kontrola logu

maiki · Příspěvekod **maiki** » 03 bře 2009 22:44

neělo spustit správce procesů, regedit, nejede sdílení přes workgroup, zmizela nabídka možnosti složky co já vím co jěště děkuji pěkně

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:54, on 3.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
D:\Temp\Sreng\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BlueBear] C:\WINDOWS\system32\BlueBear.exe
O4 - HKCU\..\Run: [win32dll] C:\WINDOWS\system32\win32dll\win32dll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://D:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4055164265
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF4197D-040F-4C1C-B6F0-7475C4DAECE5}: NameServer = 192.168.0.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BF4197D-040F-4C1C-B6F0-7475C4DAECE5}: NameServer = 192.168.0.11
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6531 bytes

Reklama

Příspěvekod **jaro3** » 03 bře 2009 23:01

Trojan..
Vypni rez. ochrany u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra se mrknu..

maiki · Příspěvekod **maiki** » 03 bře 2009 23:42

ComboFix 09-03-02.03 - Tomáš 2009-03-03 23:23:53.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.209 [GMT 1:00]
Spuštěný z: d:\documents and settings\Tomáš\Dokumenty\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\comsa32.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 21:35 . 2009-03-03 21:35 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-01 20:07 . 2009-03-01 20:07 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\ESET
2009-03-01 20:03 . 2009-03-01 20:03 <DIR> d-------- c:\program files\ESET
2009-03-01 20:03 . 2009-03-01 20:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-02-25 06:42 . 2009-02-25 06:46 1,959 --a------ c:\windows\SpecEmuWindow.ini
2009-02-20 16:53 . 2009-02-20 16:53 <DIR> d-------- c:\windows\Sun
2009-02-19 22:20 . 2009-02-19 22:22 1,011 --a------ c:\windows\ARPR.INI
2009-02-18 15:18 . 2009-03-01 20:07 <DIR> d-------- c:\windows\system32\win32dll
2009-02-18 15:18 . 2009-02-18 15:18 535,040 --a------ c:\windows\system32\BlueBearX.ocx
2009-02-18 15:18 . 2009-02-18 15:18 35,840 --a------ c:\windows\system32\bftowdthunk.dll
2009-02-18 13:38 . 2005-12-05 19:57 618,496 --a------ c:\windows\system32\cmax40.dll
2009-02-18 13:38 . 2003-12-12 00:52 278,668 --a------ c:\windows\epsuninst.exe
2009-02-18 13:38 . 1999-05-07 00:00 244,232 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-02-18 13:38 . 1998-12-23 16:00 187,392 --a------ c:\windows\system32\condmgr.dll
2009-02-18 13:38 . 2004-03-09 01:00 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2009-02-18 13:38 . 2000-12-06 00:00 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-02-18 13:38 . 2000-03-18 20:00 94,208 --a------ c:\windows\system32\CMDLGD6.dll
2009-02-18 13:38 . 1998-06-24 00:00 67,376 --a------ c:\windows\system32\SYSINFO.OCX
2009-02-18 13:38 . 2000-03-17 21:41 53,248 --a------ c:\windows\system32\vbalIcoM6.dll
2009-02-18 13:38 . 2000-03-17 20:41 53,248 --a------ c:\windows\system32\vbalIcoM.dll
2009-02-18 13:38 . 2001-03-30 06:44 32,768 --a------ c:\windows\system32\SSubTmr6.dll
2009-02-18 12:57 . 2009-02-18 12:57 15 --a------ c:\documents and settings\Tomáš\gwSettings.dat
2009-02-18 12:57 . 2009-02-18 12:57 15 --a------ c:\documents and settings\Tomáš\gwSettings.dat
2009-02-17 15:33 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-02-17 12:12 . 2009-02-17 12:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nokia
2009-02-17 12:11 . 2009-02-17 12:12 <DIR> d-------- c:\program files\Nokia
2009-02-17 09:53 . 2009-03-03 15:18 <DIR> d-------- c:\program files\Common Files\Symbian
2009-02-17 09:31 . 2009-03-03 22:46 237 --a------ c:\windows\wcx_ftp.ini
2009-02-17 08:49 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-02-17 08:49 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-17 08:49 . 2009-02-17 08:49 1,374 --a------ c:\windows\imsins.BAK
2009-02-17 08:49 . 2009-02-17 08:49 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-17 08:49 . 2009-02-17 08:49 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-17 03:00 . 2009-02-17 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-16 06:14 . 2009-02-16 06:14 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Nero
