Prosim o kontrolu logu

[Chayen]

Hotovo:


ComboFix 07-12-21.4 - Katka 2007-12-29 16:23:18.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.632 [GMT 1:00]
Running from: C:\Documents and Settings\Katka\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BrwsPtnr.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-29 15:16 . 2007-12-29 15:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-29 14:57 . 2007-12-29 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-12-29 13:03 . 2007-12-29 13:03 1,908 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-29 13:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 13:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-29 13:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 13:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-29 13:02 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-29 13:01 . 2007-12-29 15:14 334 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 12:42 . 2007-12-29 12:42 <DIR> d-------- C:\Program Files\CCleaner
2007-12-26 01:00 . 2007-12-26 01:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 21:51 . 2006-02-10 18:18 258,048 --------- C:\WINDOWS\system32\sptlib02.dll
2007-12-25 21:51 . 2006-04-21 18:42 253,952 --------- C:\WINDOWS\system32\sptlib01.dll
2007-12-25 21:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-12-25 21:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2007-12-25 21:50 . 2007-12-25 21:50 <DIR> d-------- C:\Program Files\AVerMedia
2007-12-25 21:49 . 2007-12-25 21:49 <DIR> d-------- C:\Program Files\AVerTV 6.0
2007-12-17 22:00 . 2007-12-17 22:00 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 17:39 --------- d-----w C:\Program Files\PDFCreator
2007-11-07 17:05 --------- d-----w C:\Program Files\AcroPlot
2007-10-30 23:27 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 20:14 186,609 ----a-w C:\WINDOWS\system32\winstlr32.exe
2007-10-10 23:50 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:50 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:50 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:50 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:50 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:50 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cmos]
@={8A4DE897-E609-4670-8E8F-B813B8DF31A3}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Správa překryvné ikony digitálních podpisů AutoCADu ]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2005-03-05 16:18 136312 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-17 22:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 22:07]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 19:01]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe [2006-11-22 21:01:58]
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 17:18:22]
QuickTV6.lnk - C:\Program Files\AVerTV 6.0\AVerQT.exe [2006-05-05 16:10:54]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E1DA5BAC-D5B6-4D14-85CB-4792F873E0B4}"= C:\WINDOWS\system32\serole.dll [2003-03-31 14:00 57344]
"{4208FFE9-E806-4826-9F95-5ACFD9A4772B}"= C:\WINDOWS\system32\wmsnms.dll [2003-03-31 14:00 57344]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 15:26]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 02:50]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 16:27:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 16:28:47
.
2007-12-14 06:29:19 --- E O F ---

[Reklama]

[paul27]

Stáhni si Avenger: http://www.spyware.cz/spyware.cz/download/avenger.exe

spusť ho - zatrhni imput script manually - klik na lupu - do prázdnýho okna nakopíruj tuto tučný:

Files to delete:
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\Process.exe


- klik na done - klik na semafor - potvrdit varování - pc se restartuje - po restartu vyběhne log, který sem zkopíruj.

[Chayen]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ooreqcio

*******************

Script file located at: \??\C:\WINDOWS\vmbltsqy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\Process.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[paul27]

Soubory se krásně smazaly. Takže pokud jsem něco nepřehlídnul v tom ComboFixu, tak je to v pořádku.

[Chayen]

Super, tak diky moc...

[paul27]

Nemáš zač. Ještě se sem radši mrkni pozděj, co kdybych něco přehlídnul v tom ComboFixu. Teprve s ním začínám.