Dobrý den,
prosím o kontorlu logu, poslední době se zničehonic otevře internet a nabízí stažení software proti spywaru a analyzuje mi to pc, už fakt nevím pořád se toho nemužu zbavit
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:15, on 1.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe
C:\program files\freecall.com\freecall\freecall.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\standa\Dokumenty\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121307 serial=DR12WCX-1305119-MGV lang=CZ
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Wireless Presenter] C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe /NOSPLASH
O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0112757498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0113133068
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kam-cam01.cam.jcu.cz/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://kam-cam02.cam.jcu.cz/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02DE7EB3-857D-4AC6-8B66-50E930A59623}: NameServer = 160.217.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{02DE7EB3-857D-4AC6-8B66-50E930A59623}: NameServer = 160.217.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{02DE7EB3-857D-4AC6-8B66-50E930A59623}: NameServer = 160.217.1.10
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mlk - Unknown owner - C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
prosím o kontrolu logu
Znáš tohle: C:\WINDOWS\system32\CNAB4RPK.EXE ? Pokud ne, tak to nech otestovat na http://www.virustotal.com
Stáhněte a uložte na plochu ComboFix: http://download.bleepingcomputer.com/sU ... mboFix.exe
spusťte aplikaci pod účtem s administrátorským oprávněním - následuje licenční ujednání, stiskněte klávesu 1 pro pokračování - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem, který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
Stáhněte a uložte na plochu ComboFix: http://download.bleepingcomputer.com/sU ... mboFix.exe
spusťte aplikaci pod účtem s administrátorským oprávněním - následuje licenční ujednání, stiskněte klávesu 1 pro pokračování - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem, který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
jojo ten exe soubor znám mam to v pc uz dlouho od toho to nebude
tady ten log a děkuji za radu
ComboFix 08-01-02.1 - standa 2008-01-02 17:12:52.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.205 [GMT 1:00]
Running from: C:\Documents and Settings\standa\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\#SharedObjects\PRZWZDB5\iforex.com
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\#SharedObjects\PRZWZDB5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt.dat
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt.exe
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt_nav.dat
c:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt_navps.dat
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Privacy Policy.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Terms and conditions.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Website.lnk
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\Privacy Policy.url
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\Terms and conditions.url
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\messengerskinner\Website.url
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-02 17:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-12 10:05 . 2007-12-12 10:05 306,688 --a------ C:\WINDOWS\system32\ghbaqdpzbe.exe
2007-12-11 21:04 . 2007-12-11 21:22 319,488 --a------ C:\WINDOWS\system32\vljbanrpq.exe
2007-12-11 12:06 . 2007-12-11 12:06 277,504 --a------ C:\WINDOWS\system32\qexcadi.exe
2007-12-11 11:38 . 2007-12-11 11:38 310,784 --a------ C:\WINDOWS\system32\cridhp.exe
2007-12-07 13:54 . 2007-12-07 13:54 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-07 13:52 . 2007-12-07 13:52 268 --ah----- C:\sqmdata00.sqm
2007-12-07 13:52 . 2007-12-07 13:52 244 --ah----- C:\sqmnoopt00.sqm
2007-12-07 13:40 . 2007-12-07 13:40 <DIR> d-------- C:\Program Files\Macrogaming
2007-12-07 13:33 . 2007-12-07 13:41 <DIR> d-------- C:\Documents and Settings\standa\Contacts
2007-12-07 00:01 . 2007-12-07 00:01 135,168 --a------ C:\WINDOWS\system32\CAPI2_JNI.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 20:01 --------- d-----w C:\Documents and Settings\standa\Data aplikací\uTorrent
2007-12-09 11:36 --------- d-----w C:\Documents and Settings\standa\Data aplikací\FreeCall
2007-11-30 09:16 --------- d-----w C:\Program Files\SNLBar
2007-11-29 22:44 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-11-29 21:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 14:13 81 ----a-w C:\CTX.DAT
2007-11-14 17:12 --------- d-----w C:\Program Files\Valve
2007-11-13 14:31 --------- d-----w C:\Documents and Settings\standa\Data aplikací\Corel
2007-11-13 14:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-13 14:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 16:12 --------- d-----w C:\Program Files\PDFTools
2007-11-02 17:26 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\FLEXnet
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Wireless Presenter"="C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe" [2006-03-24 11:39 913408]
"FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [2007-04-17 13:28 7247408]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 08:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 22:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 20:00 327680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 09:25 180269]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 08:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-01 20:08 921600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-29 22:46]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-03-13 12:43]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS [2001-10-02 09:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2003-02-26 13:38]
