Kontrola logu Vyřešeno

[miruska27]

Hezký den. Prosím o kontrolu logu. Dnes po zapnutí PC mi chtěl sám od sebe stahovat nejaký soubor z Igateway.com. NOD tu adresu odpojil. Po projetí Mbam našel 2 trojany. Nechal jsem je odstanit a Mbam chtěl restart. Po něm se situace opakuje... už asi 3x. Přikládám log z Hjt a Mbam. Děkuji.... M*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:21, on 12.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DOCUME~1\Mirek\LOCALS~1\Temp\setupv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Mirek\LOCALS~1\Temp\ldm1.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Startup: updater.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9639 bytes


Malwarebytes' Anti-Malware 1.44
Verze databáze: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.2.2010 8:03:18
mbam-log-2010-02-12 (08-03-18).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 112831
Uplynulý čas: 3 minute(s), 14 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
C:\Documents and Settings\Mirek\Local Settings\Temp\ldm1.exe (Adware.Agent) -> Unloaded process successfully.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Mirek\Local Settings\Temp\ldm1.exe (Adware.Agent) -> Quarantined and deleted successfully.

P.S. NOD32 nic nenašel...

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - Startup: updater.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\DOCUME~1\Mirek\LOCALS~1\Temp\setupv.exe
C:\DOCUME~1\Mirek\LOCALS~1\Temp\ldm1.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[miruska27]

Napřed poděkování..... Díka Jaro. A teď logy....

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\Mirek\LOCALS~1\Temp\setupv.exe moved successfully.
File/Folder C:\DOCUME~1\Mirek\LOCALS~1\Temp\ldm1.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mirek\LOCALS~1\Temp\wz68ee\OTMoveIt\OTM.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\DALGI7WR\Setup[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\7XN93ST7\ads[6].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\7XN93ST7\index[1].php scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\6Z8O6JMD\ads[11].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\6Z8O6JMD\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 02122010_082803



