FB virus

[Eastonko]

takze uz pred touto pomocou sa mi to podarilo spustit v safe mode ale tgam mi hadzalo chybu pri aktualizacii cize nebolo to aktualizovane. Pri rychlej kontrole naslo 4 chyby odstranil som ich ale antivirak je stale pod nadvladou. potom som skusal tieto tvoje rady normall mode aktualizacia v pohode spustenie v pohode opet po zacati kontroly okno zmizlo. Skusil som RK dal 2 (log hodim nizsie) opet pustil exe subor ale uz po instalacii sa nespistil vogbec a z ikonky hodi tabulkiu ze nemam opravnenie

[Eastonko]

zabuidol som log z RG..2....

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date : 07/22/2011 10:01:19

Bad processes: 2
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED

Registry Entries: 3
[SUSP PATH] HKLM\[...]\Run : 8774866.exe ("C:\WINDOWS\TEMP\8774866.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt



RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date : 07/22/2011 10:01:19

Bad processes: 2
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED

Registry Entries: 3
[SUSP PATH] HKLM\[...]\Run : 8774866.exe ("C:\WINDOWS\TEMP\8774866.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

[Eastonko]

takze skusal som to cele aj v safe mode aktualizovala sa databaza ale po zacati kontroly sa okno zavrele a nieje nikde..uz neviem co vyskusat

[stell]

no napisal som ti v safe mode spust combofix

[stell]

Ak nedokazes ani tak, v nudzovom rezime spust combofix
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix

[Eastonko]

No momentalne som sa dostal ku kontrole setko funguje zatial 20 chyb ale je to iba s 15 dni starou databazou takze neciem ci to staci treba este aj stym combofixom?

[stell]

potom odstran vsetko, aktualizuj rucne databazu malwarebytes
znova uplna kontrola, najdene odstranit,
potom vloz sem logy
a spust aj combofix a log tiez vloz sem log

[Eastonko]

takze odstranil som prvy krat 20 skodlivych suborov a virov po restarte mi sice uplne zmizol security essential ale uz nehadze ziadnu tabulku a uz ho doinstalovavam rogue killer od 2-5 hadze uplne kratke logy a myslim ze su tam neni ziadne problermy

2) RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date : 07/22/2011 11:17:47

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


3)RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: HOSTSFix -- Date : 07/22/2011 11:18:03

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[11].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt


4)RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: ProxyFix -- Date : 07/22/2011 11:18:57

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[12].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[1].txt ; RKreport[2].txt ;
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt ; RKreport[9].txt


5)RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: DNSFix -- Date : 07/22/2011 11:19:26

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[13].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[1].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt


tak nastudujem este ten kombofix a skusim to prebehnut snim

[stell]

no, mohol si najprv aktualizovat malwarebytes, ak 15 dnova stara databaza bola, ale nic, spust combofix.

[Eastonko]

takze tu je log z combofixu


ComboFix 11-07-21.04 - Owner 22.07.2011 11:40:21.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.459 [GMT 2:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Thumbs.db
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WINRING0_1_0_1
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 09:09 . 2011-07-22 09:09 -------- d-----w- c:\windows\TempB3C8FDF1-A370-AA90-3F6E-101E5F035BF8-Signatures
2011-07-21 17:32 . 2011-07-21 17:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 17:31 . 2011-07-21 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 17:31 . 2011-07-22 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\ufa
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\rpcminer
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\phoenix
2011-07-21 12:57 . 2011-07-21 12:58 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 12:53 . 2011-07-21 12:53 -------- d-----w- c:\windows\av_ico
2011-07-21 12:51 . 2011-07-22 07:23 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-21 12:51 . 2011-07-21 18:27 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-21 12:51 . 2011-07-22 06:56 -------- d-----w- c:\documents and settings\Administrator
2011-07-17 19:14 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
2011-07-12 19:27 . 2011-07-12 19:27 -------- d-----w- c:\program files\DreamWorks Interactive
2011-07-07 11:41 . 2003-05-23 11:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-07 11:41 . 2003-05-23 11:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-07 11:38 . 2003-05-23 11:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-07 11:37 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-07 11:37 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-07 11:37 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-07 11:37 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-07 11:37 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-07 11:37 . 2011-07-07 11:37 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-07 11:37 . 2011-07-07 11:37 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 10:15 . 2011-07-06 10:15 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2011-07-05 14:50 . 2011-07-05 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\MyPhoneExplorer
2011-07-05 14:46 . 2011-07-05 14:50 -------- d-----w- c:\program files\MyPhoneExplorer
2011-07-02 19:35 . 2011-07-02 19:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DOSBox
2011-07-02 19:31 . 2011-07-05 19:38 -------- d-----w- c:\program files\DOSBox-0.74
2011-06-27 19:19 . 2010-12-07 12:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-06-27 19:19 . 2010-12-07 12:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-06-27 19:19 . 2010-12-07 12:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-06-27 19:19 . 2010-12-07 12:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-06-27 19:19 . 2011-06-27 19:19 -------- d-----w- c:\program files\LG Electronics
2011-06-27 19:17 . 2011-06-27 19:17 -------- d-----w- C:\LGP500
2011-06-27 19:16 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-06-27 19:16 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-06-27 19:16 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-06-27 19:16 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-06-27 19:16 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-06-27 19:16 . 2011-06-29 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2011-06-26 16:40 . 2008-04-13 22:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2011-06-26 16:37 . 2011-06-26 16:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-06-24 14:02 . 2011-06-24 14:02 -------- d-----w- c:\program files\Common Files\Steam
2011-06-24 14:02 . 2011-06-29 06:40 -------- d-----w- c:\program files\Steam
2011-06-24 07:38 . 2011-06-24 07:38 -------- d-----w- c:\documents and settings\Owner\Application Data\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 08:36 . 2011-06-03 08:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:05 . 2011-06-03 06:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2010-03-19 15:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 09:35 . 2011-05-26 09:35 65536 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-05-26 09:35 . 2011-05-26 09:35 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut1_3293C06B003F40278380FFD79E38167D.exe
2011-05-14 21:03 . 2011-05-14 21:04 737280 ----a-w- c:\windows\iun6002.exe
2011-05-13 20:10 . 2011-05-13 20:10 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-11 06:09 . 2011-05-11 06:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-10 11:13 . 2011-05-10 11:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-03-19 17:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-03-19 15:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-03-19 15:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-03-19 15:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-03-19 15:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2010-03-19 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2010-03-19 15:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2010-03-19 15:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-03-19 15:51 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-19 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 19:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"d:\\Hry\\Pan\\game.dat"=
"d:\\Hry\\CS\\hl.exe"=
"d:\\Hry\\NHL09\\nhl2009.exe"=
"d:\\Hry\\TrackMania Original\\TrackManiaLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Hry\\Cataclysm\\Launcher.exe"=
"d:\\Hry\\Cataclysm\\BackgroundDownloader.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\eastonko\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\HALO CE\\halo.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);c:\windows\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);c:\windows\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53 82832]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.5.2011 13:13 691696]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [19.3.2010 20:06 11520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2011 19:31 366640]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11.3.2010 15:55 44032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.7.2011 19:31 22712]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [9.5.2011 8:29 73088]
S1 MpKsl04d1232d;MpKsl04d1232d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys [?]
S1 MpKsl10b9fa8f;MpKsl10b9fa8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys [?]
S1 MpKsl2d617679;MpKsl2d617679;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys [?]
S1 MpKsl51714340;MpKsl51714340;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys [?]
S1 MpKsl80b04e45;MpKsl80b04e45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys [?]
S1 MpKsl918de7df;MpKsl918de7df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys [?]
S1 MpKsla1589737;MpKsla1589737;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys [?]
S1 MpKslac6f084d;MpKslac6f084d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys [?]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);c:\windows\system32\pr2ajcyb.exe svc --> c:\windows\system32\pr2ajcyb.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.5.2011 8:28 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [27.6.2011 21:19 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [27.6.2011 21:19 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [27.6.2011 21:19 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [27.6.2011 21:19 25088]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [23.5.2011 13:05 53793]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.7.2011 19:31 41272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19.3.2010 17:51 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Mario - d:\hry\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB774$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\sysprep\sysprep.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2011-07-22 11:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 09:56
.
Pre-Run: 27 343 609 856 bytes free
Post-Run: 29 550 133 248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 82205DE0D683AF65AEE9536F030D9F91

[stell]

otestuj na http://www.virustotal.com
c:\windows\system32\drivers\pe3ajcyb.sys
c:\sysprep\sysprep.exe

Linky z testu vloz sem

[Eastonko]

tak a tu to je
http://www.virustotal.com/file-scan/rep ... 1311329009

http://www.virustotal.com/file-scan/rep ... 1311329677

[stell]

Hm, ok, najdi a zmaz zlozky
c:\windows\update.tray-14-0
c:\windows\update.tray-14-0-lnk

ale,,mas tam este nieco divne
c:\\.\globalroot\Device\svchost.exe\svchost.exe

Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

[Eastonko]

vymazane... no ja neviem ale to mam odkedy mi prisiel eeepc notas z reklamacie...v procesoch je ich asi 10 schvost.exe

[stell]

no vloz sem log z TDSSKILLER