Tusim mam nejake virusy...

tu posielam vypisi z ComboFix-u a HijackThis-u

Logfile of HijackThis v1.99.1
Scan saved at 11:30: VIRUS ALERT!, on 29. 7. 2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
K:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
K:\Program Files\ICQ6\ICQ.exe
K:\spywarevanisher-full\SpywareVanisher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
K:\programi\HELP!!!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E6CFCF29-E855-420D-9A72-5B69F0F93746} - C:\WINDOWS\system32\rqRlljii.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "K:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Spyware Vanisher] K:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - K:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6802858671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRlljii - C:\WINDOWS\SYSTEM32\rqRlljii.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eqvwamkl - {4D49A7AA-4AAE-4B62-B9DF-E2603BC8B9D7} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {3391413D-81F8-439B-89AA-7BB7494B6DAE} - C:\WINDOWS\wnslvxtf.dll
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - K:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ComboFix 08-07-13.11 - Jakub 2008-07-29 11:32:23.7 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1006 [GMT 2:00]
Running from: C:\Documents and Settings\Jakub\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 11:29 . 2008-07-29 11:29 16,384 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
2008-07-28 19:15 . 2008-07-28 19:15 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-07-28 18:55 . 31,104 C:\WINDOWS\system32\drivers\Winqm54.sys
2008-07-28 18:04 . 2008-07-28 18:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 14:35 . 2008-07-28 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CA
2008-07-28 14:34 . 2008-07-28 14:35 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 14:34 . 2008-07-28 14:34 <DIR> d-------- C:\Program Files\CA
2008-07-28 13:06 . 2008-07-28 13:06 33,152 --a------ C:\WINDOWS\system32\rqRlljii.dll
2008-07-28 13:06 . 2008-07-28 13:06 33,152 --a------ C:\WINDOWS\system32\rqRLdAtq.dll
2008-07-28 13:06 . 2008-07-28 18:55 16,384 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-28 13:05 . 2008-07-28 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL
2008-07-28 13:05 . 2008-07-27 09:57 303,104 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-28 13:05 . 2008-07-27 09:57 274,432 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-28 13:05 . 2008-07-27 09:57 163,840 --a------ C:\WINDOWS\eovp.exe
2008-07-28 13:05 . 2008-07-27 09:57 94,208 --a------ C:\WINDOWS\grswptdl.exe
2008-07-28 12:50 . 2008-07-28 12:53 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-07-28 12:50 . 2008-07-28 12:53 34,758 --a------ C:\WINDOWS\scunin.dat
2008-07-28 12:50 . 2008-07-28 12:53 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-27 20:09 . 2008-07-27 20:09 16 --a------ C:\WINDOWS\encore_launcher.ini
2008-07-23 22:54 . 2008-07-23 22:54 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-15 14:34 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-07-15 14:34 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-07-15 10:38 . 2008-07-15 10:38 233,372 --a------ C:\WINDOWS\t_eJay.inf
2008-07-15 10:38 . 2008-07-15 10:38 63 --a------ C:\WINDOWS\d_ejay2.inf
2008-07-15 10:38 . 2008-07-15 10:38 24 --a------ C:\WINDOWS\dmachine.inf
2008-07-14 15:18 . 2008-07-14 15:18 <DIR> d-------- C:\Program Files\OpenAL
2008-07-14 15:18 . 2008-07-14 15:18 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 15:18 . 2008-07-14 15:18 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-08 11:15 . 2008-07-16 10:49 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-07-06 23:17 . 2008-07-06 23:17 <DIR> d-------- C:\Program Files\MiniAtlas
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-06-30 22:03 . 2008-06-30 22:03 <DIR> d-------- C:\Program Files\THQ
2008-06-30 13:29 . 2008-06-30 13:29 <DIR> d-------- C:\WINDOWS\Fonfs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 18:01 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:49 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 09:37 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\TrueCrypt
2008-06-15 14:51 --------- d-----w C:\Program Files\TrueCrypt
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:43 2,740 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-06-11 09:36 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\uTorrent
2008-06-08 15:35 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 08:39 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 08:39 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-03 18:52 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6CFCF29-E855-420D-9A72-5B69F0F93746}]
2008-07-28 13:06 33152 --a------ C:\WINDOWS\system32\rqRlljii.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]
"ICQ"="K:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]
"Spyware Vanisher"="K:\spywarevanisher-full\SpywareVanisher.exe" [2006-12-24 15:13 4114432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-22 18:24 385024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 20:27 917504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 10:29 139264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-07-28 17:55 258048]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 15:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E6CFCF29-E855-420D-9A72-5B69F0F93746}"= "C:\WINDOWS\system32\rqRlljii.dll" [2008-07-28 13:06 33152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {4D49A7AA-4AAE-4B62-B9DF-E2603BC8B9D7} - C:\WINDOWS\eqvwamkl.dll [2008-07-27 09:57 274432]
"wnslvxtf"= {3391413D-81F8-439B-89AA-7BB7494B6DAE} - C:\WINDOWS\wnslvxtf.dll [2008-07-27 09:57 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRlljii]
2008-07-28 13:06 33152 C:\WINDOWS\system32\rqRlljii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
2008-07-28 18:55 16384 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winll28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqm54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxq42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\BitComet\\BitComet.exe"=
"K:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"K:\\Program Files\\Age of Wonders II\\AoW2.exe"=
"K:\\Program Files\\BitComet\\PatchWise.bak\\BitComet.exe"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"K:\\Program Files\\Computer Artworks\\Evolva\\Evolva.exe"=
"G:\\Viera\\PARTNERI\\DEUTSCHER RING\\Calculator SK\\Deutscher Ring Calculator SK.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"K:\\Program Files\\ICQ6\\ICQ.exe"=
"K:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Winqm54;Winqm54;C:\WINDOWS\system32\Drivers\Winqm54.sys []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S0 Winll28;Winll28;C:\WINDOWS\system32\Drivers\Winll28.sys []
S0 Winxq42;Winxq42;C:\WINDOWS\system32\Drivers\Winxq42.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456cfc16-3f90-11dd-be25-0011119f2e48}]
\Shell\AutoRun\command - M:\autorun.exe
\Shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beacf70-00ee-11dd-b008-0011119f2e48}]
\Shell\AutoRun\command - M:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]
\Shell\AutoRun\command - J:\SETUP.EXE