ComboFix 10-02-11.04 - Mirek 12.02.2010 8:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1549 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 07:28 . 2010-02-12 07:28 -------- d-----w- C:\_OTM
2010-02-12 06:57 . 2010-02-12 06:57 -------- d-----w- c:\program files\Trend Micro
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-11 22:43 . 2010-02-11 22:43 -------- d-----w- c:\program files\CDex
2010-02-11 12:19 . 2010-02-11 23:09 -------- d-----w- c:\program files\CDex_170b2
2010-02-09 10:34 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-08 15:05 . 1999-09-27 15:15 78848 ----a-w- c:\windows\system32\INLOADER.DLL
2010-02-08 15:04 . 1996-10-15 17:01 298496 ----a-w- c:\windows\uninst.exe
2010-02-08 15:04 . 2010-02-08 15:04 -------- d-----w- c:\documents and settings\Mirek\WINDOWS
2010-02-07 23:41 . 2010-02-07 23:45 -------- d-----w- c:\program files\ICQ7.0
2010-01-28 06:50 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-28 06:50 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-28 06:50 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-28 06:50 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-28 06:50 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-28 06:50 . 2010-01-28 12:49 -------- d-----w- c:\program files\VSO
2010-01-28 06:33 . 2010-02-05 20:11 -------- d-----w- c:\program files\Svátky a narozeniny
2010-01-26 10:48 . 2010-01-26 10:50 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-26 06:52 . 2010-01-26 15:10 -------- d-----w- c:\program files\Google
2010-01-25 13:18 . 2010-01-25 13:18 -------- d-----w- c:\program files\Secunia
2010-01-25 09:50 . 2010-01-25 09:50 -------- d-----w- c:\program files\MSXML 4.0
2010-01-25 08:52 . 2010-01-26 10:48 -------- d-----w- c:\program files\Nero
2010-01-25 08:52 . 2010-01-26 07:15 -------- d-----w- c:\program files\Common Files\Nero
2010-01-22 13:36 . 2010-01-22 13:36 -------- d-----w- c:\program files\Common Files\Skype
2010-01-22 13:09 . 2010-01-22 13:09 230432 ----a-w- C:\PA7302.DAT
2010-01-22 12:48 . 2010-01-22 12:48 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-01-22 12:31 . 2010-01-22 12:31 -------- d-----w- c:\program files\IVT Corporation
2010-01-14 20:01 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-14 20:01 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-14 19:59 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-14 19:04 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-14 19:04 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-14 19:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-14 19:01 . 2010-01-14 19:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-14 19:01 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-14 19:01 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-14 19:01 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-14 19:01 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-14 19:01 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-14 19:01 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 18:22 . 2010-01-12 00:41 -------- d-----w- c:\program files\DVDFab 6
2010-02-07 23:45 . 2010-01-12 09:26 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-07 23:45 . 2010-01-11 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 22:22 . 2010-01-12 00:14 -------- d-----w- c:\program files\Microsoft Works
2010-02-06 19:27 . 2010-01-12 20:45 -------- d-----w- c:\program files\Ashampoo
2010-02-05 20:00 . 2010-01-12 21:13 -------- d-----w- c:\program files\VS Revo Group
2010-02-05 18:00 . 2010-01-11 20:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-26 15:51 . 2010-01-12 21:15 -------- d-----w- c:\program files\Krtecek
2010-01-24 19:16 . 2010-01-12 21:18 -------- d-----r- c:\program files\Skype
2010-01-14 20:02 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 20:02 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-01-14 19:59 . 2010-01-14 19:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-14 19:59 . 2010-01-14 19:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-14 19:04 . 2010-01-12 08:32 -------- d-----w- c:\program files\Nokia
2010-01-12 21:37 . 2010-01-12 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:23 . 2010-01-12 21:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-12 21:03 . 2010-01-12 21:02 -------- d-----w- c:\program files\DVD Decrypter
2010-01-12 20:49 . 2010-01-12 20:48 -------- d-----w- c:\program files\DVD Shrink
2010-01-12 09:41 . 2010-01-12 09:41 -------- d-----w- c:\program files\Epson Software
2010-01-12 09:41 . 2010-01-12 09:36 -------- d-----w- c:\program files\epson
2010-01-12 09:41 . 2010-01-11 20:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-12 09:41 . 2010-01-12 09:40 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-12 09:17 . 2010-01-12 09:06 -------- d-----w- c:\program files\Kdo je kdo 2.3.1
2010-01-12 08:50 . 2010-01-12 08:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-12 08:50 . 2010-01-12 08:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-12 08:33 . 2010-01-12 08:33 -------- d-----w- c:\program files\DIFX
2010-01-12 08:16 . 2010-01-12 08:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-12 08:16 . 2010-01-12 08:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-12 08:13 . 2010-01-12 08:13 -------- d-----w- c:\program files\Common Files\LogiShared
2010-01-12 08:08 . 2010-01-12 08:07 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-12 08:07 . 2010-01-12 08:07 -------- d-----w- c:\program files\Logitech
2010-01-12 00:42 . 2010-01-12 00:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-12 00:39 . 2010-01-12 00:39 -------- d-----w- c:\program files\MSI
2010-01-12 00:14 . 2010-01-12 00:14 -------- d-----w- c:\program files\Microsoft.NET
2010-01-11 22:45 . 2010-01-11 21:48 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-11 22:39 . 2010-01-11 22:39 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:18 . 2010-01-11 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 21:50 . 2010-01-11 21:50 -------- d-----w- c:\program files\MSBuild
2010-01-11 21:50 . 2010-01-11 21:50 -------- d-----w- c:\program files\Reference Assemblies
2010-01-11 21:47 . 2010-01-11 21:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-11 21:35 . 2010-01-11 21:24 -------- d-----w- c:\program files\Java
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 21:08 . 2010-01-11 21:08 -------- d-----w- c:\program files\ESET
2010-01-11 20:42 . 2010-01-11 20:42 -------- d-----w- c:\program files\Realtek
2010-01-11 20:42 . 2010-01-11 20:42 315392 ----a-w- c:\windows\HideWin.exe
2010-01-11 20:38 . 2010-01-11 20:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-11 20:38 . 2010-01-11 20:24 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-11 20:37 . 2010-01-11 20:24 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\program files\microsoft frontpage
2010-01-11 20:21 . 2010-01-11 20:21 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 15:07 . 2010-01-12 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-12 21:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-01-11 20:21 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 13:45 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-12 26624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-11 16342528]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-12 692224]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2010-1-12 82944]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 13:27 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 13:25 472280]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WEBTRAN - (no file)
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 08:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\sxs.dll

- - - - - - - > 'explorer.exe'(576)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-12 08:38:54
ComboFix-quarantined-files.txt 2010-02-12 07:38

Před spuštěním: Volných bajtů: 59 707 670 528
Po spuštění: Volných bajtů: 59 675 795 456

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1F45BC7175006FCEC230FBA9830EC2BA

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\w c:\windows\HideWin.exeindows\system32\ezsidmv.dat
c:\windows\system32\emptyregdb.dat

Folder::
c:\program files\ICQ6Toolbar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.

Toto otestuj na Virustotal
c:\windows\system32\unrar.dll
Vlož sem pak odkaz na stránku s výsledky.

[miruska27]

Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3909 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7299 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5889 2010.02.11 -
McAfee+Artemis 5889 2010.02.11 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4860 2010.02.12 -
Norman 6.04.08 2010.02.11 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Prevx 3.0 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.190 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.11 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 178176 bytes
MD5...: 1ee8e136d3d7bb34023c063b9804e49a
SHA1..: 9114dc72db65a7d88e76ac854fdae52694cd825d
SHA256: fdd550c54ede4caa83cedf125d9f90e5495a9c29e52d5b55e03aa558583109e9
ssdeep: 3072:s0sWy7LMd2QG37Jq8eIC5FupiXVJ2KPocNmglqziDzhvyV0W549UpN+IJI:
9sW8Qd2QGLJq8v0jcKPoclldwa79IJI

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1bcd8
timedatestamp.....: 0x4b236d36 (Sat Dec 12 10:15:18 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x232fe 0x23400 6.64 3dc803174f70ed5d3aa76b67b422358e
.rdata 0x25000 0x3b70 0x3c00 5.30 2b0cb73e17bc6e99c2b6bc9f171d2a15
.data 0x29000 0x807c 0x1800 2.92 ea565454457989a4711fb6d4a5eccc75
.rsrc 0x32000 0x434 0x600 4.60 d9145cad11e2faf3a9147ea6ad34e662
.reloc 0x33000 0x2416 0x2600 4.27 d2b932253022d83b0dc1e2cce1c46ec2

( 3 imports )
> KERNEL32.dll: SetEndOfFile, GetFileType, CreateFileA, CreateFileW, ReadFile, GetStdHandle, WriteFile, GetProcAddress, GetModuleHandleA, GetFileAttributesA, GetFileAttributesW, SetFileAttributesA, SetFileAttributesW, GetFullPathNameA, DeleteFileA, DeleteFileW, DeviceIoControl, CreateDirectoryA, CreateDirectoryW, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, SetFilePointer, GetVersionExA, GetModuleFileNameA, FreeLibrary, LoadLibraryA, CompareStringA, LocalFileTimeToFileTime, SystemTimeToFileTime, FileTimeToSystemTime, FileTimeToLocalFileTime, GetSystemTime, WideCharToMultiByte, MultiByteToWideChar, CompareStringW, IsDBCSLeadByte, GetCPInfo, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, FlushFileBuffers, MoveFileA, SetFileTime, Sleep, GetCurrentProcess, GetLastError, CloseHandle, FindFirstFileW, GetLocaleInfoA, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, RaiseException, GetModuleHandleW, ExitProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapCreate, HeapDestroy, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetVersion, InitializeCriticalSectionAndSpinCount, LCMapStringA, LCMapStringW, SetHandleCount, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetStringTypeA, GetStringTypeW, WriteConsoleW
> USER32.dll: CharUpperW, CharLowerW, CharLowerA, CharToOemA, CharUpperA, CharToOemBuffA, OemToCharA, OemToCharBuffA
> ADVAPI32.dll: SetFileSecurityA, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges

( 12 exports )
RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARProcessFileW, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Alexander Roshal
copyright....: n/a
product......: RAR decompression library
description..: RAR decompression library
original name: Unrar.dll
internal name: n/a
file version.: 3.91.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3909 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7299 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5889 2010.02.11 -
McAfee+Artemis 5889 2010.02.11 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4860 2010.02.12 -
Norman 6.04.08 2010.02.11 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Prevx 3.0 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.190 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.11 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 178176 bytes
MD5...: 1ee8e136d3d7bb34023c063b9804e49a
SHA1..: 9114dc72db65a7d88e76ac854fdae52694cd825d
SHA256: fdd550c54ede4caa83cedf125d9f90e5495a9c29e52d5b55e03aa558583109e9
ssdeep: 3072:s0sWy7LMd2QG37Jq8eIC5FupiXVJ2KPocNmglqziDzhvyV0W549UpN+IJI:
9sW8Qd2QGLJq8v0jcKPoclldwa79IJI

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1bcd8
timedatestamp.....: 0x4b236d36 (Sat Dec 12 10:15:18 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x232fe 0x23400 6.64 3dc803174f70ed5d3aa76b67b422358e
.rdata 0x25000 0x3b70 0x3c00 5.30 2b0cb73e17bc6e99c2b6bc9f171d2a15
.data 0x29000 0x807c 0x1800 2.92 ea565454457989a4711fb6d4a5eccc75
.rsrc 0x32000 0x434 0x600 4.60 d9145cad11e2faf3a9147ea6ad34e662
.reloc 0x33000 0x2416 0x2600 4.27 d2b932253022d83b0dc1e2cce1c46ec2

( 3 imports )
> KERNEL32.dll: SetEndOfFile, GetFileType, CreateFileA, CreateFileW, ReadFile, GetStdHandle, WriteFile, GetProcAddress, GetModuleHandleA, GetFileAttributesA, GetFileAttributesW, SetFileAttributesA, SetFileAttributesW, GetFullPathNameA, DeleteFileA, DeleteFileW, DeviceIoControl, CreateDirectoryA, CreateDirectoryW, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, SetFilePointer, GetVersionExA, GetModuleFileNameA, FreeLibrary, LoadLibraryA, CompareStringA, LocalFileTimeToFileTime, SystemTimeToFileTime, FileTimeToSystemTime, FileTimeToLocalFileTime, GetSystemTime, WideCharToMultiByte, MultiByteToWideChar, CompareStringW, IsDBCSLeadByte, GetCPInfo, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, FlushFileBuffers, MoveFileA, SetFileTime, Sleep, GetCurrentProcess, GetLastError, CloseHandle, FindFirstFileW, GetLocaleInfoA, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, RaiseException, GetModuleHandleW, ExitProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapCreate, HeapDestroy, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetVersion, InitializeCriticalSectionAndSpinCount, LCMapStringA, LCMapStringW, SetHandleCount, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetStringTypeA, GetStringTypeW, WriteConsoleW
> USER32.dll: CharUpperW, CharLowerW, CharLowerA, CharToOemA, CharUpperA, CharToOemBuffA, OemToCharA, OemToCharBuffA
> ADVAPI32.dll: SetFileSecurityA, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges

( 12 exports )
RARCloseArchive, RARGetDllVersion, RAROpenArchive, RAROpenArchiveEx, RARProcessFile, RARProcessFileW, RARReadHeader, RARReadHeaderEx, RARSetCallback, RARSetChangeVolProc, RARSetPassword, RARSetProcessDataProc

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Alexander Roshal
copyright....: n/a
product......: RAR decompression library
description..: RAR decompression library
original name: Unrar.dll
internal name: n/a
file version.: 3.91.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:20, on 12.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8538 bytes

P.S. Log z Combofix mi sem nevejde,ani do nové zprávy

[jaro3]

Vlož ho sem:
http://www.edisk.cz/---vytvořit složku a potom jí zararovat.
a vlož sem odkaz ke stažení.