2009-02-16 06:02 . 2009-02-16 06:04 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-16 06:02 . 2009-02-16 06:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-02-15 10:35 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-15 10:00 . 2009-02-03 18:01 364,544 --a------ c:\windows\system32\MACDll.dll
2009-02-15 10:00 . 2009-01-19 18:39 246,424 --a------ c:\windows\system32\unicows.dll
2009-02-14 15:26 . 2001-11-01 03:37 16,384 --a------ c:\windows\system32\FileOps.exe
2009-02-14 15:22 . 2009-02-14 15:27 <DIR> d-------- c:\windows\system32\Adobe
2009-02-14 15:22 . 2009-02-14 15:22 <DIR> d-------- c:\windows\Profiles
2009-02-14 15:22 . 2009-02-14 15:22 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\InterTrust
2009-02-14 15:16 . 2009-03-03 15:20 30 --a------ c:\windows\TextSpy.ini
2009-02-14 14:55 . 2009-02-14 15:26 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-14 13:09 . 1998-10-09 18:04 327,168 --a------ c:\windows\IsUn0405.exe
2009-02-14 12:50 . 2009-02-14 12:50 49 --a------ c:\windows\CoolRead.ini
2009-02-14 03:35 . 2009-02-14 03:35 <DIR> d-------- c:\windows\nview
2009-02-13 21:57 . 2009-02-13 21:57 <DIR> d-------- c:\program files\NCT
2009-02-13 20:09 . 2009-03-03 13:50 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Free Download Manager
2009-02-13 20:09 . 2009-02-13 20:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2009-02-13 11:57 . 2009-02-17 08:55 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\PC Suite
2009-02-13 11:57 . 2009-02-25 10:47 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Nokia
2009-02-13 11:57 . 2009-02-13 11:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Suite
2009-02-13 11:56 . 2009-02-13 11:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-13 11:55 . 2009-02-13 11:56 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-13 11:54 . 2009-02-13 11:54 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-13 11:54 . 2009-02-13 11:54 <DIR> d-------- c:\program files\DIFX
2009-02-13 11:54 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-13 11:54 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-13 11:54 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-13 11:54 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-02-13 11:54 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-13 11:54 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-13 11:54 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-13 11:53 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-02-13 11:52 . 2009-02-17 12:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Installations
2009-02-12 06:47 . 2009-02-12 06:47 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-12 06:42 . 2009-02-12 06:42 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-12 01:03 . 2005-12-11 14:11 7,492 --a------ c:\windows\system32\drivers\svgawin.sys
2009-02-11 14:37 . 2009-02-11 14:37 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
2009-02-11 14:37 . 2009-02-11 14:37 2,276 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
2009-02-11 01:36 . 2009-02-27 14:16 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Winamp
2009-02-10 09:15 . 2009-02-10 09:15 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-02-10 09:09 . 2009-02-10 09:09 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-02-09 08:28 . 2009-02-10 14:35 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 08:21 . 2009-02-09 08:21 <DIR> d-------- c:\program files\MSXML 6.0
2009-02-09 08:20 . 2009-02-12 06:47 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-09 08:13 . 2009-02-09 08:13 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-02-09 08:13 . 2009-02-09 08:13 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-09 08:11 . 2009-02-09 08:11 <DIR> d-------- c:\windows\system32\Visual Studio 2008Templates
2009-02-09 08:11 . 2009-02-09 08:11 <DIR> d-------- c:\windows\system32\Visual Studio 2008
2009-02-09 08:09 . 2009-02-09 08:23 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-09 08:08 . 2009-02-09 08:08 <DIR> d-------- c:\program files\Microsoft SDKs
2009-02-09 08:05 . 2009-02-09 08:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-09 08:05 . 2009-02-09 08:05 <DIR> d-------- c:\program files\MSBuild
