prosim o kontrolu logu

Zpráva

Loquesco · #1 Příspěvek od **Loquesco** » 22 srp 2011 16:55

Prosim o kontrolu logu, pritelkyne si na FB poridila nejakeho noveho mazlicka jmenem koobface, dekuji

ComboFix 11-08-22.03 - kubík 2011-08-22 17:31:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2039.1596 [GMT 2:00]
Spuštěný z: d:\dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\kubík\Recent\Thumbs.db
e:\windows\btc_client_iplist.txt
e:\windows\front_ip_list.txt
e:\windows\geoiplist
e:\windows\geoiplist.rar
e:\windows\iecheck_iplist.txt
e:\windows\info1
e:\windows\iplist.txt
e:\windows\loader2.exe_ok
e:\windows\phoenix
e:\windows\phoenix.rar
e:\windows\phoenix\kernels\phatk\__init__.py
e:\windows\phoenix\kernels\phatk\__init__.pyc
e:\windows\phoenix\kernels\phatk\BFIPatcher.py
e:\windows\phoenix\kernels\phatk\kernel.cl
e:\windows\phoenix\kernels\poclbm\__init__.py
e:\windows\phoenix\kernels\poclbm\__init__.pyc
e:\windows\phoenix\kernels\poclbm\BFIPatcher.py
e:\windows\phoenix\kernels\poclbm\kernel.cl
e:\windows\phoenix\phoenix.exe
e:\windows\proc_list1.log
e:\windows\rpcminer
e:\windows\rpcminer.rar
e:\windows\rpcminer\bitcoinminercuda_10.cubin
e:\windows\rpcminer\bitcoinminercuda_11.cubin
e:\windows\rpcminer\bitcoinminercuda_20.cubin
e:\windows\rpcminer\bitcoinmineropencl.cl
e:\windows\rpcminer\cudart32_32_16.dll
e:\windows\rpcminer\curllib.dll
e:\windows\rpcminer\libeay32.dll
e:\windows\rpcminer\libsasl.dll
e:\windows\rpcminer\openldap.dll
e:\windows\rpcminer\rpcminer-4way.exe
e:\windows\rpcminer\rpcminer-cpu.exe
e:\windows\rpcminer\rpcminer-cuda.exe
e:\windows\rpcminer\rpcminer-opencl.exe
e:\windows\rpcminer\ssleay32.dll
e:\windows\services32.exe
e:\windows\system32\drivers\etc\HSTS~1
e:\windows\systemup.exe
e:\windows\TEMP\5955748.exe
e:\windows\TEMP\7789470.exe
e:\windows\TEMP\96810358-loader2.exe
e:\windows\ufa.rar
e:\windows\update.1
e:\windows\update.1\svchost.exe
e:\windows\update.2
e:\windows\update.2\svchost.exe
e:\windows\update.5.0
e:\windows\update.5.0\svchost.exe
e:\windows\update.tray-2-0\svchost.exe
e:\windows\update.tray-3-0\svchost.exe
e:\windows\winlog-dirs.txt
e:\windows\winlog-ids.txt
e:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 15:04 . 2011-08-22 15:04 102400 ----a-w- e:\windows\RegBootClean.exe
2011-08-19 19:23 . 2011-08-19 19:23 -------- d-----w- e:\documents and settings\Administrator
2011-08-19 17:22 . 2011-08-22 15:14 -------- d-----w- e:\windows\ufa
2011-08-19 17:20 . 2011-08-22 15:35 -------- d--h--w- e:\windows\update.tray-2-0
2011-08-19 17:20 . 2011-08-19 17:20 -------- d--h--w- e:\windows\update.tray-2-0-lnk
2011-08-19 16:36 . 2008-01-07 12:29 352 ---ha-w- e:\windows\nod32fixtemdono.reg
2011-08-19 16:10 . 2011-08-19 16:10 -------- d-----w- e:\windows\system32\wbem\Repository
2011-08-19 15:49 . 2011-08-19 15:49 -------- d-s---w- e:\documents and settings\LocalService\Oblíbené položky
2011-08-19 15:49 . 2011-08-19 15:49 -------- d-----w- e:\documents and settings\LocalService\IETldCache
2011-08-19 15:37 . 2011-08-19 16:11 -------- d-----w- e:\windows\update.7.1
2011-08-19 08:29 . 2011-08-22 15:14 246272 ----a-w- e:\windows\unrar.exe
2011-08-19 08:28 . 2011-08-19 17:21 -------- d-----w- e:\windows\av_ico
2011-08-19 08:26 . 2011-08-22 15:35 -------- d--h--w- e:\windows\update.tray-3-0
2011-08-19 08:26 . 2011-08-19 08:26 -------- d--h--w- e:\windows\update.tray-3-0-lnk
2011-08-19 08:15 . 2011-08-19 08:15 -------- d-----w- e:\documents and settings\LocalService\Nabídka Start
2011-08-12 21:59 . 2011-08-12 22:22 -------- d-----w- e:\documents and settings\kubík\Data aplikací\YoWindow
2011-08-12 21:59 . 2011-08-12 21:59 -------- d-----w- e:\documents and settings\All Users\Data aplikací\YoWindow