[miruska27]

Jaro a co tekhle???

http://www.edisk.cz/stahni/56707/log_Co ... .07KB.html

[jaro3]

Fajn, až bude trochu času , mrknu na to.

[miruska27]

DÍKY.............

[jaro3]

Tak ještě jeden script v CF:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\ezsidmv.dat
c:\windows\HideWin.exe


Stejný postup.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.

Toto otestuj na Virustotal
c:\windows\system32\user.exe
c:\windows\system32\ups.exe
Vlož sem pak odkazy na stránky s výsledky.

[miruska27]

PC se v průbělu chodu Combofixu restartoval,tady je log.

ComboFix 10-02-11.04 - Mirek 12.02.2010 19:17:21.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1559 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\HideWin.exe"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\HideWin.exe
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 11:05 . 2009-07-20 11:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-12 11:04 . 2010-02-12 11:06 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-12 07:28 . 2010-02-12 07:28 -------- d-----w- C:\_OTM
2010-02-12 06:57 . 2010-02-12 06:57 -------- d-----w- c:\program files\Trend Micro
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-11 22:43 . 2010-02-11 22:43 -------- d-----w- c:\program files\CDex
2010-02-11 12:19 . 2010-02-11 23:09 -------- d-----w- c:\program files\CDex_170b2
2010-02-09 10:34 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-08 15:05 . 1999-09-27 15:15 78848 ----a-w- c:\windows\system32\INLOADER.DLL
2010-02-08 15:04 . 1996-10-15 17:01 298496 ----a-w- c:\windows\uninst.exe
2010-02-08 15:04 . 2010-02-08 15:04 -------- d-----w- c:\documents and settings\Mirek\WINDOWS
2010-02-07 23:41 . 2010-02-07 23:45 -------- d-----w- c:\program files\ICQ7.0
2010-01-28 06:50 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-28 06:50 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-28 06:50 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-28 06:50 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-28 06:50 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-28 06:50 . 2010-01-28 12:49 -------- d-----w- c:\program files\VSO
2010-01-28 06:33 . 2010-02-05 20:11 -------- d-----w- c:\program files\Svátky a narozeniny
2010-01-26 10:48 . 2010-01-26 10:50 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-26 06:52 . 2010-01-26 15:10 -------- d-----w- c:\program files\Google
2010-01-25 13:18 . 2010-01-25 13:18 -------- d-----w- c:\program files\Secunia
2010-01-25 09:50 . 2010-01-25 09:50 -------- d-----w- c:\program files\MSXML 4.0
2010-01-25 08:52 . 2010-01-26 10:48 -------- d-----w- c:\program files\Nero
2010-01-25 08:52 . 2010-01-26 07:15 -------- d-----w- c:\program files\Common Files\Nero
2010-01-22 13:36 . 2010-01-22 13:36 -------- d-----w- c:\program files\Common Files\Skype
2010-01-22 13:09 . 2010-01-22 13:09 230432 ----a-w- C:\PA7302.DAT
2010-01-22 12:48 . 2010-01-22 12:48 -------- d-----r- c:\documents and settings\LocalService\Dokumenty
2010-01-22 12:31 . 2010-01-22 12:31 -------- d-----w- c:\program files\IVT Corporation
2010-01-14 20:01 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-14 20:01 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-14 19:59 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-14 19:04 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-14 19:04 . 2010-01-14 19:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-14 19:01 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-14 19:01 . 2010-01-14 19:01 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-14 19:01 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-14 19:01 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-14 19:01 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-14 19:01 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-14 19:01 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-14 19:01 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 11:05 . 2010-02-12 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-12 11:05 . 2010-01-12 08:07 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-12 11:04 . 2010-01-11 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 18:22 . 2010-01-12 00:41 -------- d-----w- c:\program files\DVDFab 6
2010-02-07 22:22 . 2010-01-12 00:14 -------- d-----w- c:\program files\Microsoft Works
2010-02-06 19:27 . 2010-01-12 20:45 -------- d-----w- c:\program files\Ashampoo
2010-02-05 20:00 . 2010-01-12 21:13 -------- d-----w- c:\program files\VS Revo Group
2010-02-05 18:00 . 2010-01-11 20:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-26 15:51 . 2010-01-12 21:15 -------- d-----w- c:\program files\Krtecek
2010-01-24 19:16 . 2010-01-12 21:18 -------- d-----r- c:\program files\Skype
2010-01-14 20:02 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 20:02 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-01-14 19:59 . 2010-01-14 19:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-14 19:59 . 2010-01-14 19:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-14 19:04 . 2010-01-12 08:32 -------- d-----w- c:\program files\Nokia
2010-01-12 21:37 . 2010-01-12 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:03 . 2010-01-12 21:02 -------- d-----w- c:\program files\DVD Decrypter
2010-01-12 20:49 . 2010-01-12 20:48 -------- d-----w- c:\program files\DVD Shrink
2010-01-12 09:41 . 2010-01-12 09:41 -------- d-----w- c:\program files\Epson Software
2010-01-12 09:41 . 2010-01-12 09:36 -------- d-----w- c:\program files\epson
2010-01-12 09:41 . 2010-01-11 20:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-12 09:41 . 2010-01-12 09:40 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-12 09:17 . 2010-01-12 09:06 -------- d-----w- c:\program files\Kdo je kdo 2.3.1
2010-01-12 08:50 . 2010-01-12 08:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-12 08:50 . 2010-01-12 08:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-12 08:33 . 2010-01-12 08:33 -------- d-----w- c:\program files\DIFX
2010-01-12 08:16 . 2010-01-12 08:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-12 08:16 . 2010-01-12 08:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-12 08:13 . 2010-01-12 08:13 -------- d-----w- c:\program files\Common Files\LogiShared
2010-01-12 08:07 . 2010-01-12 08:07 -------- d-----w- c:\program files\Logitech
2010-01-12 00:42 . 2010-01-12 00:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-12 00:39 . 2010-01-12 00:39 -------- d-----w- c:\program files\MSI
2010-01-12 00:14 . 2010-01-12 00:14 -------- d-----w- c:\program files\Microsoft.NET
2010-01-11 22:45 . 2010-01-11 21:48 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-11 22:39 . 2010-01-11 22:39 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:18 . 2010-01-11 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 21:50 . 2010-01-11 21:50 -------- d-----w- c:\program files\MSBuild
2010-01-11 21:50 . 2010-01-11 21:50 -------- d-----w- c:\program files\Reference Assemblies
2010-01-11 21:47 . 2010-01-11 21:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-11 21:35 . 2010-01-11 21:24 -------- d-----w- c:\program files\Java
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 21:08 . 2010-01-11 21:08 -------- d-----w- c:\program files\ESET
2010-01-11 20:42 . 2010-01-11 20:42 -------- d-----w- c:\program files\Realtek
2010-01-11 20:38 . 2010-01-11 20:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-11 20:38 . 2010-01-11 20:24 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-11 20:37 . 2010-01-11 20:24 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\program files\microsoft frontpage
2010-01-07 15:07 . 2010-01-12 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-12 21:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-01-11 20:21 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 13:45 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-12_11.12.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 18:21 . 2010-02-12 18:21 16384 c:\windows\temp\Perflib_Perfdata_28c.dat
+ 2010-01-12 08:08 . 2006-11-02 16:09 1419232 c:\windows\system32\WdfCoInstaller01005.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-01-12 26624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-11 16342528]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-12 813584]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2010-1-12 82944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 13:27 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 13:25 472280]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 19:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3172)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Secunia\PSI\psi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-12 19:23:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-12 18:23
ComboFix2.txt 2010-02-12 11:13
ComboFix3.txt 2010-02-12 07:38

Před spuštěním: Volných bajtů: 59 558 862 848
Po spuštění: Volných bajtů: 59 520 491 520

- - End Of File - - B2C4F0B92B58D20CDAC35447B74398E1

Soubor user.exe přijatý 2010.02.12 18:31:36 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 46 a 66 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3912 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7299 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5889 2010.02.11 -
McAfee+Artemis 5889 2010.02.11 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4861 2010.02.12 -
Norman 6.04.08 2010.02.12 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.190 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.12 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 47872 bytes
MD5...: d3e79e88994473acea02f407c3816a77
SHA1..: 0ea39038d0e584f586b3189798fbe5e405e83093
SHA256: ca1423cdec193455b33df9f417873f6117849ea76ac607137fb697fbfab878fa
ssdeep: 768:4AzCMrw2iQlnmT6BBw+GYUOvJF7+RhYnkmk0oFzQ3tV:HDr+YmWBBc2kRhFp
Vzat

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win16 NE executable (generic) (89.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: Copyright (c) Microsoft Corp. 1981-1996
product......: Opera_n_ syst_m Microsoft_ Windows(TM)
description..: Windows User-interface core component
original name: USER.EXE
internal name: USER
file version.: 3.10
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Soubor ups.exe přijatý 2010.02.12 18:34:37 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 4.
Odhadovaný čas začátku mezi 62 a 88 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3912 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7299 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.971 2010.02.11 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5889 2010.02.11 -
McAfee+Artemis 5889 2010.02.11 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4861 2010.02.12 -
Norman 6.04.08 2010.02.12 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Prevx 3.0 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.190 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.12 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 18432 bytes
MD5...: 20a0f6a11959e92908717d09e87d670d
SHA1..: 5408b4df82f7ad7c2896caeaa46339bbd5be6c32
SHA256: 3dd6c99ab0f70faa43df470b30078b8a51b8af735cd5c50dbb195fea70f4c36e
ssdeep: 384:GyEOExqKzE3Zb57O+1K3GovcMGZrmBjHGHygu0WBLTW:3pb55BIBjTguLL

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3eb0
timedatestamp.....: 0x48025200 (Sun Apr 13 18:33:36 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x386e 0x3a00 5.92 74adfa7b5da4f7a94eb4d82e881f813e
.data 0x5000 0x668 0x600 2.74 03da08456d5d77a031b50ac1029e9702
.rsrc 0x6000 0x3c0 0x400 3.26 df4a1832b5c1cd55b1dec890962a43e6

( 7 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _except_handler3, __p__fmode, _XcptFilter, _exit, _c_exit, wcscat, wcscpy, _controlfp, _cexit, __set_app_type, exit, wcslen
> ADVAPI32.dll: RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegisterEventSourceW, ReportEventW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteKeyW
> KERNEL32.dll: FormatMessageW, LocalFree, GetComputerNameW, GetCurrentProcess, CreateThread, ExitProcess, Sleep, LocalAlloc, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, ResetEvent, FreeLibrary, CreateProcessW, GetStartupInfoW, GetLastError, GetProcAddress, LoadLibraryW, EscapeCommFunction, WaitForSingleObject, SetEvent, CreateFileW, CloseHandle, GetCommModemStatus, WaitForMultipleObjects, WaitCommEvent, CreateEventW, SetCommMask
> NETAPI32.dll: NetMessageBufferSend
> USER32.dll: ExitWindowsEx
> POWRPROF.dll: SetSuspendState, IsPwrHibernateAllowed, GetPwrCapabilities
> ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize

( 0 exports )

RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: UPS Service
original name: ups.exe
internal name: ups.exe
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Tak ještě jednou:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.