2009-02-09 08:04 . 2009-02-09 08:04 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-09 08:03 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-09 07:52 . 2009-02-09 07:52 223,128 --a------ c:\windows\system32\drivers\vaxscsi.sys
2009-02-09 07:47 . 2009-02-09 07:47 611,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-09 06:07 . 2009-02-09 06:07 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Foxit
2009-02-08 19:00 . 2009-02-08 19:00 <DIR> d-------- c:\program files\Microsoft Works
2009-02-08 18:51 . 2009-02-08 18:53 <DIR> d-------- c:\windows\SHELLNEW
2009-02-08 18:50 . 2009-02-13 07:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-08 15:23 . 2008-04-14 04:22 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-08 15:08 . 2009-02-08 15:08 <DIR> d-------- c:\windows\system32\cs-cz
2009-02-08 15:07 . 2009-02-08 15:07 <DIR> d-------- c:\windows\system32\cs
2009-02-08 15:07 . 2009-02-08 15:08 <DIR> d-------- c:\windows\l2schemas
2009-02-08 14:33 . 2007-06-26 07:00 300,969 -----c--- c:\windows\system32\dllcache\viz.wmv
2009-02-08 14:32 . 2008-04-14 04:22 774,144 -----c--- c:\windows\system32\dllcache\setup_wm.exe
2009-02-08 14:31 . 2008-09-10 02:16 1,307,648 --------- c:\windows\system32\msxml6.dll
2009-02-08 14:30 . 2008-04-14 04:22 786,432 -----c--- c:\windows\system32\dllcache\migrate.exe
2009-02-08 14:29 . 2008-04-14 04:21 499,254 -----c--- c:\windows\system32\dllcache\dxmasf.dll
2009-02-08 14:28 . 2008-04-14 04:21 651,264 --------- c:\windows\system32\dot3ui.dll
2009-02-08 14:27 . 2008-04-14 04:21 136,192 --------- c:\windows\system32\aaclient.dll
2009-02-08 14:27 . 2008-04-14 03:09 7,680 -----c--- c:\windows\system32\dllcache\asferror.dll
2009-02-08 11:02 . 2008-12-12 18:03 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-08 11:02 . 2008-10-16 02:03 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-08 11:02 . 2008-10-16 02:03 667,136 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-08 11:02 . 2008-10-16 02:03 619,008 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-08 11:02 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-08 11:00 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-08 11:00 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-08 10:55 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-08 10:55 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-08 10:54 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-08 10:53 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-08 10:53 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-08 10:53 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-08 10:53 . 2008-10-03 11:04 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-02-08 10:48 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 08:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 14:13 3,038 ----a-w c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-02-08 01:52 8,972 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-02-07 14:38 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-07 14:37 --------- d-----w c:\program files\RALINK
2009-02-07 14:17 --------- d-----w c:\program files\Marvell
2009-02-07 14:17 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 14:13 --------- d-----w c:\program files\Analog Devices
2009-02-07 14:07 --------- d-----w c:\program files\Intel
2009-02-07 13:55 --------- d-----w c:\program files\microsoft frontpage
2009-02-07 13:54 558,142 ----a-w c:\windows\java\Packages\1ZTZNLZR.ZIP
2009-02-07 13:54 155,995 ----a-w c:\windows\java\Packages\4G68SIXZ.ZIP
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-02-08 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-14 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-14 110592]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-07 618496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Prgwin\\AgeOfEmpires2+CE\\age2_x1.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 SVGAWIN;SVGALIB Helper Driver;c:\windows\system32\drivers\svgawin.sys [2009-02-12 7492]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-12-05 69120]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1035525444-839522115-1003.job
- c:\documents and settings\Tom []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-BlueBear - c:\windows\system32\BlueBear.exe
HKCU-Run-win32dll - c:\windows\system32\win32dll\win32dll.exe

.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://d:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://d:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://d:\program files\Free Download Manager\dlall.htm
TCP: {3BF4197D-040F-4C1C-B6F0-7475C4DAECE5} = 192.168.0.11
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 23:25:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-03 23:28:23
ComboFix-quarantined-files.txt 2009-03-03 22:28:09

Před spuštěním: 2 245 541 888
Po spuštění: 2,300,293,120

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

237 --- E O F --- 2009-02-25 02:03:14

Příspěvekod **jaro3** » 04 bře 2009 08:10

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\system32\win32dll

File::
c:\windows\imsins.BAK
c:\windows\CoolRead.ini

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\unrar.dll
c:\windows\system32\BlueBearX.ocx
Vlož sem pak odkazy výsledků.

maiki · Příspěvekod **maiki** » 04 bře 2009 13:33

ComboFix 09-03-02.03 - Tomáš 2009-03-04 13:10:29.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.227 [GMT 1:00]
Spuštěný z: d:\documents and settings\Tomáš\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Tomáš\Dokumenty\Downloads\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\CoolRead.ini
c:\windows\imsins.BAK
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\CoolRead.ini
c:\windows\imsins.BAK
c:\windows\system32\win32dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-04 do 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 02:19 . 2009-03-04 02:20 69 --a------ c:\windows\NeroDigital.ini
2009-03-03 21:35 . 2009-03-03 21:35 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-01 20:07 . 2009-03-01 20:07 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\ESET
2009-03-01 20:03 . 2009-03-01 20:03 <DIR> d-------- c:\program files\ESET
2009-03-01 20:03 . 2009-03-01 20:03 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2009-02-25 06:42 . 2009-02-25 06:46 1,959 --a------ c:\windows\SpecEmuWindow.ini
2009-02-20 16:53 . 2009-02-20 16:53 <DIR> d-------- c:\windows\Sun
2009-02-19 22:20 . 2009-02-19 22:22 1,011 --a------ c:\windows\ARPR.INI
2009-02-18 15:18 . 2009-02-18 15:18 535,040 --a------ c:\windows\system32\BlueBearX.ocx
2009-02-18 15:18 . 2009-02-18 15:18 35,840 --a------ c:\windows\system32\bftowdthunk.dll
2009-02-18 13:38 . 2005-12-05 19:57 618,496 --a------ c:\windows\system32\cmax40.dll
2009-02-18 13:38 . 2003-12-12 00:52 278,668 --a------ c:\windows\epsuninst.exe
2009-02-18 13:38 . 1999-05-07 00:00 244,232 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-02-18 13:38 . 1998-12-23 16:00 187,392 --a------ c:\windows\system32\condmgr.dll
2009-02-18 13:38 . 2004-03-09 01:00 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2009-02-18 13:38 . 2000-12-06 00:00 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-02-18 13:38 . 2000-03-18 20:00 94,208 --a------ c:\windows\system32\CMDLGD6.dll
2009-02-18 13:38 . 1998-06-24 00:00 67,376 --a------ c:\windows\system32\SYSINFO.OCX
2009-02-18 13:38 . 2000-03-17 21:41 53,248 --a------ c:\windows\system32\vbalIcoM6.dll
2009-02-18 13:38 . 2000-03-17 20:41 53,248 --a------ c:\windows\system32\vbalIcoM.dll
2009-02-18 13:38 . 2001-03-30 06:44 32,768 --a------ c:\windows\system32\SSubTmr6.dll
2009-02-18 12:57 . 2009-02-18 12:57 15 --a------ c:\documents and settings\Tomáš\gwSettings.dat
2009-02-18 12:57 . 2009-02-18 12:57 15 --a------ c:\documents and settings\Tomáš\gwSettings.dat
2009-02-17 15:33 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-02-17 12:12 . 2009-02-17 12:12 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nokia
2009-02-17 12:11 . 2009-02-17 12:12 <DIR> d-------- c:\program files\Nokia
2009-02-17 09:53 . 2009-03-03 15:18 <DIR> d-------- c:\program files\Common Files\Symbian
2009-02-17 09:31 . 2009-03-03 22:46 237 --a------ c:\windows\wcx_ftp.ini
2009-02-17 08:49 . 2008-04-13 19:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-02-17 08:49 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-17 08:49 . 2009-02-17 08:49 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-17 08:49 . 2009-02-17 08:49 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-17 03:00 . 2009-02-17 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-16 06:14 . 2009-02-16 06:14 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Nero
2009-02-16 06:02 . 2009-02-16 06:04 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-16 06:02 . 2009-02-16 06:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2009-02-15 10:35 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-15 10:00 . 2009-02-03 18:01 364,544 --a------ c:\windows\system32\MACDll.dll
2009-02-15 10:00 . 2009-01-19 18:39 246,424 --a------ c:\windows\system32\unicows.dll
2009-02-14 15:26 . 2001-11-01 03:37 16,384 --a------ c:\windows\system32\FileOps.exe
2009-02-14 15:22 . 2009-02-14 15:27 <DIR> d-------- c:\windows\system32\Adobe
2009-02-14 15:22 . 2009-02-14 15:22 <DIR> d-------- c:\windows\Profiles
2009-02-14 15:22 . 2009-02-14 15:22 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\InterTrust
2009-02-14 15:16 . 2009-03-03 15:20 30 --a------ c:\windows\TextSpy.ini
2009-02-14 14:55 . 2009-02-14 15:26 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-14 13:09 . 1998-10-09 18:04 327,168 --a------ c:\windows\IsUn0405.exe
2009-02-14 03:35 . 2009-02-14 03:35 <DIR> d-------- c:\windows\nview
2009-02-13 21:57 . 2009-02-13 21:57 <DIR> d-------- c:\program files\NCT
2009-02-13 20:09 . 2009-03-03 13:50 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Free Download Manager
2009-02-13 20:09 . 2009-02-13 20:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2009-02-13 11:57 . 2009-02-17 08:55 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\PC Suite
2009-02-13 11:57 . 2009-02-25 10:47 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Nokia
2009-02-13 11:57 . 2009-02-13 11:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Suite
2009-02-13 11:56 . 2009-02-13 11:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-13 11:55 . 2009-02-13 11:56 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-13 11:54 . 2009-02-13 11:54 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-13 11:54 . 2009-02-13 11:54 <DIR> d-------- c:\program files\DIFX
2009-02-13 11:54 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-13 11:54 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-13 11:54 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-13 11:54 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-02-13 11:54 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-13 11:54 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-13 11:54 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-13 11:53 . 2008-02-01 15:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-02-13 11:52 . 2009-02-17 12:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Installations
2009-02-12 06:47 . 2009-02-12 06:47 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-12 06:42 . 2009-02-12 06:42 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-12 01:03 . 2005-12-11 14:11 7,492 --a------ c:\windows\system32\drivers\svgawin.sys
2009-02-11 14:37 . 2009-02-11 14:37 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
2009-02-11 14:37 . 2009-02-11 14:37 2,276 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
2009-02-11 01:36 . 2009-02-27 14:16 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Winamp
2009-02-10 09:15 . 2009-02-10 09:15 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2009-02-10 09:09 . 2009-02-10 09:09 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2009-02-09 08:28 . 2009-02-10 14:35 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 08:21 . 2009-02-09 08:21 <DIR> d-------- c:\program files\MSXML 6.0
2009-02-09 08:20 . 2009-02-12 06:47 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-09 08:13 . 2009-02-09 08:13 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-02-09 08:13 . 2009-02-09 08:13 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-09 08:11 . 2009-02-09 08:11 <DIR> d-------- c:\windows\system32\Visual Studio 2008Templates
2009-02-09 08:11 . 2009-02-09 08:11 <DIR> d-------- c:\windows\system32\Visual Studio 2008
2009-02-09 08:09 . 2009-02-09 08:23 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-09 08:08 . 2009-02-09 08:08 <DIR> d-------- c:\program files\Microsoft SDKs
2009-02-09 08:05 . 2009-02-09 08:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-09 08:05 . 2009-02-09 08:05 <DIR> d-------- c:\program files\MSBuild
2009-02-09 08:04 . 2009-02-09 08:04 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-09 08:03 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-09 07:52 . 2009-02-09 07:52 223,128 --a------ c:\windows\system32\drivers\vaxscsi.sys
2009-02-09 07:47 . 2009-02-09 07:47 611,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-09 06:07 . 2009-02-09 06:07 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\Foxit
2009-02-08 19:00 . 2009-02-08 19:00 <DIR> d-------- c:\program files\Microsoft Works
2009-02-08 18:51 . 2009-02-08 18:53 <DIR> d-------- c:\windows\SHELLNEW
2009-02-08 18:50 . 2009-02-13 07:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-08 15:23 . 2008-04-14 04:22 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-08 15:08 . 2009-02-08 15:08 <DIR> d-------- c:\windows\system32\cs-cz
2009-02-08 15:07 . 2009-02-08 15:07 <DIR> d-------- c:\windows\system32\cs
2009-02-08 15:07 . 2009-02-08 15:08 <DIR> d-------- c:\windows\l2schemas
2009-02-08 14:33 . 2007-06-26 07:00 300,969 -----c--- c:\windows\system32\dllcache\viz.wmv
2009-02-08 14:32 . 2008-04-14 04:22 774,144 -----c--- c:\windows\system32\dllcache\setup_wm.exe
2009-02-08 14:31 . 2008-09-10 02:16 1,307,648 --------- c:\windows\system32\msxml6.dll
2009-02-08 14:30 . 2008-04-14 04:22 786,432 -----c--- c:\windows\system32\dllcache\migrate.exe
2009-02-08 14:29 . 2008-04-14 04:21 499,254 -----c--- c:\windows\system32\dllcache\dxmasf.dll
2009-02-08 14:28 . 2008-04-14 04:21 651,264 --------- c:\windows\system32\dot3ui.dll
2009-02-08 14:27 . 2008-04-14 04:21 136,192 --------- c:\windows\system32\aaclient.dll
2009-02-08 14:27 . 2008-04-14 03:09 7,680 -----c--- c:\windows\system32\dllcache\asferror.dll
2009-02-08 11:02 . 2008-12-12 18:03 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-08 11:02 . 2008-10-16 02:03 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-08 11:02 . 2008-10-16 02:03 667,136 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-08 11:02 . 2008-10-16 02:03 619,008 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-08 11:02 . 2008-06-14 18:35 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-08 11:00 . 2008-08-14 14:26 2,191,360 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,068,224 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-08 11:00 . 2008-08-14 14:26 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-08 11:00 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-08 10:55 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-08 10:55 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-08 10:54 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-08 10:53 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-08 10:53 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-08 10:53 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-08 10:53 . 2008-10-03 11:04 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-02-08 10:48 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-08 10:48 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-08 08:09 . 2009-02-08 08:09 <DIR> d-------- c:\documents and settings\Tomáš\Data aplikací\VitySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 08:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 14:13 3,038 ----a-w c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-02-08 01:52 8,972 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-02-07 14:38 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-07 14:37 --------- d-----w c:\program files\RALINK
2009-02-07 14:17 --------- d-----w c:\program files\Marvell
2009-02-07 14:17 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 14:13 --------- d-----w c:\program files\Analog Devices
2009-02-07 14:07 --------- d-----w c:\program files\Intel
2009-02-07 13:55 --------- d-----w c:\program files\microsoft frontpage
2009-02-07 13:54 558,142 ----a-w c:\windows\java\Packages\1ZTZNLZR.ZIP
2009-02-07 13:54 155,995 ----a-w c:\windows\java\Packages\4G68SIXZ.ZIP
.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_23.26.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-03 11:15:17 1,744 ----a-w c:\windows\system32\d3d9caps.dat
+ 2009-03-04 12:00:19 1,744 ----a-w c:\windows\system32\d3d9caps.dat
+ 2009-03-04 11:52:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-02-08 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-14 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-14 110592]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-07 618496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Prgwin\\AgeOfEmpires2+CE\\age2_x1.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 SVGAWIN;SVGALIB Helper Driver;c:\windows\system32\drivers\svgawin.sys [2009-02-12 7492]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-12-05 69120]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1035525444-839522115-1003.job
- c:\documents and settings\Tom []
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://d:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://d:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://d:\program files\Free Download Manager\dlall.htm
TCP: {3BF4197D-040F-4C1C-B6F0-7475C4DAECE5} = 192.168.0.11
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 13:13:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-04 13:16:03
ComboFix-quarantined-files.txt 2009-03-04 12:15:51
ComboFix2.txt 2009-03-03 22:28:24

Před spuštěním: 2 280 751 104
Po spuštění: 2,268,995,584

237 --- E O F --- 2009-02-25 02:03:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:57, on 4.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Temp\Sreng\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://D:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4055164265
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF4197D-040F-4C1C-B6F0-7475C4DAECE5}: NameServer = 192.168.0.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BF4197D-040F-4C1C-B6F0-7475C4DAECE5}: NameServer = 192.168.0.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{3BF4197D-040F-4C1C-B6F0-7475C4DAECE5}: NameServer = 192.168.0.11
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6268 bytes

Soubor unrar.dll přijatý 2009.03.04 13:24:32 (CET)
Současný stav: Testování

Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Antivirus Verze Poslední aktualizace Výsledek
Microsoft 1.4405 2009.03.04 -
PCTools 4.4.2.0 2009.03.04 -
SecureWeb-Gateway 6.7.6 2009.03.04 -
Rozšiřující informace
File size: 168448 bytes
MD5...: 421fc844f5ebe260af7b8e64dc9e8d62
SHA1..: 60e295d69e2e6c0894b52c70ce6885551a549d84
SHA256: 97d8e67484327feb5f0f89e41c9e2aae6d0fa38ee16f736a6059d58b4b5da554
SHA512: 2734e4de8f35f96c8e099ce5f9d6bf0f5adce8368361cb0d35f010ca28791bf4
cd8de28d1a0b92af139bb584123e515a56dda00ee8a17b5ded5a7d029e1373a9
ssdeep: 3072:8K24vzk/R+xuK3HHIDwbC5lq62LEPVoK1F127oWmuFrkSQ6AG2L660zvW0T
p:83Ozk/R+xumbIqK9oKjjSQ612Ln0zvW0
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library - Borland C/C++ (86.9%)
DOS Executable Borland C++ (5.1%)
Win32 Executable Generic (3.3%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x48cfc15f (Tue Sep 16 14:23:27 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x23000 0x22800 6.54 6984f3e856591720a5f54915b73f5fb8
.data 0x24000 0xe000 0x4000 4.12 13e33e9bba9b76113d597ed995037403
.tls 0x32000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.idata 0x33000 0x1000 0xa00 4.90 af173ef1bd2b326d9c95f936ceb1e032
.edata 0x34000 0x1000 0x200 4.26 de2a0e2d265b42700b77be7b29606630
.rsrc 0x35000 0x1000 0x400 2.51 481ca5d4f23dd52e6fdf7f9aeea01e43
.reloc 0x36000 0x2000 0x1200 6.46 6b739b899531e3398eb45d08a31a8fee

( 3 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CompareStringW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeviceIoControl, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FreeEnvironmentStringsA, FreeLibrary, GetACP, GetCPInfo, GetCurrentProcess, GetCurrentThreadId, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetSystemTime, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, InitializeCriticalSection, IsDBCSLeadByte, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MultiByteToWideChar, RaiseException, ReadFile, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleCount, SetLastError, Sleep, SystemTimeToFileTime, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WideCharToMultiByte, WriteFile
> USER32.DLL: CharLowerA, CharLowerW, CharToOemA, CharToOemBuffA, CharUpperA, CharUpperW, EnumThreadWindows, MessageBoxA, OemToCharA, OemToCharBuffA, wsprintfA