2011-08-12 21:58 . 2011-08-12 21:59 -------- d-----w- e:\program files\YoWindow
2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- e:\windows\system32\SDA
2011-08-03 16:10 . 2011-08-22 15:24 -------- d-----r- e:\program files\Skype
2011-08-01 14:36 . 2011-08-01 14:39 -------- d-----w- e:\program files\Google
2011-07-29 22:20 . 2011-07-29 22:20 -------- d-----w- e:\windows\Application Data
2011-07-29 22:19 . 1998-02-06 19:37 299520 ----a-w- e:\windows\uninst.exe
2011-07-29 22:19 . 2011-07-29 22:19 -------- d-----w- e:\documents and settings\kubík\WINDOWS
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- e:\windows\system32\yowindow.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 17:01 . 2011-05-20 20:46 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR4.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR3.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1712128 ----a-w- e:\program files\TRNTHR1.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR2.DLL
2011-01-29 23:05 . 2011-01-29 23:01 2641972 ----a-w- e:\program files\TRNCOM.DLL
2011-01-29 23:05 . 2011-01-29 23:01 360448 ----a-w- e:\program files\tx4ole14.ocx
2011-01-29 23:05 . 2011-01-29 23:04 573440 ----a-w- e:\program files\C4DLL325.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr4.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr3.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr2.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1712128 ----a-w- e:\program files\TrnThr1.DL_
2011-01-29 23:05 . 2011-01-29 23:04 790579 ----a-w- e:\program files\WEBIEg.DL_
2011-01-29 23:05 . 2011-01-29 23:04 786483 ----a-w- e:\program files\WEBIEa.DL_
2011-01-29 23:05 . 2011-01-29 23:04 2527284 ----a-w- e:\program files\TRNCOMg.DL_
2011-01-29 23:05 . 2011-01-29 23:04 2527284 ----a-w- e:\program files\TRNCOMa.DL_
2011-01-29 23:05 . 2011-01-29 23:00 798771 ----a-w- e:\program files\WEBIE.DL_
2011-01-29 23:05 . 2011-01-29 23:00 2641972 ----a-w- e:\program files\TRNCOM.DL_
2011-01-29 23:05 . 2011-01-29 23:00 5201920 ----a-w- e:\program files\WTRAN32.EXE
2011-01-29 23:05 . 2011-01-29 22:59 3366912 ----a-w- e:\program files\WDICT32.EXE
2011-01-29 23:05 . 2011-01-29 23:00 942080 ----a-w- e:\program files\WTRAN32c.dll
2011-01-29 23:05 . 2011-01-29 23:00 847872 ----a-w- e:\program files\WDICT32c.dll
2011-01-29 23:01 . 2011-01-29 23:01 1466368 ----a-w- e:\program files\trnexe.exe
2011-01-29 23:01 . 2011-01-29 23:01 188416 ----a-w- e:\program files\trnprg.exe
2011-01-29 23:01 . 2011-01-29 23:01 1056768 ----a-w- e:\program files\TX14_DOX.DLL
2011-01-29 23:01 . 2011-01-29 23:01 65536 ----a-w- e:\program files\TX14_WND.DLL
2011-01-29 23:01 . 2011-01-29 23:01 131072 ----a-w- e:\program files\TX14_IC.DLL
2011-01-29 23:01 . 2011-01-29 23:01 385024 ----a-w- e:\program files\TX14_XML.DLL
2011-01-29 23:01 . 2011-01-29 23:01 327680 ----a-w- e:\program files\TX14_OBJ.DLL
2011-01-29 23:01 . 2011-01-29 23:01 217088 ----a-w- e:\program files\TX14_TLS.DLL
2011-01-29 23:01 . 2011-01-29 23:01 557056 ----a-w- e:\program files\TX14_RTF.DLL
2011-01-29 23:01 . 2011-01-29 23:01 331776 ----a-w- e:\program files\TX14_CSS.DLL
2011-01-29 23:01 . 2011-01-29 23:01 249856 ----a-w- e:\program files\TX14_HTM.DLL
2011-01-29 23:01 . 2011-01-29 23:01 765952 ----a-w- e:\program files\TX14.DLL
2011-01-29 23:01 . 2011-01-29 23:01 618496 ----a-w- e:\program files\TX14_PDF.DLL
2011-01-29 23:01 . 2011-01-29 23:01 667648 ----a-w- e:\program files\TX14_DOC.DLL
2011-01-29 23:01 . 2011-01-29 23:01 360448 ----a-w- e:\program files\TX4ole14.oc_
2011-01-29 23:01 . 2011-01-29 23:01 73728 ----a-w- e:\program files\TX14_tif.flt