S0 aeggaftb;aeggaftb;C:\WINDOWS\system32\drivers\docgchtj.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 12:41]
S3 FLEXlm Service 1;FLEXlm Service 1;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 IADI;Nokia 5510 Device Interface Driver;C:\WINDOWS\system32\DRIVERS\IADI.SYS [2001-08-28 09:39]
S3 mlk;mlk;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-04-16 07:04]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:15:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-02 17:16:22
ComboFix-quarantined-files.txt 2008-01-02 16:16:12
tady ten log a děkuji za radu
ComboFix 08-01-02.1 - standa 2008-01-02 17:12:52.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.205 [GMT 1:00]
Running from: C:\Documents and Settings\standa\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\#SharedObjects\PRZWZDB5\iforex.com
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\#SharedObjects\PRZWZDB5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\standa\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\standa\Data aplikací\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt.dat
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt.exe
C:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt_nav.dat
c:\Documents and Settings\standa\Local Settings\Data aplikací\vlpmpzt_navps.dat
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Privacy Policy.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Terms and conditions.lnk
C:\Documents and Settings\standa\Nabídka Start\Programy\MessengerSkinner\Website.lnk
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\Privacy Policy.url
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\Terms and conditions.url
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\messengerskinner\Website.url
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-02 17:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-12 10:05 . 2007-12-12 10:05 306,688 --a------ C:\WINDOWS\system32\ghbaqdpzbe.exe
2007-12-11 21:04 . 2007-12-11 21:22 319,488 --a------ C:\WINDOWS\system32\vljbanrpq.exe
2007-12-11 12:06 . 2007-12-11 12:06 277,504 --a------ C:\WINDOWS\system32\qexcadi.exe
2007-12-11 11:38 . 2007-12-11 11:38 310,784 --a------ C:\WINDOWS\system32\cridhp.exe
2007-12-07 13:54 . 2007-12-07 13:54 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-07 13:52 . 2007-12-07 13:52 268 --ah----- C:\sqmdata00.sqm
2007-12-07 13:52 . 2007-12-07 13:52 244 --ah----- C:\sqmnoopt00.sqm
2007-12-07 13:40 . 2007-12-07 13:40 <DIR> d-------- C:\Program Files\Macrogaming
2007-12-07 13:33 . 2007-12-07 13:41 <DIR> d-------- C:\Documents and Settings\standa\Contacts
2007-12-07 00:01 . 2007-12-07 00:01 135,168 --a------ C:\WINDOWS\system32\CAPI2_JNI.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 20:01 --------- d-----w C:\Documents and Settings\standa\Data aplikací\uTorrent
2007-12-09 11:36 --------- d-----w C:\Documents and Settings\standa\Data aplikací\FreeCall
2007-11-30 09:16 --------- d-----w C:\Program Files\SNLBar
2007-11-29 22:44 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-11-29 21:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 14:13 81 ----a-w C:\CTX.DAT
2007-11-14 17:12 --------- d-----w C:\Program Files\Valve
2007-11-13 14:31 --------- d-----w C:\Documents and Settings\standa\Data aplikací\Corel
2007-11-13 14:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-11-13 14:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 16:12 --------- d-----w C:\Program Files\PDFTools
2007-11-02 17:26 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\FLEXnet
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Wireless Presenter"="C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe" [2006-03-24 11:39 913408]
"FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [2007-04-17 13:28 7247408]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 08:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 22:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 20:00 327680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 09:25 180269]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 08:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-01 20:08 921600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-29 22:46]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-03-13 12:43]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS [2001-10-02 09:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2003-02-26 13:38]
S0 aeggaftb;aeggaftb;C:\WINDOWS\system32\drivers\docgchtj.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 12:41]
S3 FLEXlm Service 1;FLEXlm Service 1;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 IADI;Nokia 5510 Device Interface Driver;C:\WINDOWS\system32\DRIVERS\IADI.SYS [2001-08-28 09:39]
S3 mlk;mlk;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-04-16 07:04]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:15:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-02 17:16:22
ComboFix-quarantined-files.txt 2008-01-02 16:16:12
No něco tam je, ale něco bych radši nechal zkontrolovat na http://www.virustotal.com a až pak kdyžtak smazal všechno najednou. Takže tohle nech prosím otestovat na http://www.virustotal.com:
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\drivers\docgchtj.sys
Pak pošli výsledky a smažem to kdyžtak s ostatnímy šmejdy.
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\drivers\docgchtj.sys
Pak pošli výsledky a smažem to kdyžtak s ostatnímy šmejdy.
hm, tak v pořadku na http://www.virustotal.com u všech 0
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\drivers\docgchtj.sys
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\drivers\docgchtj.sys
Tak dobře. Teď teda tohle:
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
File::
C:\WINDOWS\system32\ghbaqdpzbe.exe
C:\WINDOWS\system32\vljbanrpq.exe
C:\WINDOWS\system32\qexcadi.exe
C:\WINDOWS\system32\cridhp.exe
Driver::
oreans32
text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte
tak tu to je
ComboFix 08-01-03.1 - standa 2008-01-02 20:12:52.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.202 [GMT 1:00]
Running from: C:\Documents and Settings\standa\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\standa\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\cridhp.exe
C:\WINDOWS\system32\ghbaqdpzbe.exe
C:\WINDOWS\system32\qexcadi.exe
C:\WINDOWS\system32\vljbanrpq.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cridhp.exe
C:\WINDOWS\system32\ghbaqdpzbe.exe
C:\WINDOWS\system32\qexcadi.exe
C:\WINDOWS\system32\vljbanrpq.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_OREANS32
-------\oreans32
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-02 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 18:38 . 2008-01-02 18:38 <DIR> d-------- C:\Temp\deceuninck
2007-12-07 13:54 . 2007-12-07 13:54 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-07 13:52 . 2007-12-07 13:52 268 --ah----- C:\sqmdata00.sqm
2007-12-07 13:52 . 2007-12-07 13:52 244 --ah----- C:\sqmnoopt00.sqm
2007-12-07 13:40 . 2007-12-07 13:40 <DIR> d-------- C:\Program Files\Macrogaming
2007-12-07 13:33 . 2007-12-07 13:41 <DIR> d-------- C:\Documents and Settings\standa\Contacts
2007-12-07 00:01 . 2007-12-07 00:01 135,168 --a------ C:\WINDOWS\system32\CAPI2_JNI.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 09:16 --------- d-----w C:\Program Files\SNLBar
2007-11-29 22:44 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-11-29 21:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 14:13 81 ----a-w C:\CTX.DAT
2007-11-14 17:12 --------- d-----w C:\Program Files\Valve
2007-11-13 14:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 16:12 --------- d-----w C:\Program Files\PDFTools
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Wireless Presenter"="C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe" [2006-03-24 11:39 913408]
"FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [2007-04-17 13:28 7247408]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 08:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 22:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 20:00 327680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 09:25 180269]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 08:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-01 20:08 921600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-03-13 12:43]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS [2001-10-02 09:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2003-02-26 13:38]
S0 aeggaftb;aeggaftb;C:\WINDOWS\system32\drivers\docgchtj.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 12:41]
S3 FLEXlm Service 1;FLEXlm Service 1;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 IADI;Nokia 5510 Device Interface Driver;C:\WINDOWS\system32\DRIVERS\IADI.SYS [2001-08-28 09:39]
S3 mlk;mlk;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-04-16 07:04]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 20:17:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-03 20:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 19:20:41
ComboFix 08-01-03.1 - standa 2008-01-02 20:12:52.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.202 [GMT 1:00]
Running from: C:\Documents and Settings\standa\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\standa\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\cridhp.exe
C:\WINDOWS\system32\ghbaqdpzbe.exe
C:\WINDOWS\system32\qexcadi.exe
C:\WINDOWS\system32\vljbanrpq.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cridhp.exe
C:\WINDOWS\system32\ghbaqdpzbe.exe
C:\WINDOWS\system32\qexcadi.exe
C:\WINDOWS\system32\vljbanrpq.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_OREANS32
-------\oreans32
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-02 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 18:38 . 2008-01-02 18:38 <DIR> d-------- C:\Temp\deceuninck
2007-12-07 13:54 . 2007-12-07 13:54 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-07 13:52 . 2007-12-07 13:52 268 --ah----- C:\sqmdata00.sqm
2007-12-07 13:52 . 2007-12-07 13:52 244 --ah----- C:\sqmnoopt00.sqm
2007-12-07 13:40 . 2007-12-07 13:40 <DIR> d-------- C:\Program Files\Macrogaming
2007-12-07 13:33 . 2007-12-07 13:41 <DIR> d-------- C:\Documents and Settings\standa\Contacts
2007-12-07 00:01 . 2007-12-07 00:01 135,168 --a------ C:\WINDOWS\system32\CAPI2_JNI.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 09:16 --------- d-----w C:\Program Files\SNLBar
2007-11-29 22:44 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-11-29 21:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 14:13 81 ----a-w C:\CTX.DAT
2007-11-14 17:12 --------- d-----w C:\Program Files\Valve
2007-11-13 14:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 16:12 --------- d-----w C:\Program Files\PDFTools
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Wireless Presenter"="C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe" [2006-03-24 11:39 913408]
"FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [2007-04-17 13:28 7247408]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 08:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 22:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-30 20:00 327680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 09:25 180269]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 08:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-01 20:08 921600]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-03-13 12:43]
R2 OkiPar;OkiPar;C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS [2001-10-02 09:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2003-02-26 13:38]
S0 aeggaftb;aeggaftb;C:\WINDOWS\system32\drivers\docgchtj.sys []
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 12:41]
S3 FLEXlm Service 1;FLEXlm Service 1;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 IADI;Nokia 5510 Device Interface Driver;C:\WINDOWS\system32\DRIVERS\IADI.SYS [2001-08-28 09:39]
S3 mlk;mlk;C:\Program Files\Leica Geosystems\Shared\Bin\NTx86\lmgrd.exe []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-04-16 07:04]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 20:17:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-03 20:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 19:20:41
Ještě nech prosím tohle otestovat na http://www.virustotal.com :
C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS
Jinak ty šmejdi co tam byly jsou už pryč. Otevírají se ještě nějaká okna?
C:\WINDOWS\system32\DRIVERS\OKIPAR.SYS
Jinak ty šmejdi co tam byly jsou už pryč. Otevírají se ještě nějaká okna?
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů