako prijatych, prosim o pomoc, dakujem
Stránka 1 z 1
Re: po vymazani viru nejde net
Napsal: 26 pro 2010 15:55
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 . Je možné, že toho tam máte víc.
Re: po vymazani viru nejde net
Napsal: 26 pro 2010 16:22
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-12-26 16:07:47
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (12%) free of 21 GB
Total RAM: 447 MB (27% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-839522115-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-03-22 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-03-22 806912]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2007-11-27 98304]
"LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2001-10-09 818688]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-05-04 1689600]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-03 917504]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-12-05 434176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]
"OEXPRESS"= []
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe
UMScheduler 2.0.lnk - C:\Nokia\Update_Manager\bin\UMScheduler.exe
WinMysqlAdmin.lnk - C:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
"DisallowRun"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
======List of files/folders created in the last 1 months======
2010-12-26 16:00:39 ----D---- C:\rsit
2010-12-26 16:00:39 ----D---- C:\Program Files\trend micro
2010-12-16 21:28:53 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\IAXVLWV
2010-12-16 21:28:25 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\02811a
======List of files/folders modified in the last 1 months======
2010-12-26 16:04:26 ----D---- C:\WINDOWS\Prefetch
2010-12-26 16:00:39 ----RD---- C:\Program Files
2010-12-26 16:00:25 ----A---- C:\WINDOWS\wincmd.ini
2010-12-26 15:17:00 ----D---- C:\WINDOWS\temp
2010-12-26 14:49:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-26 14:28:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-26 14:07:03 ----D---- C:\WINDOWS
2010-12-26 13:16:27 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-05 14:35:11 ----D---- C:\Program Files\ESET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-11-28 685816]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-01 20747]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-11-27 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 a0frlqjc;a0frlqjc; C:\WINDOWS\system32\drivers\a0frlqjc.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-10-09 300544]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-03 495616]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Apache2;Apache2; C:\Program Files\PHP Home Edition 2\Apache2\bin\Apache.exe []
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
S2 MySql;MySql; C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
toto mi vyhodilo vela krat, a nechcelo to poslat v jednej sprave...
Run by Admin at 2010-12-26 16:07:47
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (12%) free of 21 GB
Total RAM: 447 MB (27% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-926492609-839522115-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-03-22 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-03-22 806912]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2007-11-27 98304]
"LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2001-10-09 818688]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-05-04 1689600]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-03 917504]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-12-05 434176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]
"OEXPRESS"= []
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe
UMScheduler 2.0.lnk - C:\Nokia\Update_Manager\bin\UMScheduler.exe
WinMysqlAdmin.lnk - C:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
"DisallowRun"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
======List of files/folders created in the last 1 months======
2010-12-26 16:00:39 ----D---- C:\rsit
2010-12-26 16:00:39 ----D---- C:\Program Files\trend micro
2010-12-16 21:28:53 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\IAXVLWV
2010-12-16 21:28:25 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\02811a
======List of files/folders modified in the last 1 months======
2010-12-26 16:04:26 ----D---- C:\WINDOWS\Prefetch
2010-12-26 16:00:39 ----RD---- C:\Program Files
2010-12-26 16:00:25 ----A---- C:\WINDOWS\wincmd.ini
2010-12-26 15:17:00 ----D---- C:\WINDOWS\temp
2010-12-26 14:49:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-26 14:28:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-26 14:07:03 ----D---- C:\WINDOWS
2010-12-26 13:16:27 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-05 14:35:11 ----D---- C:\Program Files\ESET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-11-28 685816]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-01 20747]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-11-27 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 a0frlqjc;a0frlqjc; C:\WINDOWS\system32\drivers\a0frlqjc.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-10-09 300544]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-03 495616]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Apache2;Apache2; C:\Program Files\PHP Home Edition 2\Apache2\bin\Apache.exe []
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
S2 MySql;MySql; C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
toto mi vyhodilo vela krat, a nechcelo to poslat v jednej sprave...
Re: po vymazani viru nejde net
Napsal: 26 pro 2010 17:29
Ještě tam něco zbylo. Dejte log z ComboFix a budeme čistit.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Re: po vymazani viru nejde net
Napsal: 27 pro 2010 12:57
ComboFix 10-12-26.01 - Admin 2010-12-27 12:36:54.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.447.119 [GMT 1:00]
Running from: H:\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cb.exe
c:\documents and settings\Admin\Recent\cb.dll
c:\documents and settings\Admin\Recent\cb.drv
c:\documents and settings\Admin\Recent\cb.sys
c:\documents and settings\Admin\Recent\cid.exe
c:\documents and settings\Admin\Recent\DBOLE.dll
c:\documents and settings\Admin\Recent\ddv.exe
c:\documents and settings\Admin\Recent\ddv.tmp
c:\documents and settings\Admin\Recent\eb.drv
c:\documents and settings\Admin\Recent\energy.dll
c:\documents and settings\Admin\Recent\energy.tmp
c:\documents and settings\Admin\Recent\exec.sys
c:\documents and settings\Admin\Recent\fix.sys
c:\documents and settings\Admin\Recent\FS.dll
c:\documents and settings\Admin\Recent\kernel32.dll
c:\documents and settings\Admin\Recent\PE.sys
c:\documents and settings\Admin\Recent\PE.tmp
c:\documents and settings\Admin\Recent\ppal.drv
c:\documents and settings\Admin\Recent\ppal.sys
c:\documents and settings\Admin\Recent\sld.tmp
c:\documents and settings\Admin\Recent\SM.tmp
c:\documents and settings\Admin\Recent\tempdoc.exe
C:\i.com
C:\luk1ylq.com
c:\windows\My.ini
E:\cb.exe
E:\i.com
E:\luk1ylq.com
E:\q0dhfjf.exe
E:\qphdin.com
E:\xdw.com
.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.