2011-01-29 23:01 . 2011-01-29 23:01 53248 ----a-w- e:\program files\TX14_wmf.flt
2011-01-29 23:01 . 2011-01-29 23:01 57344 ----a-w- e:\program files\TX14_gif.flt
2011-01-29 23:01 . 2011-01-29 23:01 253952 ----a-w- e:\program files\TX14_png.flt
2011-01-29 23:01 . 2011-01-29 23:01 200704 ----a-w- e:\program files\TX14_jpg.flt
2011-01-29 23:01 . 2011-01-29 23:01 61440 ----a-w- e:\program files\TX14_bmp.flt
2011-01-29 23:01 . 2011-01-29 23:01 1675264 ----a-w- e:\program files\WtrTMX.dll
2011-01-29 23:01 . 2011-01-29 23:01 581632 ----a-w- e:\program files\MAILTRAN.EXE
2011-01-29 23:00 . 2011-01-29 23:00 62464 ----a-w- e:\program files\WRITE32.WPC
2011-01-29 23:00 . 2011-01-29 23:00 164352 ----a-w- e:\program files\MSWD6_32.WPC
2011-01-29 23:00 . 2011-01-29 23:00 98304 ----a-w- e:\program files\MAILTRANc.DLL
2011-01-29 23:00 . 2011-01-29 23:00 356352 ----a-w- e:\program files\TRNOUTL.DL_
2011-01-29 23:00 . 2011-01-29 23:00 299008 ----a-w- e:\program files\TRNWORD.DL_
2011-01-29 23:00 . 2011-01-29 23:00 57344 ----a-w- e:\program files\WDCTM32c.DLL
2011-01-29 23:00 . 2011-01-29 23:00 244224 ----a-w- e:\program files\WEN.DLL
2011-01-29 23:00 . 2011-01-29 23:00 548864 ----a-w- e:\program files\C4DLL323.DLL
2011-01-29 23:00 . 2011-01-29 23:00 274480 ----a-w- e:\program files\OGGC.DLL
2011-01-29 23:00 . 2011-01-29 23:00 11264 ----a-w- e:\program files\WWWHOOK.DLL
2011-01-29 23:00 . 2011-01-29 23:00 1946624 ----a-w- e:\program files\cnxfdg1en.dll
2011-01-29 23:00 . 2011-01-29 23:00 40960 ----a-w- e:\program files\TRNConfigC.DLL
2011-01-29 23:00 . 2011-01-29 23:00 246424 ----a-w- e:\program files\UNICOWS.DLL
2011-01-29 23:00 . 2011-01-29 23:00 200704 ----a-w- e:\program files\TRNOET.DL_
2011-01-29 23:00 . 2011-01-29 23:00 69632 ----a-w- e:\program files\ATL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 45056 ----a-w- e:\program files\TRNOEH.DL_
2011-01-29 23:00 . 2011-01-29 23:00 249856 ----a-w- e:\program files\CLIPDLL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 241664 ----a-w- e:\program files\C4COM.DLL
2011-01-29 23:00 . 2011-01-29 23:00 348160 ----a-w- e:\program files\MSVCR71.DLL
2011-01-29 23:00 . 2011-01-29 23:00 225280 ----a-w- e:\program files\POLSPELL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 155648 ----a-w- e:\program files\AutoCorrectDLL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 57344 ----a-w- e:\program files\ZLIB.DLL
2011-01-29 23:00 . 2011-01-29 23:00 327680 ----a-w- e:\program files\CAGENT.DLL
2011-01-29 23:00 . 2011-01-29 23:00 1060864 ----a-w- e:\program files\MFC71.DLL
2011-01-29 23:00 . 2011-01-29 23:00 174352 ----a-w- e:\program files\RICHED32.DLL
2011-01-29 23:00 . 2011-01-29 23:00 244736 ----a-w- e:\program files\C4DLL320.DLL
2011-01-29 23:00 . 2011-01-29 23:00 103936 ----a-w- e:\program files\CDV32.DLL
2011-01-29 23:00 . 2011-01-29 23:00 209920 ----a-w- e:\program files\SETUPWEB.EXE
2011-01-29 23:00 . 2011-01-29 23:00 209920 ----a-w- e:\program files\TRNConfig.exe
2011-01-29 23:00 . 2011-01-29 23:00 26624 ----a-w- e:\program files\OETRN.EX_
2011-01-29 23:00 . 2011-01-29 23:00 581120 ----a-w- e:\program files\WTRDCTM.EXE
2011-01-29 22:59 . 2011-01-29 22:59 243712 ----a-w- e:\program files\TRNIKONY.EXE
2011-08-17 20:58 . 2011-03-22 18:37 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . e:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . e:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . e:\windows\regedit.exe
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\regedit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 16143872]
"IntelZeroConfig"="e:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="e:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55 35736 ----a-w- e:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 14:35 202024 ----a-w- e:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- e:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- e:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-27 07:21 136176 ----atw- e:\documents and settings\kubík\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- e:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- e:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51 1836328 ----a-w- e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- e:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- e:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- e:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Dokumenty\\Downloads\\Flash-Player.exe"=
.
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
S3 gupdatem;Služba Google Update (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-30 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-08-22 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:36]
.
2011-08-22 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://pruzkumnik.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.1.1.1 192.168.0.1
FF - ProfilePath - e:\documents and settings\kubík\Data aplikací\Mozilla\Firefox\Profiles\m6099wc2.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-wxpdrv - e:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - e:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico1 - e:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-systemup - e:\windows\systemup.exe
MSConfigStartUp-1566323 - e:\docume~1\KUBK~1\LOCALS~1\Temp\1566323.exe
MSConfigStartUp-5955748 - e:\windows\TEMP\5955748.exe
MSConfigStartUp-7789470 - e:\windows\TEMP\7789470.exe
MSConfigStartUp-96810358-loader2 - e:\windows\TEMP\96810358-loader2.exe
MSConfigStartUp-9879423 - e:\windows\TEMP\9879423.exe
MSConfigStartUp-egui - e:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-l1rezerv - e:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - e:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - e:\windows\sysdriver32_.exe
MSConfigStartUp-tray_ico0 - e:\windows\update.tray-2-0\svchost.exe
MSConfigStartUp-tray_ico1 - e:\windows\update.tray-3-0\svchost.exe
AddRemove-Download-Manager - e:\program files\Download Manager\uninstall.exe
AddRemove-NOD32 v3.x FiX 1.1 by TemDono_is1 - e:\program files\ESET\ESET NOD32 Antivirus\unins000.exe
AddRemove-PC Translator - e:\docume~1\KUBK~1\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 17:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
"ImagePath"=" srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1580436667-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84596DCF-1EA3-4334-517B-8BDC5AA35BA7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2852)
e:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
e:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
e:\windows\system32\ntshrui.dll
e:\windows\system32\NETSHELL.dll
e:\windows\system32\credui.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\Intel\Wireless\Bin\EvtEng.exe
e:\program files\Intel\Wireless\Bin\S24EvMon.exe
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
e:\windows\system32\HPZipm12.exe
e:\program files\Intel\Wireless\Bin\RegSrvc.exe
e:\windows\system32\wscntfy.exe
e:\windows\RTHDCPL.EXE
e:\program files\Synaptics\SynTP\SynToshiba.exe
e:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
e:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 17:39:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 15:39
.
Před spuštěním: Volných bajtů: 14,230,597,632
Po spuštění: Volných bajtů: 14,916,685,824
.
- - End Of File - - 62BABFFBFF35F0E737C0E7945D80CE93

#2 Příspěvek od **vyosek** » 22 srp 2011 17:05

Zdravim a pekny den preji

vy umite pracovat s ComboFixem

Lustit jeho logy a cistit je pomoci skriptu nasledne

Co udelame s tim nelegalnim NODem

Loquesco · #3 Příspěvek od **Loquesco** » 22 srp 2011 17:22

Neumim, s tim, ja jsem spise takovy samouk,systemem - pokus omyl nahoda.
Na reinstalaci pocitac posilam kamaradovi, ale ten vecne nema cas.

#4 Příspěvek od **vyosek** » 22 srp 2011 17:24

Taky se mohlo stat, ze ten PC mohl jit na reinstal - vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

No a co s tim cracknutym NODem

Nebo se mylim a mate na nej licenci koupenou

Loquesco · #5 Příspěvek od **Loquesco** » 22 srp 2011 17:36

Nod by mel byt smazan, neslo s nim nic delat a combofix hlasil neco ze muze dojit k poskozeni pocitace, ze mam vypnout rezidencni ochranu ci co a tak sem ho odinstaloval, mozna spatne, mozna je jen neco videt v registru, v tomhle se neorientuju. Je snad nejaky bezplatny antivir nebo neco na ten zpusob, pac v temhle cas jsem trosku vycinkany z penez a nemuzu si momentalne dovolit schanet nejakou placenou verzi antiviru. Jak jsem jiz psal o reinstal a vse co je nainstalovano v PC se mi stara kamarad, ja mu jen odevzdam pocitac at mi to reinstaluje a postara se o prehravace a update atp co budu pro spravu videa fotek a nejake to brouzdani na internetu potrebovat

#6 Příspěvek od **vyosek** » 22 srp 2011 17:40

Kamarada bych kopl, cracknout antivir je jako zamknout byt a nechat otevrene okno. Po ukonceni leceni tam dame nejaky free, existuje jich hodne a i kvalitnejsich nez NOD

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Loquesco · #7 Příspěvek od **Loquesco** » 22 srp 2011 17:50

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kubík [Admin rights]
Mode: Remove -- Date : 08/22/2011 18:49:42

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

Loquesco · #8 Příspěvek od **Loquesco** » 22 srp 2011 17:51

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kubík [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 18:50:45

Bad processes: 0

HOSTS File:
127.0.0.1 localhost

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Loquesco · #9 Příspěvek od **Loquesco** » 22 srp 2011 17:51

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: kubík [Admin rights]
Mode: ProxyFix -- Date : 08/22/2011 18:51:11

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#10 Příspěvek od **vyosek** » 22 srp 2011 18:04

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLockDel::
[HKEY_USERS\S-1-5-21-1214440339-1580436667-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84596DCF-1EA3-4334-517B-8BDC5AA35BA7}*]

Driver::
srv
gupdate
gupdatem

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Dokumenty\\Downloads\\Flash-Player.exe"=-
"d:\Dokumenty\Downloads\Flash-Player.exe"=-

Restore::
e:\windows\explorer.exe
e:\windows\regedit.exe

Mia::
e:\windows\explorer.exe
e:\windows\regedit.exe

SRPeek::
e:\windows\explorer.exe
e:\windows\regedit.exe

Collect::
e:\windows\nod32fixtemdono.reg
d:\Dokumenty\Downloads\Flash-Player.exe

Folder::
e:\windows\ufa
e:\windows\update.tray-2-0
e:\windows\update.tray-2-0-lnk
e:\windows\update.7.1
e:\windows\av_ico
e:\windows\update.tray-3-0
e:\windows\update.tray-3-0-lnk


File::
e:\windows\RegBootClean.exe
e:\windows\unrar.exe

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Loquesco · #11 Příspěvek od **Loquesco** » 22 srp 2011 18:21

ComboFix 11-08-22.03 - kubík 2011-08-22 19:12:17.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2039.1594 [GMT 2:00]
Spuštěný z: e:\documents and settings\kubík\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\kubík\Plocha\CFScript.txt
.
FILE ::
"e:\windows\RegBootClean.exe"
"e:\windows\unrar.exe"
.
file zipped: d:\dokumenty\Downloads\Flash-Player.exe
file zipped: e:\windows\nod32fixtemdono.reg
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\dokumenty\Downloads\Flash-Player.exe
e:\windows\av_ico
e:\windows\av_ico\ico_NOD_AV_START.ico
e:\windows\av_ico\ico_NOD_SS_START.ico
e:\windows\av_ico\ico_NOD_SYSINSP.ico
e:\windows\av_ico\ico_NOD_SYSRESC.ico
e:\windows\av_ico\ico_NOD_TXT.ico
e:\windows\av_ico\ico_NOD_UNINSTALL.ico
e:\windows\nod32fixtemdono.reg
e:\windows\RegBootClean.exe
e:\windows\ufa
e:\windows\ufa\ufa.exe
e:\windows\unrar.exe
e:\windows\update.7.1
e:\windows\update.tray-2-0-lnk
e:\windows\update.tray-2-0-lnk\svchost.exe
e:\windows\update.tray-2-0
e:\windows\update.tray-3-0-lnk
e:\windows\update.tray-3-0-lnk\svchost.exe
e:\windows\update.tray-3-0
.
e:\windows\explorer.exe . . . je infikován!!
.
e:\windows\regedit.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_SRV
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_Srv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-19 19:23 . 2011-08-19 19:23 -------- d-----w- e:\documents and settings\Administrator
2011-08-19 16:10 . 2011-08-19 16:10 -------- d-----w- e:\windows\system32\wbem\Repository
2011-08-19 15:49 . 2011-08-19 15:49 -------- d-s---w- e:\documents and settings\LocalService\Oblíbené položky
2011-08-19 15:49 . 2011-08-19 15:49 -------- d-----w- e:\documents and settings\LocalService\IETldCache
2011-08-19 08:15 . 2011-08-19 08:15 -------- d-----w- e:\documents and settings\LocalService\Nabídka Start
2011-08-12 21:59 . 2011-08-12 22:22 -------- d-----w- e:\documents and settings\kubík\Data aplikací\YoWindow
2011-08-12 21:59 . 2011-08-12 21:59 -------- d-----w- e:\documents and settings\All Users\Data aplikací\YoWindow
2011-08-12 21:58 . 2011-08-12 21:59 -------- d-----w- e:\program files\YoWindow
2011-08-05 17:18 . 2011-08-05 17:18 -------- d-----w- e:\windows\system32\SDA
2011-08-03 16:10 . 2011-08-22 15:24 -------- d-----r- e:\program files\Skype
2011-08-01 14:36 . 2011-08-01 14:39 -------- d-----w- e:\program files\Google
2011-07-29 22:20 . 2011-07-29 22:20 -------- d-----w- e:\windows\Application Data
2011-07-29 22:19 . 1998-02-06 19:37 299520 ----a-w- e:\windows\uninst.exe
2011-07-29 22:19 . 2011-07-29 22:19 -------- d-----w- e:\documents and settings\kubík\WINDOWS
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- e:\windows\system32\yowindow.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 17:01 . 2011-05-20 20:46 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR4.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR3.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1712128 ----a-w- e:\program files\TRNTHR1.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TRNTHR2.DLL
2011-01-29 23:05 . 2011-01-29 23:01 2641972 ----a-w- e:\program files\TRNCOM.DLL
2011-01-29 23:05 . 2011-01-29 23:01 360448 ----a-w- e:\program files\tx4ole14.ocx
2011-01-29 23:05 . 2011-01-29 23:04 573440 ----a-w- e:\program files\C4DLL325.DLL
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr4.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr3.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1654784 ----a-w- e:\program files\TrnThr2.DL_
2011-01-29 23:05 . 2011-01-29 23:04 1712128 ----a-w- e:\program files\TrnThr1.DL_
2011-01-29 23:05 . 2011-01-29 23:04 790579 ----a-w- e:\program files\WEBIEg.DL_
2011-01-29 23:05 . 2011-01-29 23:04 786483 ----a-w- e:\program files\WEBIEa.DL_
2011-01-29 23:05 . 2011-01-29 23:04 2527284 ----a-w- e:\program files\TRNCOMg.DL_
2011-01-29 23:05 . 2011-01-29 23:04 2527284 ----a-w- e:\program files\TRNCOMa.DL_
2011-01-29 23:05 . 2011-01-29 23:00 798771 ----a-w- e:\program files\WEBIE.DL_
2011-01-29 23:05 . 2011-01-29 23:00 2641972 ----a-w- e:\program files\TRNCOM.DL_
2011-01-29 23:05 . 2011-01-29 23:00 5201920 ----a-w- e:\program files\WTRAN32.EXE
2011-01-29 23:05 . 2011-01-29 22:59 3366912 ----a-w- e:\program files\WDICT32.EXE
2011-01-29 23:05 . 2011-01-29 23:00 942080 ----a-w- e:\program files\WTRAN32c.dll
2011-01-29 23:05 . 2011-01-29 23:00 847872 ----a-w- e:\program files\WDICT32c.dll
2011-01-29 23:01 . 2011-01-29 23:01 1466368 ----a-w- e:\program files\trnexe.exe
2011-01-29 23:01 . 2011-01-29 23:01 188416 ----a-w- e:\program files\trnprg.exe
2011-01-29 23:01 . 2011-01-29 23:01 1056768 ----a-w- e:\program files\TX14_DOX.DLL
2011-01-29 23:01 . 2011-01-29 23:01 65536 ----a-w- e:\program files\TX14_WND.DLL
2011-01-29 23:01 . 2011-01-29 23:01 131072 ----a-w- e:\program files\TX14_IC.DLL
2011-01-29 23:01 . 2011-01-29 23:01 385024 ----a-w- e:\program files\TX14_XML.DLL
2011-01-29 23:01 . 2011-01-29 23:01 327680 ----a-w- e:\program files\TX14_OBJ.DLL
2011-01-29 23:01 . 2011-01-29 23:01 217088 ----a-w- e:\program files\TX14_TLS.DLL
2011-01-29 23:01 . 2011-01-29 23:01 557056 ----a-w- e:\program files\TX14_RTF.DLL
2011-01-29 23:01 . 2011-01-29 23:01 331776 ----a-w- e:\program files\TX14_CSS.DLL
2011-01-29 23:01 . 2011-01-29 23:01 249856 ----a-w- e:\program files\TX14_HTM.DLL
2011-01-29 23:01 . 2011-01-29 23:01 765952 ----a-w- e:\program files\TX14.DLL
2011-01-29 23:01 . 2011-01-29 23:01 618496 ----a-w- e:\program files\TX14_PDF.DLL
2011-01-29 23:01 . 2011-01-29 23:01 667648 ----a-w- e:\program files\TX14_DOC.DLL
2011-01-29 23:01 . 2011-01-29 23:01 360448 ----a-w- e:\program files\TX4ole14.oc_
2011-01-29 23:01 . 2011-01-29 23:01 73728 ----a-w- e:\program files\TX14_tif.flt
2011-01-29 23:01 . 2011-01-29 23:01 53248 ----a-w- e:\program files\TX14_wmf.flt
2011-01-29 23:01 . 2011-01-29 23:01 57344 ----a-w- e:\program files\TX14_gif.flt
2011-01-29 23:01 . 2011-01-29 23:01 253952 ----a-w- e:\program files\TX14_png.flt
2011-01-29 23:01 . 2011-01-29 23:01 200704 ----a-w- e:\program files\TX14_jpg.flt
2011-01-29 23:01 . 2011-01-29 23:01 61440 ----a-w- e:\program files\TX14_bmp.flt
2011-01-29 23:01 . 2011-01-29 23:01 1675264 ----a-w- e:\program files\WtrTMX.dll
2011-01-29 23:01 . 2011-01-29 23:01 581632 ----a-w- e:\program files\MAILTRAN.EXE
2011-01-29 23:00 . 2011-01-29 23:00 62464 ----a-w- e:\program files\WRITE32.WPC
2011-01-29 23:00 . 2011-01-29 23:00 164352 ----a-w- e:\program files\MSWD6_32.WPC
2011-01-29 23:00 . 2011-01-29 23:00 98304 ----a-w- e:\program files\MAILTRANc.DLL
2011-01-29 23:00 . 2011-01-29 23:00 356352 ----a-w- e:\program files\TRNOUTL.DL_
2011-01-29 23:00 . 2011-01-29 23:00 299008 ----a-w- e:\program files\TRNWORD.DL_
2011-01-29 23:00 . 2011-01-29 23:00 57344 ----a-w- e:\program files\WDCTM32c.DLL
2011-01-29 23:00 . 2011-01-29 23:00 244224 ----a-w- e:\program files\WEN.DLL
2011-01-29 23:00 . 2011-01-29 23:00 548864 ----a-w- e:\program files\C4DLL323.DLL
2011-01-29 23:00 . 2011-01-29 23:00 274480 ----a-w- e:\program files\OGGC.DLL
2011-01-29 23:00 . 2011-01-29 23:00 11264 ----a-w- e:\program files\WWWHOOK.DLL
2011-01-29 23:00 . 2011-01-29 23:00 1946624 ----a-w- e:\program files\cnxfdg1en.dll
2011-01-29 23:00 . 2011-01-29 23:00 40960 ----a-w- e:\program files\TRNConfigC.DLL
2011-01-29 23:00 . 2011-01-29 23:00 246424 ----a-w- e:\program files\UNICOWS.DLL
2011-01-29 23:00 . 2011-01-29 23:00 200704 ----a-w- e:\program files\TRNOET.DL_
2011-01-29 23:00 . 2011-01-29 23:00 69632 ----a-w- e:\program files\ATL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 45056 ----a-w- e:\program files\TRNOEH.DL_
2011-01-29 23:00 . 2011-01-29 23:00 249856 ----a-w- e:\program files\CLIPDLL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 241664 ----a-w- e:\program files\C4COM.DLL
2011-01-29 23:00 . 2011-01-29 23:00 348160 ----a-w- e:\program files\MSVCR71.DLL
2011-01-29 23:00 . 2011-01-29 23:00 225280 ----a-w- e:\program files\POLSPELL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 155648 ----a-w- e:\program files\AutoCorrectDLL.DLL
2011-01-29 23:00 . 2011-01-29 23:00 57344 ----a-w- e:\program files\ZLIB.DLL
2011-01-29 23:00 . 2011-01-29 23:00 327680 ----a-w- e:\program files\CAGENT.DLL
2011-01-29 23:00 . 2011-01-29 23:00 1060864 ----a-w- e:\program files\MFC71.DLL
2011-01-29 23:00 . 2011-01-29 23:00 174352 ----a-w- e:\program files\RICHED32.DLL
2011-01-29 23:00 . 2011-01-29 23:00 244736 ----a-w- e:\program files\C4DLL320.DLL