*Newly Created Service* - WINQM54
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 11:33:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqRlljii.dll
-> C:\WINDOWS\system32\WinCtrl32.dll
.
Completion time: 2008-07-29 11:34:17
ComboFix-quarantined-files.txt 2008-07-29 09:34:12
ComboFix5.txt 2008-07-29 09:32:10
ComboFix4.txt 2008-07-28 17:53:58
ComboFix3.txt 2008-07-28 18:16:30
ComboFix2.txt 2008-07-28 18:44:06

Adresářů: 11, Volných bajtů: 22,494,085,120
Adresářů: 12, Volných bajtů: 22,490,677,248

225 --- E O F --- 2008-07-23 11:18:17

Zdravim,

ten SpywareVanisher vyzera podozrivo => odinstalovat. Bezi tam eTrust IS a NOD v2...

Pouzi Avenger s tymto skriptom:



Na mail mi, prosim, posli zalohu, ktora bude v C:\Avenger\backup.zip, vdaka.


Rucne zmaz:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456cfc16-3f90-11dd-be25-0011119f2e48}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beacf70-00ee-11dd-b008-0011119f2e48}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]


Fixni v HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2


Otestuj na www.virustotal.com tieto subory a vysledky sem skopiruj:

C:\WINDOWS\system32\drivers\Winqm54.sys
C:\WINDOWS\system32\Drivers\Winll28.sys

dakujem za pomoc. plocha je uz v poriadku ale vedla casu mi este stale pise VIRUS ALERT! a tie subory Winqm54.sys a Winll28.sys tak z tych tam je uz iba Winqm54.sys a ten sa tam neda otestovat...vlastne sa z nim neda vobec hybat ani kopirovat...

a ten BackUp neide poslat lebo sa v nom nachadzaju virusi

Hod to este raz do archivu s heslom "infected" a malo by to ist.

Posli mi na mail log zo SysInspectoru a sem posli novy z ComboFixu.

ComboFix 08-07-13.11 - Jakub 2008-07-29 16:48:01.9 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.933 [GMT 2:00]
Running from: C:\Documents and Settings\Jakub\Plocha\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-28 19:15 . 2008-07-28 19:15 0 --a------ C:\WINDOWS\PestPatrol5.INI
2008-07-28 18:04 . 2008-07-28 18:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 14:35 . 2008-07-28 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CA
2008-07-28 14:34 . 2008-07-28 14:35 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-07-28 14:34 . 2008-07-28 14:34 <DIR> d-------- C:\Program Files\CA
2008-07-27 20:09 . 2008-07-27 20:09 16 --a------ C:\WINDOWS\encore_launcher.ini
2008-07-23 22:54 . 2008-07-23 22:54 <DIR> d-------- C:\Program Files\Common Files\snpstd
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:25 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:24 71,680 --a------ C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-07-23 22:32 . 2001-10-24 12:02 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-15 14:34 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-07-15 14:34 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-07-15 10:38 . 2008-07-15 10:38 233,372 --a------ C:\WINDOWS\t_eJay.inf
2008-07-15 10:38 . 2008-07-15 10:38 63 --a------ C:\WINDOWS\d_ejay2.inf
2008-07-15 10:38 . 2008-07-15 10:38 24 --a------ C:\WINDOWS\dmachine.inf
2008-07-14 15:18 . 2008-07-14 15:18 <DIR> d-------- C:\Program Files\OpenAL
2008-07-14 15:18 . 2008-07-14 15:18 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-14 15:18 . 2008-07-14 15:18 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-08 11:15 . 2008-07-16 10:49 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-07-06 23:17 . 2008-07-06 23:17 <DIR> d-------- C:\Program Files\MiniAtlas
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-01 13:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-06-30 22:03 . 2008-06-30 22:03 <DIR> d-------- C:\Program Files\THQ
2008-06-30 13:29 . 2008-06-30 13:29 <DIR> d-------- C:\WINDOWS\Fonfs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 18:01 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:49 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 09:37 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\TrueCrypt
2008-06-15 14:51 --------- d-----w C:\Program Files\TrueCrypt
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:43 2,740 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-06-11 09:36 --------- d-----w C:\Documents and Settings\Jakub\Data aplikací\uTorrent
2008-06-08 15:35 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 08:39 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-16 08:39 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-03 18:52 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:22 1695232]
"ICQ"="K:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-22 18:24 385024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 20:27 917504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 10:29 139264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-07-28 17:55 258048]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 15:09 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 15:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:22 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winll28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqm54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxq42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"K:\\Program Files\\BitComet\\BitComet.exe"=
"K:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"K:\\Program Files\\Age of Wonders II\\AoW2.exe"=
"K:\\Program Files\\BitComet\\PatchWise.bak\\BitComet.exe"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"K:\\Program Files\\Computer Artworks\\Evolva\\Evolva.exe"=
"G:\\Viera\\PARTNERI\\DEUTSCHER RING\\Calculator SK\\Deutscher Ring Calculator SK.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"K:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"K:\\Program Files\\ICQ6\\ICQ.exe"=
"K:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Winqm54;Winqm54;C:\WINDOWS\system32\Drivers\Winqm54.sys []
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]
S0 Winll28;Winll28;C:\WINDOWS\system32\Drivers\Winll28.sys []
S0 Winxq42;Winxq42;C:\WINDOWS\system32\Drivers\Winxq42.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]
\Shell\AutoRun\command - J:\SETUP.EXE

.
- - - - ORPHANS REMOVED - - - -

BHO-{E6CFCF29-E855-420D-9A72-5B69F0F93746} - C:\WINDOWS\system32\rqRlljii.dll
HKCU-Run-Spyware Vanisher - K:\spywarevanisher-full\SpywareVanisher.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 16:48:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-29 16:48:59
ComboFix-quarantined-files.txt 2008-07-29 14:48:58
ComboFix5.txt 2008-07-29 14:47:54
ComboFix4.txt 2008-07-28 18:44:06
ComboFix3.txt 2008-07-29 09:34:20
ComboFix2.txt 2008-07-29 10:39:46

Adresářů: 12, Volných bajtů: 22,491,332,608
Adresářů: 13, Volných bajtů: 22,484,353,024

190 --- E O F --- 2008-07-23 11:18:17

Este ten log zo SysInspectoru.


Tieto subory mozes vratit, su ciste:

ScUnin.exe; scunin.dat; ScUnin

no tak to mi musis poradit ako to mam vratit a okrem toho aky log z toho sysinspekrotu chces?

a neslo to poslat ani ked som to dal pod dalsi archiv na heslo...

Mas archiv backup.zip a v nom najdes spominane subory. Tie jednoducho rozbalis do C:\Windows.

Log v ESI spravis tak, ze spustis aplikaciu, pockas a potom vyberies Subor => Ulozit log (ZIP). Potom subor pripojis ako prilohu a posles. Musi to ist.

Dalsi skript pre Avenger:



Tiez posli zalohu, vdaka.


Zmazat este tento kluc:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de13c112-f836-11dc-afe7-0011119f2e48}]

Co na to pocitac?

nastartoval sa az na druhy krat po restarte....na prvy krat vyhodil na sekundu nejaky error som si nevsimol aky lebo sya vzapeti restartoval ale inac sa nic nezmenilo.
inac bola to asi zla cesta pre tie subory vid nizsie

Rootkit scan active.
No rootkits found!

Driver "Winqm54" deleted successfully.
Driver "Winll28" deleted successfully.
Driver "Winxq42" deleted successfully.

Error: file "C:\WINDOWS\system32\Drivers\Winqm54.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winqm54.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Drivers\Winll28.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winll28.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Drivers\Winxq42.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\Winxq42.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

Hmm, vyzera to tak, ze tam uz nie su. Skus to zistit.


A co virus alert?

no uz tam niesu ale ten virus alert vedla casu je tam stale...

Posli log z Ultimate Process Manageru. Spusti _MAKE_LOG_SK.bat, zaškrtaj tieto položky: bežiace procesy, po spustení, moduly, služby, ovládače.

+ ComboFix z nudzoveho rezimu