2010-12-26 15:00 . 2010-12-26 15:09 -------- d-----w- C:\rsit
2010-12-26 15:00 . 2010-12-26 15:00 -------- d-----w- c:\program files\trend micro
2010-12-16 20:28 . 2010-12-16 20:28 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\IAXVLWV
2010-12-16 20:28 . 2010-12-26 13:12 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\02811a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2007-11-27 98304]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-10-09 818688]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 1689600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-03 917504]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-12-05 434176]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]
UMScheduler 2.0.lnk - c:\nokia\Update_Manager\bin\UMScheduler.exe [2007-12-22 28672]
WinMysqlAdmin.lnk - c:\program files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe [N/A]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-02-28 21:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-11-28 685816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-28 222968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
.
Contents of the 'Scheduled Tasks' folder
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:58]
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:58]
2010-12-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-18 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25380
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OEXPRESS - (no file)
AddRemove-AdVantage_DAEM - c:\program files\AdVantage\AdVUninst.exe
AddRemove-HijackThis - c:\HijackThis.exe
AddRemove-Maluch sim_is1 - e:\silva\Hry\zahranicni\Maluch sim\unins000.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 12:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-27 12:48:15
ComboFix-quarantined-files.txt 2010-12-27 11:47
ComboFix2.txt 2009-02-15 21:18
Pre-Run: 2,557,530,112
Post-Run: 2,686,894,080
- - End Of File - - 323BE961D38628386F38C83767F51512
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.447.119 [GMT 1:00]
Running from: H:\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cb.exe
c:\documents and settings\Admin\Recent\cb.dll
c:\documents and settings\Admin\Recent\cb.drv
c:\documents and settings\Admin\Recent\cb.sys
c:\documents and settings\Admin\Recent\cid.exe
c:\documents and settings\Admin\Recent\DBOLE.dll
c:\documents and settings\Admin\Recent\ddv.exe
c:\documents and settings\Admin\Recent\ddv.tmp
c:\documents and settings\Admin\Recent\eb.drv
c:\documents and settings\Admin\Recent\energy.dll
c:\documents and settings\Admin\Recent\energy.tmp
c:\documents and settings\Admin\Recent\exec.sys
c:\documents and settings\Admin\Recent\fix.sys
c:\documents and settings\Admin\Recent\FS.dll
c:\documents and settings\Admin\Recent\kernel32.dll
c:\documents and settings\Admin\Recent\PE.sys
c:\documents and settings\Admin\Recent\PE.tmp
c:\documents and settings\Admin\Recent\ppal.drv
c:\documents and settings\Admin\Recent\ppal.sys
c:\documents and settings\Admin\Recent\sld.tmp
c:\documents and settings\Admin\Recent\SM.tmp
c:\documents and settings\Admin\Recent\tempdoc.exe
C:\i.com
C:\luk1ylq.com
c:\windows\My.ini
E:\cb.exe
E:\i.com
E:\luk1ylq.com
E:\q0dhfjf.exe
E:\qphdin.com
E:\xdw.com
.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.
2010-12-26 15:00 . 2010-12-26 15:09 -------- d-----w- C:\rsit
2010-12-26 15:00 . 2010-12-26 15:00 -------- d-----w- c:\program files\trend micro
2010-12-16 20:28 . 2010-12-16 20:28 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\IAXVLWV
2010-12-16 20:28 . 2010-12-26 13:12 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\02811a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2007-11-27 98304]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-10-09 818688]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 1689600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-03 917504]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-12-05 434176]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]
UMScheduler 2.0.lnk - c:\nokia\Update_Manager\bin\UMScheduler.exe [2007-12-22 28672]
WinMysqlAdmin.lnk - c:\program files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe [N/A]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-02-28 21:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-11-28 685816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-28 222968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
.
Contents of the 'Scheduled Tasks' folder
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:58]
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:58]
2010-12-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-18 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25380
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OEXPRESS - (no file)
AddRemove-AdVantage_DAEM - c:\program files\AdVantage\AdVUninst.exe
AddRemove-HijackThis - c:\HijackThis.exe
AddRemove-Maluch sim_is1 - e:\silva\Hry\zahranicni\Maluch sim\unins000.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 12:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-27 12:48:15
ComboFix-quarantined-files.txt 2010-12-27 11:47
ComboFix2.txt 2009-02-15 21:18
Pre-Run: 2,557,530,112
Post-Run: 2,686,894,080
- - End Of File - - 323BE961D38628386F38C83767F51512
Re: po vymazani viru nejde net
Napsal: 27 pro 2010 19:36
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\documents and settings\All Users\Data aplikací\IAXVLWV
c:\documents and settings\All Users\Data aplikací\02811a
c:\program files\AdVantage
Re: po vymazani viru nejde net
Napsal: 28 pro 2010 10:25
Uz funguje, dakujem 
Re: po vymazani viru nejde net
Napsal: 28 pro 2010 19:40
Nemáte zač!