2011-01-29 23:00 . 2011-01-29 23:00 103936 ----a-w- e:\program files\CDV32.DLL
2011-01-29 23:00 . 2011-01-29 23:00 209920 ----a-w- e:\program files\SETUPWEB.EXE
2011-01-29 23:00 . 2011-01-29 23:00 209920 ----a-w- e:\program files\TRNConfig.exe
2011-01-29 23:00 . 2011-01-29 23:00 26624 ----a-w- e:\program files\OETRN.EX_
2011-01-29 23:00 . 2011-01-29 23:00 581120 ----a-w- e:\program files\WTRDCTM.EXE
2011-01-29 22:59 . 2011-01-29 22:59 243712 ----a-w- e:\program files\TRNIKONY.EXE
2011-08-17 20:58 . 2011-03-22 18:37 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . e:\windows\explorer.exe
.
[-] 2008-04-14 . ED69B3B6CD23D1D00815D5F70D517E01 . 225792 . . [5.1.2600.5512] . . e:\windows\regedit.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_15.37.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-22 17:16 . 2011-08-22 17:16 16384 e:\windows\temp\Perflib_Perfdata_8c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 16143872]
"IntelZeroConfig"="e:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="e:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- e:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- e:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- e:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
S3 CFcatchme;CFcatchme;\??\e:\docume~1\KUBK~1\LOCALS~1\Temp\CFcatchme.sys --> e:\docume~1\KUBK~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-30 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-08-22 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:36]
.
2011-08-22 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://pruzkumnik.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - e:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.1.1.1 192.168.0.1
FF - ProfilePath - e:\documents and settings\kubík\Data aplikací\Mozilla\Firefox\Profiles\m6099wc2.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 19:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
"ImagePath"=" srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1580436667-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{84596DCF-1EA3-4334-517B-8BDC5AA35BA7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3400)
e:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
e:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
e:\windows\system32\ntshrui.dll
e:\windows\system32\NETSHELL.dll
e:\windows\system32\credui.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\Intel\Wireless\Bin\EvtEng.exe
e:\program files\Intel\Wireless\Bin\S24EvMon.exe
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
e:\windows\RTHDCPL.EXE
e:\windows\system32\HPZipm12.exe
e:\program files\Intel\Wireless\Bin\RegSrvc.exe
e:\program files\Synaptics\SynTP\SynToshiba.exe
e:\windows\system32\wscntfy.exe
e:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
e:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-22 19:19:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 17:19
ComboFix2.txt 2011-08-22 15:39
.
Před spuštěním: Volných bajtů: 14,918,189,056
Po spuštění: Volných bajtů: 14,896,504,832
.
- - End Of File - - 45CCE9505C9FE06753D3A0E62B0B3641
Nahr nˇ probŘhlo ŁspŘçnŘ

#12 Příspěvek od **vyosek** » 22 srp 2011 18:25

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

e:\windows\explorer.exe
e:\windows\regedit.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
explorer.exe
regedit.exe
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

Loquesco · #13 Příspěvek od **Loquesco** » 22 srp 2011 18:45

Takhle?
http://www.virustotal.com/file-scan/rep ... 1314034154

http://www.virustotal.com/file-scan/rep ... 1314033769

SystemLook 30.07.11 by jpshortstuff
Log created at 19:44 on 22/08/2011 by kubík
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
E:\WINDOWS\explorer.exe --a---- 976384 bytes [00:00 01/01/1980] [12:00 14/04/2008] 13E794E5591776CBC71055A7B3CC1D5F

Searching for "regedit.exe"
E:\WINDOWS\regedit.exe ------- 225792 bytes [00:00 01/01/1980] [12:00 14/04/2008] ED69B3B6CD23D1D00815D5F70D517E01

-= EOF =-

#14 Příspěvek od **vyosek** » 22 srp 2011 18:47

Ano, jak se chova PC

Loquesco · #15 Příspěvek od **Loquesco** » 22 srp 2011 18:49

zatim v poradku

VIRY.CZ

prosim o kontrolu logu

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu