Poprosim o kontrolu logu HJT - Trojany

Melania · Příspěvekod **Melania** » 17 led 2009 17:05

,..poprosila by som o kontrolu,prikladam log HJT >
...Eset Nod32 mi pri kazdom starte pc hlasi trojske kone - rapidshare win32,..
Dakujem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:07, on 17.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7485 bytes

Reklama

Příspěvekod **jaro3** » 17 led 2009 20:01

Odinstaluj : AskBarDis

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Melania · Příspěvekod **Melania** » 17 led 2009 20:26

takze tu je dalsi log >>

Malwarebytes' Anti-Malware 1.33
Verzia databázy: 1663
Windows 5.1.2600 Service Pack 3

17.1.2009 20:22:00
mbam-log-2009-01-17 (20-21-52).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 51168
Uplynutý cas: 2 minute(s), 57 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 7

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\B0L8KX6U\wr-1-1974-9[1].exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\admin\runPatch.exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\admin\runPatch.html (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SATO5NOR\wr-1-1974-9[1].exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> No action taken.

Příspěvekod **jaro3** » 17 led 2009 20:35

Jsi tu dost často , stálo by za zvážení doplnit ochranu o nějaký antispywarový program + nějaký firewall...

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

//EDIT: ještě odinstaluj : Ask Toolbar
Máš Spybota , máš ho i správně nastaveného? Nestahuj žádné toolbary.
Firewaly: Zone Alarm, Kerio nebo Comodo , který je lepší , ale neporadím.

Melania · Příspěvekod **Melania** » 17 led 2009 21:01

,..no,mrzi to aj mna,ze som tu tak casto,...
,..pri pc nesedim sama a tak aj viacej ruk,viacej chyb,..
,..myslela som ze Eset Nod32 ma vsetko,co treba,..ze netreba dalsie ochrany,..
,..zatial dik

Malwarebytes' Anti-Malware 1.33
Verzia databázy: 1663
Windows 5.1.2600 Service Pack 3

17.1.2009 20:51:31
mbam-log-2009-01-17 (20-51-31).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 51212
Uplynutý cas: 2 minute(s), 40 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 7

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\B0L8KX6U\wr-1-1974-9[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\runPatch.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\runPatch.html (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\SATO5NOR\wr-1-1974-9[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

,..uz som Ask Toolbar odstranila, dakujem! :)
,..Spybota mam,ano,..comp mam po oprave-odisla mi nedavno grafika a tak to daval cele dokopy jeden chlapik-neviem,snad ho nastavil,..inak neviem co a ako,.. :-(

Příspěvekod **jaro3** » 17 led 2009 21:46

Musela bys mít ESET SMART SECURITY , ten má vše. NOD32 je jen antivir.
Vypni rez. ochranu u NOD32.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra.

