ADIRKA - log ke kontrole

[gnaver]

ted my z C:/combofix zmizely vsechny soubory to je v pohode nebo ne?

[Reklama]

[gnaver]

ok v pohode ten combofix mi tam hodil to co sem uz poslal tak jak dal?

[fredik]

Ten log co jsi sem dal z SDFix není celý tak ho sem vlož znovu a celý.

Tento soubor zkus otestovat na VirusTotall a dej sem výsledek.
C:\WINDOWS\system32\uiqzmticq.dll pro lepší nalezení si zapni zobrazení skrytých a systémových souborů.

[gnaver]

prave ze s SDfixu je cely taky sem se divili ze je tam toho nak malo

[gnaver]

virustotall nefunguje stranka

[Damned]

virus total jde, jen zkus chvíli vydržet, nebo zkus http://virusscan.jotti.org/

[gnaver]

tohle je novej vysledek SD

Rebooting...

Normal Mode:
Checking Files:




Folder C:\DOCUME~1\Kuba\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:




Final Check:

Remaining Services:
------------------


Rootkit huy32 maybe active, Use a Rootkit scanner!
Rootkit PE386 maybe active, Use a Rootkit scanner!
Rootkit lzx32 maybe active, Use a Rootkit scanner!
Rootkit msguard maybe active, Use a Rootkit scanner!

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\cod2\\CoD2MP_s.exe"="E:\\cod2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\\HLSW\\hlsw.exe"="E:\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"E:\\Xfire\\Xfire.exe"="E:\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
"E:\\Enemy Territory\\ETDED.exe"="E:\\Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"E:\\Wolfenstein - Enemy Territory\\ETDED.exe"="E:\\Wolfenstein - Enemy Territory\\ETDED.exe:*:Enabled:ETDED"
"E:\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\WINDOWS\\system32\\dd.exe"="C:\\WINDOWS\\system32\\dd.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sm.exe"="C:\\WINDOWS\\system32\\sm.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------
C:\WINDOWS\system32\rsvp32_2.dll Found - LSP!


Checking For Files with Hidden Attributes :


Finished

Rebooting...

Normal Mode:
Checking Files:





ADS Check:




Final Check:

Remaining Services:
------------------


Rootkit huy32 maybe active, Use a Rootkit scanner!
Rootkit PE386 maybe active, Use a Rootkit scanner!
Rootkit lzx32 maybe active, Use a Rootkit scanner!
Rootkit msguard maybe active, Use a Rootkit scanner!

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :


Finished




a pred ukoncenim i to pise ze to nenaslo cestu k C:/documents

[fredik]

Nejdřív pročisti Pc tímto: CCleaner (Čistič a Problémy)

Udělej log z IceSword (Process + Kernel Module) a kdyby bylo něco zvýrazněno červeně tak to označ i v logu.

[gnaver]

tohle vyslo z testu na virustotal



File "uiqzmticq.dll" received on 03.17.2007 at 16:27:50 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 no virus found
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 no virus found
AVG 7.5.0.447 03.17.2007 no virus found
BitDefender 7.2 03.17.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found
ClamAV 0.90.1 03.17.2007 no virus found
DrWeb 4.33 03.17.2007 no virus found
eSafe 7.0.14.0 03.16.2007 no virus found
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.17.2007 no virus found
FileAdvisor 1 03.17.2007 no virus found
Fortinet 2.85.0.0 03.17.2007 no virus found
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.16.2007 no virus found
Ikarus T3.1.1.3 03.17.2007 no virus found
Kaspersky 4.0.2.24 03.17.2007 no virus found
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.17.2007 no virus found
NOD32v2 2123 03.17.2007 no virus found
Norman 5.80.02 03.16.2007 no virus found
Panda 9.0.0.4 03.17.2007 no virus found
Prevx1 V2 03.17.2007 no virus found


Aditional Information
File size: 11 bytes
MD5: 0f67bbda327d915d7aefda15b2092730
SHA1: a97eac12fb3a874275ff72e596f108062051beb4

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior

[gnaver]

nesmaze ten cleaner neco dulezity???

[gnaver]

tak icesword nic neukazal vsechno tam ma v pohode nic neni cerveny

[gnaver]

bojim se opravit ty chybi v aplikacich protoze nechci delat nic s registrem