( 13 exports )
RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARProcessFileW, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc, ___CPPdebugHook

Soubor BlueBearX.ocx přijatý 2009.03.04 13:27:18 (CET)
Současný stav: Testování

Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Antivirus Verze Poslední aktualizace Výsledek
Rozšiřující informace
File size: 535040 bytes
MD5...: 57fa5e50e78f23462545cac42f8a4a7f
SHA1..: 0e4c8262b9366ca62ca1b63657933f40773a6799
SHA256: 6052dc8caa53322cd59fe4fb63457c4cf68d193d62a5b90fbc659bcadac9de64
SHA512: b470b1ff5f366afdd5a6064d2b797dc6adaa48d0b715dae6f25d3b1a254ec562
75a272144f7e1f83bd413120e7b4cc7df8a03b009b4d54ddc0d62c61304b4457
ssdeep: 12288:ijUwQGWq80wA9jyVMvX9HVl+90a2GkSQued3:igblqhJ6IX1CMS
PEiD..: ASPack v2.12
TrID..: File type identification
Windows OCX File (89.4%)
Win32 Executable Generic (6.1%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x155001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xec000 0x51600 8.00 180f81c396070eb465c369ce25a19396
DATA 0xed000 0x4000 0x1800 7.92 3e18e6f98ce95ea55c77d9ac1112c330
BSS 0xf1000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xf2000 0x3000 0x1000 7.84 90cf91924507f78112eb5ff0fd45745b
.edata 0xf5000 0x1000 0x200 2.16 501fcbd566b76b4d3bb563bb3e4325f4
.reloc 0xf6000 0x11000 0x8600 7.98 31f3e7e967ebd717970ae29e837686be
.rsrc 0x107000 0x4e000 0x24400 6.22 74b47e8faf4fb918408e3a619e544bc7
.aspack 0x155000 0x2000 0x1c00 5.61 a3ffc4afb47f201e29d20909b74e95ef
.adata 0x157000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 14 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> gdi32.dll: UnrealizeObject
> user32.dll: WindowFromPoint
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex
> ole32.dll: CreateStreamOnHGlobal
> oleaut32.dll: CreateErrorInfo
> comctl32.dll: ImageList_SetIconSize
> shell32.dll: ShellExecuteA
> ws2_32.dll: WSACleanup

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

Příspěvekod **jaro3** » 04 bře 2009 15:27

Smazáno, na Virus total není výsledek a konkrétní soubory...
Počkej až bude hotový test všech antivirů-pak sem vlož odkaz na web. stránku se všemi výsledky.

maiki · Příspěvekod **maiki** » 04 bře 2009 15:41

http://www.virustotal.com/cs/analisis/a ... c853b8b5af
http://www.virustotal.com/cs/analisis/7 ... 448f797ca9

Příspěvekod **jaro3** » 04 bře 2009 15:52

Stahni jsi Avanger do nej podle navodu: zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\system32\unrar.dll
c:\windows\system32\BlueBearX.ocx

Po restartu pošli z avengera log .
***************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Pokud jsou stále problémy s možnostmi složky, správce procesů, regeditem , bude nutno opravit.

maiki · Příspěvekod **maiki** » 04 bře 2009 16:52

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\unrar.dll" deleted successfully.
File "c:\windows\system32\BlueBearX.ocx" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

maiki · Příspěvekod **maiki** » 04 bře 2009 16:54

Jinak Možnosti složky už jedou. Už se to napravilo. Regedit a Správce úloh už se mi podařilo rozchodit předtím tady:

viewtopic.php?f=46&t=37858

Díky moc, jsi MISTR! Co bych si bez Tebe počal. Asi několikahodinový formát, instalace.

kontrola logu

kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Kdo je online