Melania · Příspěvekod **Melania** » 18 led 2009 11:16

/urobila som to hned vcera/ prikladam log z CF >>

ComboFix 09-01-17.03 - admin 2009-01-17 22:44:11.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1007.636 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://voicebunch.com
.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 22:38 . 2009-01-17 22:39 9,123 --a------ C:\ResetTeaTimer.bat
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 20:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 16:48 . 2009-01-17 16:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-17 00:38 . 2009-01-17 00:43 <DIR> d-------- c:\program files\360desktop
2009-01-17 00:38 . 2009-01-17 00:38 <DIR> d-------- c:\documents and settings\admin\Application Data\360desktop
2009-01-16 20:07 . 2009-01-17 00:09 <DIR> d---s---- c:\documents and settings\Administrator
2009-01-16 19:37 . 2009-01-16 19:37 380,764 --a------ c:\program files\TU2009v8_0_2000_35CZ.zip
2009-01-16 19:31 . 2009-01-16 19:31 <DIR> d-------- c:\documents and settings\admin\Application Data\TuneUp Software
2009-01-16 19:30 . 2009-01-17 00:10 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-16 19:30 . 2009-01-16 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-15 12:52 . 2009-01-17 10:59 <DIR> d-------- c:\program files\Pivot Stickfigure Animator
2009-01-12 14:11 . 2009-01-12 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-12 14:10 . 2009-01-12 14:39 <DIR> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-12 12:42 . 2009-01-12 12:42 <DIR> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-10 10:22 . 2009-01-10 10:22 <DIR> d--hs---- c:\windows\ftpcache
2009-01-10 07:12 . 2009-01-10 07:12 <DIR> d-------- c:\documents and settings\admin\Application Data\Playrix Entertainment
2009-01-10 07:11 . 2009-01-10 07:11 <DIR> d-------- c:\windows\Fishdom
2009-01-10 07:11 . 2009-01-10 07:12 <DIR> d-------- c:\program files\Fishdom
2009-01-08 14:20 . 2009-01-08 14:20 4,096 --a------ c:\windows\d3dx.dat
2009-01-08 10:51 . 2009-01-08 10:51 <DIR> d-------- c:\program files\CCleaner
2009-01-08 06:27 . 2009-01-08 06:27 330 --a------ c:\windows\CDPlayer.ini
2009-01-07 12:17 . 2009-01-17 11:45 <DIR> d-------- C:\My Music
2009-01-07 12:14 . 2009-01-07 12:15 <DIR> d-------- c:\program files\MediaMonkey
2009-01-05 23:14 . 2009-01-08 11:52 599 --a------ c:\windows\TRNCOM.INI
2009-01-03 15:51 . 2009-01-03 15:51 <DIR> d-------- c:\documents and settings\admin\Application Data\Jane s Hotel Family Hero
2009-01-03 13:22 . 2009-01-03 13:22 <DIR> d-------- c:\program files\Outsim
2009-01-03 13:22 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-03 13:22 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-03 13:20 . 2009-01-03 13:23 <DIR> d-------- c:\program files\Image-Line
2009-01-03 13:06 . 2009-01-16 08:04 <DIR> d-------- C:\Download Bitlord
2009-01-03 12:55 . 2009-01-03 12:55 <DIR> d-------- c:\documents and settings\admin\Application Data\Sony
2009-01-03 12:52 . 2009-01-03 12:52 <DIR> d-------- c:\program files\Sony Setup
2009-01-03 12:50 . 2009-01-03 12:50 <DIR> d-------- c:\program files\Acoustica Shared Effects
2009-01-03 12:50 . 2009-01-03 13:24 <DIR> d-------- c:\program files\Acoustica Beatcraft
2009-01-02 12:51 . 2009-01-02 13:05 <DIR> d-------- c:\program files\Rockstar Games
2009-01-02 12:24 . 2009-01-02 13:23 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-02 08:19 . 2009-01-07 09:10 <DIR> d-------- c:\documents and settings\admin\Application Data\GlarySoft
2009-01-01 18:44 . 2009-01-01 18:44 <DIR> d-------- c:\documents and settings\admin\Application Data\CyberLink
2009-01-01 11:10 . 2009-01-01 11:10 3,731 --a------ c:\windows\wtran32.INI
2009-01-01 11:10 . 2009-01-01 11:10 0 --a------ c:\windows\XXLGSC
2008-12-31 16:46 . 2009-01-17 20:51 2,839 --a------ c:\windows\wdict32.INI
2008-12-31 16:09 . 2008-12-31 16:09 <DIR> d-------- c:\program files\PC Translator
2008-12-29 10:07 . 2008-12-29 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\VirtualFarm
2008-12-29 09:23 . 2008-12-29 09:23 <DIR> d-------- c:\windows\INDSOFT
2008-12-29 09:21 . 2008-12-29 09:21 <DIR> d-------- c:\documents and settings\admin\Application Data\Astro Gemini Software
2008-12-29 09:21 . 2007-11-06 14:16 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-12-28 17:37 . 2009-01-10 07:13 230,432 --a------ C:\StiImg.dat
2008-12-28 14:37 . 2008-12-28 14:37 38,934 --a------ c:\windows\system32\szbvrzregz.exe
2008-12-27 20:00 . 2008-12-27 20:00 <DIR> d-------- c:\program files\Glary Utilities
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\PixArt
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Cache
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Album
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\VideoCAM GE111
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\Common Files\PCCamera
2008-12-27 12:32 . 2008-12-27 12:32 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-27 08:01 . 2008-12-05 18:48 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-27 08:01 . 2008-12-05 18:48 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-25 08:42 . 2009-01-17 08:55 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-25 08:09 . 2008-12-27 08:04 <DIR> d-------- c:\windows\system32\Adobe
2008-12-24 14:38 . 2008-12-24 14:38 <DIR> d-------- c:\program files\Opera
2008-12-24 14:38 . 2008-12-24 14:38 0 --a------ c:\windows\nsreg.dat
2008-12-24 14:37 . 2008-12-24 14:38 7,848,496 --a------ C:\Firefox Setup 3.0.5.exe
2008-12-24 14:36 . 2008-12-24 14:36 7,408,904 --a------ C:\Opera_963_int_Setup.exe
2008-12-24 12:13 . 2009-01-17 22:36 <DIR> d-------- c:\program files\Conduit
2008-12-24 12:12 . 2009-01-03 13:05 <DIR> d-------- c:\program files\BitLord
2008-12-24 12:12 . 2008-12-24 12:12 3,096,064 --a------ C:\BitLord_1.01.exe
2008-12-24 11:39 . 2009-01-17 12:13 69 --a------ c:\windows\NeroDigital.ini
2008-12-23 20:46 . 2009-01-17 22:41 <DIR> d-------- c:\program files\Taskbar Shuffle
2008-12-23 20:43 . 2008-12-23 20:43 <DIR> d-------- c:\program files\Fractalis Software
2008-12-23 20:32 . 2009-01-17 22:37 <DIR> d-------- c:\documents and settings\admin\Application Data\skypePM
2008-12-23 20:32 . 2008-12-23 20:32 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-23 20:30 . 2009-01-17 22:42 <DIR> d-------- c:\documents and settings\admin\Application Data\Skype
2008-12-22 22:59 . 2008-12-22 22:59 <DIR> d-------- c:\windows\system32\sk-SK
2008-12-22 22:41 . 2008-12-22 22:42 <DIR> d-------- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 15:48 --------- d-----w c:\documents and settings\admin\Application Data\Vso
2009-01-12 13:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-07 11:05 --------- d-----w c:\program files\Winamp
2008-12-30 07:37 --------- d-----w c:\program files\CD Audio MP3 Converter
2008-12-27 05:53 --------- d-----w c:\program files\DVDFab Platinum 3
2008-12-25 07:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 19:49 737,280 ----a-w c:\windows\iun6002.exe
2008-12-22 19:49 --------- d-----w c:\program files\Codec Pack - All In 1
2008-12-22 19:41 --------- d-----w c:\program files\Realtek
2008-12-22 19:39 --------- d-----w c:\program files\S3
2008-12-22 19:38 --------- d-----w c:\program files\VIA
2008-12-22 19:30 --------- d-----w c:\program files\microsoft frontpage
2008-12-22 19:26 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-22 18:42 --------- d-----w c:\documents and settings\admin\Application Data\IsolatedStorage
2008-12-22 18:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-22 16:39 --------- d-----w c:\program files\Zoner
2008-12-22 16:39 --------- d-----w c:\documents and settings\admin\Application Data\Zoner
2008-12-22 16:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 16:37 --------- d-----w c:\program files\CyberLink
2008-12-22 16:37 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-22 16:36 --------- d-----w c:\program files\Webteh
2008-12-22 16:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 16:35 --------- d-----w c:\documents and settings\admin\Application Data\Ahead
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft.NET
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft Works
2008-12-22 16:31 87,608 ----a-w c:\documents and settings\admin\Application Data\ezpinst.exe
2008-12-22 16:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-22 16:31 47,360 ----a-w c:\documents and settings\admin\Application Data\pcouffin.sys
2008-12-22 16:31 --------- d-----w c:\program files\Common Files\Ahead
2008-12-22 16:30 --------- d-----w c:\program files\Nero
2008-12-22 16:27 --------- d-----w c:\program files\SpywareBlaster
2008-12-22 16:27 --------- d-----w c:\program files\ESET
2008-12-22 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-09-30 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-12-16 21656]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-04-08 162176]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-11-10 603648]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe []

2009-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 14:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-360desktop - c:\program files\360desktop\360desktop.exe
HKCU-Run-WEBTRAN - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 22:45:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-17 22:46:29
ComboFix-quarantined-files.txt 2009-01-17 21:46:27

Pre-Run: 21 665 964 032 bytes free
Post-Run: 11 adresárov, 22,280,880,128 voľných bajtov

229 --- E O F --- 2009-01-14 17:26:06

Příspěvekod **jaro3** » 18 led 2009 14:29

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\XXLGSC

File::
C:\StiImg.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\szbvrzregz.exe
Vlož sem odkaz výsledku.

Melania · Příspěvekod **Melania** » 18 led 2009 15:02

takze tu je log z HJT >>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:05, on 18.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6006 bytes

log z CF /pri spusteni CF mi nod chytil zase nejakeho trojana/ >>

ComboFix 09-01-17.04 - admin 2009-01-18 14:33:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1007.619 [GMT 1:00]
Körs frĺn: c:\documents and settings\admin\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Skapade en ny ĺterställningspunkt
* Resident AV is active

FILE ::
C:\StiImg.dat
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\StiImg.dat
c:\windows\XXLGSC\

.
(((((((((((((((((((((((( Filer Skapade frĺn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-18 00:27 . 2009-01-18 11:30 280 --a------ c:\windows\emm386n.dl
2009-01-18 00:25 . 2009-01-18 00:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 22:38 . 2009-01-17 22:39 9,123 --a------ C:\ResetTeaTimer.bat
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 20:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 16:48 . 2009-01-17 16:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-17 00:38 . 2009-01-17 00:43 <DIR> d-------- c:\program files\360desktop
2009-01-17 00:38 . 2009-01-17 00:38 <DIR> d-------- c:\documents and settings\admin\Application Data\360desktop
2009-01-16 20:07 . 2009-01-17 00:09 <DIR> d---s---- c:\documents and settings\Administrator
2009-01-16 19:37 . 2009-01-16 19:37 380,764 --a------ c:\program files\TU2009v8_0_2000_35CZ.zip
2009-01-16 19:31 . 2009-01-16 19:31 <DIR> d-------- c:\documents and settings\admin\Application Data\TuneUp Software
2009-01-16 19:30 . 2009-01-17 00:10 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-16 19:30 . 2009-01-16 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-15 12:52 . 2009-01-17 10:59 <DIR> d-------- c:\program files\Pivot Stickfigure Animator
2009-01-12 14:11 . 2009-01-12 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-12 14:10 . 2009-01-12 14:39 <DIR> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-12 12:42 . 2009-01-12 12:42 <DIR> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-10 10:22 . 2009-01-10 10:22 <DIR> d--hs---- c:\windows\ftpcache
2009-01-10 07:12 . 2009-01-10 07:12 <DIR> d-------- c:\documents and settings\admin\Application Data\Playrix Entertainment
2009-01-10 07:11 . 2009-01-10 07:11 <DIR> d-------- c:\windows\Fishdom
2009-01-10 07:11 . 2009-01-10 07:12 <DIR> d-------- c:\program files\Fishdom
2009-01-08 14:20 . 2009-01-08 14:20 4,096 --a------ c:\windows\d3dx.dat
2009-01-08 10:51 . 2009-01-08 10:51 <DIR> d-------- c:\program files\CCleaner
2009-01-08 06:27 . 2009-01-08 06:27 330 --a------ c:\windows\CDPlayer.ini
2009-01-07 12:17 . 2009-01-17 11:45 <DIR> d-------- C:\My Music
2009-01-07 12:14 . 2009-01-07 12:15 <DIR> d-------- c:\program files\MediaMonkey
2009-01-05 23:14 . 2009-01-08 11:52 599 --a------ c:\windows\TRNCOM.INI
2009-01-03 15:51 . 2009-01-03 15:51 <DIR> d-------- c:\documents and settings\admin\Application Data\Jane s Hotel Family Hero
2009-01-03 13:22 . 2009-01-03 13:22 <DIR> d-------- c:\program files\Outsim
2009-01-03 13:22 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-03 13:22 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-03 13:20 . 2009-01-03 13:23 <DIR> d-------- c:\program files\Image-Line
2009-01-03 13:06 . 2009-01-16 08:04 <DIR> d-------- C:\Download Bitlord
2009-01-03 12:55 . 2009-01-03 12:55 <DIR> d-------- c:\documents and settings\admin\Application Data\Sony
2009-01-03 12:52 . 2009-01-03 12:52 <DIR> d-------- c:\program files\Sony Setup
2009-01-03 12:50 . 2009-01-03 12:50 <DIR> d-------- c:\program files\Acoustica Shared Effects
2009-01-03 12:50 . 2009-01-03 13:24 <DIR> d-------- c:\program files\Acoustica Beatcraft
2009-01-02 12:51 . 2009-01-02 13:05 <DIR> d-------- c:\program files\Rockstar Games
2009-01-02 12:24 . 2009-01-02 13:23 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-02 08:19 . 2009-01-07 09:10 <DIR> d-------- c:\documents and settings\admin\Application Data\GlarySoft
2009-01-01 18:44 . 2009-01-01 18:44 <DIR> d-------- c:\documents and settings\admin\Application Data\CyberLink
2009-01-01 11:10 . 2009-01-01 11:10 3,731 --a------ c:\windows\wtran32.INI
2009-01-01 11:10 . 2009-01-01 11:10 0 --a------ c:\windows\XXLGSC
2008-12-31 16:46 . 2009-01-17 23:09 2,839 --a------ c:\windows\wdict32.INI
2008-12-31 16:09 . 2008-12-31 16:09 <DIR> d-------- c:\program files\PC Translator
2008-12-29 10:07 . 2008-12-29 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\VirtualFarm
2008-12-29 09:23 . 2008-12-29 09:23 <DIR> d-------- c:\windows\INDSOFT
2008-12-29 09:21 . 2008-12-29 09:21 <DIR> d-------- c:\documents and settings\admin\Application Data\Astro Gemini Software
2008-12-29 09:21 . 2007-11-06 14:16 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-12-28 14:37 . 2008-12-28 14:37 38,934 --a------ c:\windows\system32\szbvrzregz.exe
2008-12-27 20:00 . 2008-12-27 20:00 <DIR> d-------- c:\program files\Glary Utilities
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\PixArt
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Cache
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Album
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\VideoCAM GE111
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\Common Files\PCCamera
2008-12-27 12:32 . 2008-12-27 12:32 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-27 08:01 . 2008-12-05 18:48 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-27 08:01 . 2008-12-05 18:48 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-25 08:42 . 2009-01-17 08:55 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-25 08:09 . 2008-12-27 08:04 <DIR> d-------- c:\windows\system32\Adobe
2008-12-24 14:38 . 2008-12-24 14:38 <DIR> d-------- c:\program files\Opera
2008-12-24 14:38 . 2008-12-24 14:38 0 --a------ c:\windows\nsreg.dat
2008-12-24 14:37 . 2008-12-24 14:38 7,848,496 --a------ C:\Firefox Setup 3.0.5.exe
2008-12-24 14:36 . 2008-12-24 14:36 7,408,904 --a------ C:\Opera_963_int_Setup.exe
2008-12-24 12:13 . 2009-01-17 22:36 <DIR> d-------- c:\program files\Conduit
2008-12-24 12:12 . 2009-01-03 13:05 <DIR> d-------- c:\program files\BitLord
2008-12-24 12:12 . 2008-12-24 12:12 3,096,064 --a------ C:\BitLord_1.01.exe
2008-12-24 11:39 . 2009-01-17 12:13 69 --a------ c:\windows\NeroDigital.ini
2008-12-23 20:46 . 2009-01-18 11:03 <DIR> d-------- c:\program files\Taskbar Shuffle
2008-12-23 20:43 . 2008-12-23 20:43 <DIR> d-------- c:\program files\Fractalis Software
2008-12-23 20:32 . 2009-01-18 11:03 <DIR> d-------- c:\documents and settings\admin\Application Data\skypePM
2008-12-23 20:32 . 2008-12-23 20:32 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-23 20:30 . 2009-01-18 14:29 <DIR> d-------- c:\documents and settings\admin\Application Data\Skype
2008-12-22 22:59 . 2008-12-22 22:59 <DIR> d-------- c:\windows\system32\sk-SK
2008-12-22 22:41 . 2008-12-22 22:42 <DIR> d-------- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 23:26 --------- d-----w c:\program files\Zoner
2009-01-17 22:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 22:12 --------- d-----w c:\program files\SpywareBlaster
2009-01-17 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 15:48 --------- d-----w c:\documents and settings\admin\Application Data\Vso
2009-01-07 11:05 --------- d-----w c:\program files\Winamp
2008-12-30 07:37 --------- d-----w c:\program files\CD Audio MP3 Converter
2008-12-27 05:53 --------- d-----w c:\program files\DVDFab Platinum 3
2008-12-25 07:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 19:49 737,280 ----a-w c:\windows\iun6002.exe
2008-12-22 19:49 --------- d-----w c:\program files\Codec Pack - All In 1
2008-12-22 19:41 --------- d-----w c:\program files\Realtek
2008-12-22 19:39 --------- d-----w c:\program files\S3
2008-12-22 19:38 --------- d-----w c:\program files\VIA
2008-12-22 19:30 --------- d-----w c:\program files\microsoft frontpage
2008-12-22 19:26 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-22 18:42 --------- d-----w c:\documents and settings\admin\Application Data\IsolatedStorage
2008-12-22 18:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-22 16:39 --------- d-----w c:\documents and settings\admin\Application Data\Zoner
2008-12-22 16:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 16:37 --------- d-----w c:\program files\CyberLink
2008-12-22 16:37 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-22 16:36 --------- d-----w c:\program files\Webteh
2008-12-22 16:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 16:35 --------- d-----w c:\documents and settings\admin\Application Data\Ahead
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft.NET
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft Works
2008-12-22 16:31 87,608 ----a-w c:\documents and settings\admin\Application Data\ezpinst.exe
2008-12-22 16:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-22 16:31 47,360 ----a-w c:\documents and settings\admin\Application Data\pcouffin.sys
2008-12-22 16:31 --------- d-----w c:\program files\Common Files\Ahead
2008-12-22 16:30 --------- d-----w c:\program files\Nero
2008-12-22 16:27 --------- d-----w c:\program files\ESET
2008-12-22 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-17_22.45.45,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-10 16:46:33 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-17 23:30:29 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-09-30 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-12-16 21656]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-04-08 162176]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-11-10 603648]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
.
Innehĺllet i mappen 'Schemalagda aktiviteter'

2009-01-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe []

2009-01-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 14:28]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 14:34:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsökningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-18 14:35:20
ComboFix-quarantined-files.txt 2009-01-18 13:35:18
ComboFix2.txt 2009-01-17 21:46:30

Före genomsökningen: 22 179 655 680 bytes free
Efter genomsökningen: 12 adresárov, 22,194,970,624 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

239 --- E O F --- 2009-01-14 17:26:06

a este VirusTotal /Soubor již byl testován: ale dala som ho otestovat znovu >>
tu je vysledok uff :-(

Soubor szbvrzregz.exe
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.18 Trojan.Delf.Inject!IK
AhnLab-V3 2009.1.15.0 2009.01.17 Win-Trojan/Poisonivy.38934
AntiVir 7.9.0.57 2009.01.17 BDS/Poisonivy.GD.1
Authentium 5.1.0.4 2009.01.17 W32/Backdoor2.ZYW
Avast 4.8.1281.0 2009.01.16 Win32:Rootkit-gen
AVG 8.0.0.229 2009.01.17 BackDoor.Generic9.QKX
BitDefender 7.2 2009.01.18 Backdoor.Generic.55486
CAT-QuickHeal 10.00 2009.01.17 Backdoor.PoisonIvy.gd
ClamAV 0.94.1 2009.01.18 Trojan.Agent-16758
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 Trojan.PWS.Wow
eSafe 7.0.17.0 2009.01.18 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 W32/Backdoor2.ZYW
F-Secure 8.0.14470.0 2009.01.18 Backdoor.Win32.Poison.ur
Fortinet 3.117.0.0 2009.01.15 W32/PoisonIvy.GD!tr.bdr
GData 19 2009.01.18 Backdoor.Generic.55486
Ikarus T3.1.1.45.0 2009.01.18 Trojan.Delf.Inject
K7AntiVirus 7.10.594 2009.01.17 Backdoor.Win32.PoisonIvy.gd
Kaspersky 7.0.0.125 2009.01.18 Backdoor.Win32.Poison.ur
McAfee 5498 2009.01.17 -
McAfee+Artemis 5498 2009.01.17 -
Microsoft 1.4205 2009.01.18 Backdoor:Win32/Phdet.gen!A
NOD32 3774 2009.01.17 probably a variant of Win32/RA-based
Norman 5.93.01 2009.01.16 W32/Smalldoor.BDEO
nProtect 2009.1.8.0 2009.01.16 Backdoor/W32.PoisonIvy.90806
Panda 9.5.1.2 2009.01.18 Bck/PoisonIvy.CC
PCTools 4.4.2.0 2009.01.18 Backdoor.PoisonIvy.GM
Prevx1 V2 2009.01.18 System Back Door
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.17 Trojan.Backdoor.Poisonivy.GD.1
Sophos 4.37.0 2009.01.18 Mal/Generic-A
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 Trojan Horse
TheHacker 6.3.1.5.222 2009.01.17 Backdoor/PoisonIvy.gd
TrendMicro 8.700.0.1004 2009.01.16 TROJ_DELF.IAI
VBA32 3.12.8.10 2009.01.17 Backdoor.Win32.PoisonIvy.gd
ViRobot 2009.1.17.1563 2009.01.17 Backdoor.Win32.PoisonIvy.16896
VirusBuster 4.5.11.0 2009.01.17 Backdoor.PoisonIvy.GM
Rozšiřující informace
File size: 38934 bytes
MD5...: d911a13700276f093db4cdda2b4816bd
SHA1..: 0269d6130294b653116408ee05fc890d871c43a0
SHA256: 24ee91cb80b6e856faed50229bac6e69ac8cb8575a4c5873730b05597badc8df
SHA512: fbb713b11bae1afec2694205b05e8b05fecbaba744f1e047e96fe5e1e61705ab
205a055b2b8a1b9b728bd114b1b69135673942b646e77be7d98db75cc076f83e

ssdeep: 768:8uirUDkGwz92J/fyuCEOfh+oXoyCd/QtwBQlBXinxF5vZmWI:8uirskDUnyu
Wfh+o4yCd/cUF58R

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3003ca8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x2eb0 0x3000 6.44 ded151b873352d854561c8dbcef354dc
DATA 0x4000 0xbc 0x200 1.58 1bc2e5c316022fa671b7c68cdee8829e
BSS 0x5000 0x6b9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x6000 0x2a0 0x400 3.18 21b770a34f88d2dffbcc05abce583bed
.tls 0x7000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x8000 0x18 0x200 0.20 e64e754af5edf34158898b00db73531d
.reloc 0x9000 0x2f4 0x400 5.32 5549b628bd1c953bf98522c4c66f5c87
.rsrc 0xa000 0x10 0x200 0.08 bac7e902dadeef7b68ea84f5f2215ee4

( 2 imports )
> kernel32.dll: GetCurrentThreadId, GetLastError, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap
> kernel32.dll: LoadLibraryA, GetProcAddress, GetModuleFileNameA, GetCommandLineA, FreeLibrary

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=F72C6FF0169C4B5E987B0016B8853100F97EDCCD' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=F72C6FF0169C4B5E987B0016B8853100F97EDCCD</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d911a13700276f093db4cdda2b4816bd' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d911a13700276f093db4cdda2b4816bd</a>

Příspěvekod **jaro3** » 18 led 2009 15:10

takže ještě jeden script:

Kód: Vybrat vše

File::
c:\windows\XXLGSC

DirLook::
c:\windows\SxsCaPendDel

Postup stejný.

Melania · Příspěvekod **Melania** » 18 led 2009 15:22

dalsi log z CF >>

ComboFix 09-01-17.04 - admin 2009-01-18 15:15:06.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1007.608 [GMT 1:00]
Körs frĺn: c:\documents and settings\admin\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
* Skapade en ny ĺterställningspunkt
* Resident AV is active

FILE ::
c:\windows\XXLGSC
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\XXLGSC

.
(((((((((((((((((((((((( Filer Skapade frĺn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-18 00:27 . 2009-01-18 11:30 280 --a------ c:\windows\emm386n.dl
2009-01-18 00:25 . 2009-01-18 00:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 22:38 . 2009-01-17 22:39 9,123 --a------ C:\ResetTeaTimer.bat
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes
2009-01-17 20:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 20:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 16:48 . 2009-01-17 16:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-17 00:38 . 2009-01-17 00:43 <DIR> d-------- c:\program files\360desktop
2009-01-17 00:38 . 2009-01-17 00:38 <DIR> d-------- c:\documents and settings\admin\Application Data\360desktop
2009-01-16 20:07 . 2009-01-17 00:09 <DIR> d---s---- c:\documents and settings\Administrator
2009-01-16 19:37 . 2009-01-16 19:37 380,764 --a------ c:\program files\TU2009v8_0_2000_35CZ.zip
2009-01-16 19:31 . 2009-01-16 19:31 <DIR> d-------- c:\documents and settings\admin\Application Data\TuneUp Software
2009-01-16 19:30 . 2009-01-17 00:10 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-16 19:30 . 2009-01-16 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-15 12:52 . 2009-01-17 10:59 <DIR> d-------- c:\program files\Pivot Stickfigure Animator
2009-01-12 14:11 . 2009-01-12 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-12 14:10 . 2009-01-12 14:39 <DIR> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-12 12:42 . 2009-01-12 12:42 <DIR> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-10 10:22 . 2009-01-10 10:22 <DIR> d--hs---- c:\windows\ftpcache
2009-01-10 07:12 . 2009-01-10 07:12 <DIR> d-------- c:\documents and settings\admin\Application Data\Playrix Entertainment
2009-01-10 07:11 . 2009-01-10 07:11 <DIR> d-------- c:\windows\Fishdom
2009-01-10 07:11 . 2009-01-10 07:12 <DIR> d-------- c:\program files\Fishdom
2009-01-08 14:20 . 2009-01-08 14:20 4,096 --a------ c:\windows\d3dx.dat
2009-01-08 10:51 . 2009-01-08 10:51 <DIR> d-------- c:\program files\CCleaner
2009-01-08 06:27 . 2009-01-08 06:27 330 --a------ c:\windows\CDPlayer.ini
2009-01-07 12:17 . 2009-01-17 11:45 <DIR> d-------- C:\My Music
2009-01-07 12:14 . 2009-01-07 12:15 <DIR> d-------- c:\program files\MediaMonkey
2009-01-05 23:14 . 2009-01-08 11:52 599 --a------ c:\windows\TRNCOM.INI
2009-01-03 15:51 . 2009-01-03 15:51 <DIR> d-------- c:\documents and settings\admin\Application Data\Jane s Hotel Family Hero
2009-01-03 13:22 . 2009-01-03 13:22 <DIR> d-------- c:\program files\Outsim
2009-01-03 13:22 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-03 13:22 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-03 13:20 . 2009-01-03 13:23 <DIR> d-------- c:\program files\Image-Line
2009-01-03 13:06 . 2009-01-16 08:04 <DIR> d-------- C:\Download Bitlord
2009-01-03 12:55 . 2009-01-03 12:55 <DIR> d-------- c:\documents and settings\admin\Application Data\Sony
2009-01-03 12:52 . 2009-01-03 12:52 <DIR> d-------- c:\program files\Sony Setup
2009-01-03 12:50 . 2009-01-03 12:50 <DIR> d-------- c:\program files\Acoustica Shared Effects
2009-01-03 12:50 . 2009-01-03 13:24 <DIR> d-------- c:\program files\Acoustica Beatcraft
2009-01-02 12:51 . 2009-01-02 13:05 <DIR> d-------- c:\program files\Rockstar Games
2009-01-02 12:24 . 2009-01-02 13:23 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-02 08:19 . 2009-01-07 09:10 <DIR> d-------- c:\documents and settings\admin\Application Data\GlarySoft
2009-01-01 18:44 . 2009-01-01 18:44 <DIR> d-------- c:\documents and settings\admin\Application Data\CyberLink
2009-01-01 11:10 . 2009-01-01 11:10 3,731 --a------ c:\windows\wtran32.INI
2008-12-31 16:46 . 2009-01-17 23:09 2,839 --a------ c:\windows\wdict32.INI
2008-12-31 16:09 . 2008-12-31 16:09 <DIR> d-------- c:\program files\PC Translator
2008-12-29 10:07 . 2008-12-29 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\VirtualFarm
2008-12-29 09:23 . 2008-12-29 09:23 <DIR> d-------- c:\windows\INDSOFT
2008-12-29 09:21 . 2008-12-29 09:21 <DIR> d-------- c:\documents and settings\admin\Application Data\Astro Gemini Software
2008-12-29 09:21 . 2007-11-06 14:16 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-12-28 14:37 . 2008-12-28 14:37 38,934 --a------ c:\windows\system32\szbvrzregz.exe
2008-12-27 20:00 . 2008-12-27 20:00 <DIR> d-------- c:\program files\Glary Utilities
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-12-27 12:35 . 2008-04-14 06:12 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\PixArt
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Cache
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\windows\Album
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\VideoCAM GE111
2008-12-27 12:33 . 2008-12-27 12:33 <DIR> d-------- c:\program files\Common Files\PCCamera
2008-12-27 12:32 . 2008-12-27 12:32 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-27 08:01 . 2008-12-05 18:48 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-27 08:01 . 2008-12-05 18:48 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 08:22 . 2008-04-14 00:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-25 08:42 . 2009-01-17 08:55 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-25 08:09 . 2008-12-27 08:04 <DIR> d-------- c:\windows\system32\Adobe
2008-12-24 14:38 . 2008-12-24 14:38 <DIR> d-------- c:\program files\Opera
2008-12-24 14:38 . 2008-12-24 14:38 0 --a------ c:\windows\nsreg.dat
2008-12-24 14:37 . 2008-12-24 14:38 7,848,496 --a------ C:\Firefox Setup 3.0.5.exe
2008-12-24 14:36 . 2008-12-24 14:36 7,408,904 --a------ C:\Opera_963_int_Setup.exe
2008-12-24 12:13 . 2009-01-17 22:36 <DIR> d-------- c:\program files\Conduit
2008-12-24 12:12 . 2009-01-03 13:05 <DIR> d-------- c:\program files\BitLord
2008-12-24 12:12 . 2008-12-24 12:12 3,096,064 --a------ C:\BitLord_1.01.exe
2008-12-24 11:39 . 2009-01-17 12:13 69 --a------ c:\windows\NeroDigital.ini
2008-12-23 20:46 . 2009-01-18 11:03 <DIR> d-------- c:\program files\Taskbar Shuffle
2008-12-23 20:43 . 2008-12-23 20:43 <DIR> d-------- c:\program files\Fractalis Software
2008-12-23 20:32 . 2009-01-18 15:01 <DIR> d-------- c:\documents and settings\admin\Application Data\skypePM
2008-12-23 20:32 . 2008-12-23 20:32 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-23 20:30 . 2008-12-23 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-23 20:30 . 2009-01-18 15:14 <DIR> d-------- c:\documents and settings\admin\Application Data\Skype
2008-12-22 22:59 . 2008-12-22 22:59 <DIR> d-------- c:\windows\system32\sk-SK
2008-12-22 22:41 . 2008-12-22 22:42 <DIR> d-------- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 23:26 --------- d-----w c:\program files\Zoner
2009-01-17 22:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 22:12 --------- d-----w c:\program files\SpywareBlaster
2009-01-17 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 15:48 --------- d-----w c:\documents and settings\admin\Application Data\Vso
2009-01-07 11:05 --------- d-----w c:\program files\Winamp
2008-12-30 07:37 --------- d-----w c:\program files\CD Audio MP3 Converter
2008-12-27 05:53 --------- d-----w c:\program files\DVDFab Platinum 3
2008-12-25 07:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-22 19:49 737,280 ----a-w c:\windows\iun6002.exe
2008-12-22 19:49 --------- d-----w c:\program files\Codec Pack - All In 1
2008-12-22 19:41 --------- d-----w c:\program files\Realtek
2008-12-22 19:39 --------- d-----w c:\program files\S3
2008-12-22 19:38 --------- d-----w c:\program files\VIA
2008-12-22 19:30 --------- d-----w c:\program files\microsoft frontpage
2008-12-22 19:26 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-22 18:42 --------- d-----w c:\documents and settings\admin\Application Data\IsolatedStorage
2008-12-22 18:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-22 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Symantec
2008-12-22 16:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-22 16:39 --------- d-----w c:\documents and settings\admin\Application Data\Zoner
2008-12-22 16:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 16:37 --------- d-----w c:\program files\CyberLink
2008-12-22 16:37 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-22 16:36 --------- d-----w c:\program files\Webteh
2008-12-22 16:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 16:35 --------- d-----w c:\documents and settings\admin\Application Data\Ahead
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft.NET
2008-12-22 16:33 --------- d-----w c:\program files\Microsoft Works
2008-12-22 16:31 87,608 ----a-w c:\documents and settings\admin\Application Data\ezpinst.exe
2008-12-22 16:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-22 16:31 47,360 ----a-w c:\documents and settings\admin\Application Data\pcouffin.sys
2008-12-22 16:31 --------- d-----w c:\program files\Common Files\Ahead
2008-12-22 16:30 --------- d-----w c:\program files\Nero
2008-12-22 16:27 --------- d-----w c:\program files\ESET
2008-12-22 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\SxsCaPendDel ----

((((((((((((((((((((((((((((( snapshot@2009-01-17_22.45.45,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-10 16:46:33 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-17 23:30:29 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-09-30 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-12-16 21656]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-04-08 162176]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-11-10 603648]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
.
Innehĺllet i mappen 'Schemalagda aktiviteter'

2009-01-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe []

2009-01-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 14:28]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 15:15:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsökningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-18 15:16:51
ComboFix-quarantined-files.txt 2009-01-18 14:16:49
ComboFix2.txt 2009-01-18 13:35:21
ComboFix3.txt 2009-01-17 21:46:30

Före genomsökningen: 22 190 542 848 bytes free
Efter genomsökningen: 12 adresárov, 22,181,285,888 voľných bajtov

234 --- E O F --- 2009-01-14 17:26:06

Příspěvekod **jaro3** » 18 led 2009 15:29

Já se moc omlouvám , ale nějak jsem přehlédl ten výsledek z VT, takže ještě jeden script v CF :oops:

Kód: Vybrat vše

File::
c:\windows\system32\szbvrzregz.exe

Poprosim o kontrolu logu HJT - Trojany Vyřešeno

Poprosim o kontrolu logu HJT - Trojany Vyřešeno

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Re: Poprosim o kontrolu logu HJT - Trojany

Kdo je online