PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Log z Combofix

https://pc-help.cnews.cz/viewtopic.php?f=70&t=29030

Stránka 1 z 1

Log z Combofix

Napsal: 08 črc 2008 18:16
od Adriano10
Ahoj všem, vytvořil jsem si log z programu Combofix ale nevím jak postupovat dál, poradí někdo? dík

ComboFix 08-07-07.3 - uživatel 2008-07-08 17:41:34.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.460 [GMT 2:00]
Running from: C:\Documents and Settings\uživatel\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7f70a1df.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aakmqgpt.ini
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bplsqjxe.dll
C:\WINDOWS\system32\cbXpNFwV.dll
C:\WINDOWS\system32\ceqrjdyc.ini
C:\WINDOWS\system32\cydjrqec.dll
C:\WINDOWS\system32\edpirffm.dll
C:\WINDOWS\system32\exjqslpb.ini
C:\WINDOWS\system32\exjqslpb.tmp
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\kdvlf.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\opnkKddD.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\uwsgckrt.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\VwFNpXbc.ini
C:\WINDOWS\system32\VwFNpXbc.ini2
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\WINWGPX.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-07 17:02 . 2008-07-08 17:38 110,479 --a------ C:\WINDOWS\BM7f70a1df.xml
2008-07-06 19:02 . 2008-07-06 19:02 <DIR> d-------- C:\Program Files\Web Technologies
2008-07-06 11:12 . 2008-07-06 11:12 <DIR> d-------- C:\Program Files\ICQ6
2008-06-11 15:59 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 15:51 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1725.sys
2008-06-20 05:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 18:09 --------- d-----w C:\Program Files\AnMing
2008-05-08 18:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-08 17:37 --------- d-----w C:\Program Files\a-squared Free
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-04 15:25 691,545 ----a-w C:\WINDOWS\unins000.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-09-14 20:44 5,632 --sha-w C:\Program Files\Thumbs.db
2006-03-26 05:07 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 18:11 18577448]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="F:\TOM\ICQ\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-18 21:41 286720]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2006-02-27 05:47 471166]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 16:38 1410600]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ICQ Lite"="F:\TOM\ICQ\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"this"="C:\Program Files\Web Technologies\wcs.exe" [2008-07-06 19:02 7680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll
"msacm.WRPR"= aviwrap.dll
"msacm.l3radius"= l3codecp.acm
"msacm.divxa"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"SENTINEL"= snti386.dll
"vidc.yv12"= yv12vfw.dll
"vidc.i420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"G:\\WOLF\\ET.exe"=
"F:\\TOM\\StrongDC.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"G:\\ARMA\\ArmA Demo\\ArmADemo.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\TOM\\ICQ\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 18:00]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 10:10]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 12:16]
R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2005-07-02 06:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-08-30 13:26]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2004-09-01 11:56]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2004-09-01 13:59]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-08-12 09:30]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 23:34:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdvlf.exe - C:\WINDOWS\system32\kdvlf.exe
HKLM-Run-BM7f70a1df - C:\WINDOWS\system32\uwsgckrt.dll
HKLM-Run-7c439243 - C:\WINDOWS\system32\bplsqjxe.dll
SSODL-wetkadmr-{21DEFFE9-D389-44D8-AD07-B1F6E1409A56} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 17:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ALWIL Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-08 17:58:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 15:58:11
ComboFix2.txt 2008-05-08 18:08:26
ComboFix3.txt 2008-05-08 17:51:17
ComboFix4.txt 2008-05-08 17:15:29
ComboFix5.txt 2008-05-06 16:57:17

Adresářů: 16, Volných bajtů: 6,111,166,464
Adres ý…: 19, Volněch bajt…: 6,724,956,160

179 --- E O F --- 2008-06-20 21:33:24

Re: Log z Combofix

Napsal: 08 črc 2008 20:46
od fredik
Vítej na fóru

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\BM7f70a1df.xml

Folder::
C:\Program Files\Web Technologies

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"this"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Re: Log z Combofix

Napsal: 09 črc 2008 18:40
od Adriano10
Dík za radu a přidávám novej log z Combofix a HJT

ComboFix 08-07-07.3 - uživatel 2008-07-09 18:19:14.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.409 [GMT 2:00]
Running from: C:\Documents and Settings\uživatel\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\uživatel\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM7f70a1df.xml
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\wcu.exe
C:\WINDOWS\BM7f70a1df.xml

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 18:07 . 2008-07-09 18:08 <DIR> d-------- C:\Program Files\ICQ6
2008-07-09 16:44 . 2008-07-09 16:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-09 11:12 . 2008-07-09 11:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-09 11:12 . 2008-07-09 11:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 19:03 . 2008-07-05 19:04 <DIR> d-------- C:\Documents and Settings\uživatel\Data aplikací\Miranda
2008-07-05 18:59 . 2008-07-05 18:59 <DIR> d-------- C:\Documents and Settings\uživatel\Data aplikací\ICQ Toolbar
2008-06-11 15:59 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 15:51 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1725.sys
2008-06-22 14:59 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\Nokia Multimedia Player
2008-06-20 05:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-17 19:15 --------- d-----w C:\Documents and Settings\uživatel\Data aplikací\AdobeUM
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 18:09 --------- d-----w C:\Program Files\AnMing
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 15:25 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-04-21 07:03 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 14:47 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-09-14 20:44 5,632 --sha-w C:\Program Files\Thumbs.db
2006-03-26 05:07 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_17.57.53.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 15:52:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 09:07:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-08 14:03:50 68,878 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-07-09 09:11:58 68,878 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-07-08 14:03:50 18,238 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-09 09:11:58 18,238 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-08 14:03:50 352,314 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-07-09 09:11:58 352,314 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-07-08 14:03:50 42,904 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-09 09:11:58 42,904 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-09 16:07:11 156,616 ----a-w C:\WINDOWS\TEMP\{465129FB-974E-4B3A-B946-28437BB9F0A5}\_Setup.dll
+ 2008-07-09 16:07:10 535,552 ----a-w C:\WINDOWS\TEMP\{465129FB-974E-4B3A-B946-28437BB9F0A5}\Disk1\ISSetup.dll
+ 2007-04-27 09:08:58 126,912 ------w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\_IsRes.dll
+ 2008-03-09 14:08:34 147,456 ----a-w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\_ISUser.dll
+ 2008-02-19 16:16:54 389,120 ----a-w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\FlashPlayerControl.dll
+ 2007-04-27 09:10:44 222,144 ------w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\isrt.dll
+ 2008-02-19 16:16:54 437,760 ----a-w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\MoveIt.dll
+ 2007-12-19 13:17:44 78,848 ----a-w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\MReport.dll
+ 2008-02-19 16:16:54 10,752 ----a-w C:\WINDOWS\TEMP\{967493D4-0B20-4CC0-A2C6-5D2DE7A3CD99}\{60DE4033-9503-48D1-A483-7846BD217CA9}\XPFwResolve.dll
- 2008-07-08 15:53:07 53,248 ----a-w C:\WINDOWS\TEMP\catchme.dll
+ 2008-07-09 16:21:54 53,248 ----a-w C:\WINDOWS\TEMP\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 18:11 18577448]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-18 21:41 286720]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2006-02-27 05:47 471166]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 16:38 1410600]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ICQ Lite"="F:\TOM\ICQ\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Reminder-cor40212.lnk - C:\WINDOWS\system32\magnify.exe [2004-08-30 15:43:14 72704]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-24 13:23:08 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll
"msacm.WRPR"= aviwrap.dll
"msacm.l3radius"= l3codecp.acm
"msacm.divxa"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"SENTINEL"= snti386.dll
"vidc.yv12"= yv12vfw.dll
"vidc.i420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"G:\\WOLF\\ET.exe"=
"F:\\TOM\\StrongDC.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"G:\\ARMA\\ArmA Demo\\ArmADemo.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"F:\\TOM\\ICQ\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 18:00]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 10:10]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 12:16]
R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2005-07-02 06:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-08-30 13:26]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2004-09-01 11:56]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2004-09-01 13:59]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-08-12 09:30]

*Newly Created Service* - CATCHME
*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 23:34:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdvlf.exe - C:\WINDOWS\system32\kdvlf.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 18:21:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 18:24:02
ComboFix-quarantined-files.txt 2008-07-09 16:23:36
ComboFix2.txt 2008-07-08 15:58:18
ComboFix3.txt 2008-05-08 18:08:26
ComboFix4.txt 2008-05-08 17:51:17
ComboFix5.txt 2008-05-08 17:15:29

Adresářů: 16, Volných bajtů: 6,381,649,920
Adresářů: 19, Volných bajtů: 6,648,770,560

166 --- E O F --- 2008-06-20 21:33:24





Logfile of HijackThis v1.99.1
Scan saved at 18:40:12, on 9.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\TEMP\Rar$EX00.860\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\TOM\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - F:\TOM\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\TOM\ICQ\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvlf.exe] C:\WINDOWS\system32\kdvlf.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "F:\TOM\ICQ\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\TOM\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\TOM\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=19588
O16 - DPF: {D5AE06F6-9883-4E06-9FE8-4114B16B20BF} (CatFSO2.UserControl1) - http://www.zelenahvezda.cz/katalog/CatFSO2.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Temp\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Temp\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Re: Log z Combofix

Napsal: 09 črc 2008 20:28
od fredik
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvlf.exe] C:\WINDOWS\system32\kdvlf.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked


Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
Obrázek
a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

Používáš ještě Avast, protože ti neběží/nefunguje celý?
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/