sekání videa

[Rudy]

OK.

[martin06]

Zde je log.


vComboFix 12-05-20.06 - ZEUS 20.05.2012 19:44:51.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1125 [GMT 2:00]
Spuštěný z: c:\documents and settings\ZEUS\Dokumenty\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\mndosnet.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-20 do 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-19 10:41 . 2012-05-19 10:41 -------- d-----w- c:\program files\Microsoft
2012-05-19 10:39 . 2012-05-19 10:39 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-17 21:04 . 2012-05-17 21:04 -------- d-----w- c:\windows\system32\Adobe
2012-05-17 20:47 . 2012-05-17 20:48 -------- d-----w- c:\documents and settings\UpdatusUser.ZEUS-956B0D9B23
2012-05-17 20:19 . 2012-05-17 20:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 20:19 . 2012-05-17 20:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 17:59 . 2012-05-13 18:01 -------- d-----w- c:\windows\vf_hip
2012-04-30 09:11 . 2012-04-30 09:21 -------- d-----w- C:\SHOCKWAVE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 15:40 . 2011-10-27 15:25 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 15:40 . 2011-10-27 15:25 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-12 17:58 . 2012-04-12 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-12 17:58 . 2011-10-24 15:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-17 13:44 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-17 13:45 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\UC.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\RAR.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\LHA.PIF
2012-03-09 06:57 . 2012-03-10 20:31 545 ----a-w- c:\windows\ARJ.PIF
2012-03-07 12:01 . 2012-03-03 14:25 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL
2012-03-01 01:14 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:14 . 2004-08-17 13:49 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:14 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:14 . 2004-08-17 13:49 17408 ------w- c:\windows\system32\corpol.dll
2012-02-29 23:58 . 2011-10-23 12:31 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2011-10-23 12:31 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-10-23 12:31 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2011-10-23 12:31 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2011-10-23 12:31 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2011-10-23 12:31 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2011-10-23 12:31 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2011-10-23 12:31 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2011-10-23 12:31 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2011-10-23 12:31 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58 . 2011-10-23 12:31 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 21:15 . 2011-10-23 12:32 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2011-10-23 12:32 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2011-10-23 12:32 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2011-10-23 12:32 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2011-10-23 12:32 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2011-10-23 12:32 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2011-10-23 12:32 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2011-10-23 12:32 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2011-10-23 12:32 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2011-10-23 12:32 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2011-10-23 12:32 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2011-10-23 12:32 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2011-10-23 12:32 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2011-10-23 12:32 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2011-10-23 12:32 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2011-10-23 12:32 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2011-10-23 12:32 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2011-10-23 12:32 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2011-10-23 12:32 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2011-10-23 12:32 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2011-10-23 12:32 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2011-10-23 12:32 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2011-10-23 12:32 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2011-10-23 12:32 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2011-10-23 12:32 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2011-10-23 12:32 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2011-10-23 12:32 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2011-10-23 12:32 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2011-10-23 12:32 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2011-10-23 12:32 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2011-10-23 12:32 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2011-10-23 12:32 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2011-10-23 12:32 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 14:10 . 2004-08-17 13:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-17 13:49 148480 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-23 12:48 136176 ----atw- c:\documents and settings\ZEUS\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-23 15:47 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\cocacola92\\counter-strike\\hl.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27.10.2011 17:25 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.10.2011 12:52 232512]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.10.2011 17:25 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.12.2011 19:37 21992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [17.5.2012 22:47 2348352]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13.2.2012 21:19 240408]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13.2.2012 21:19 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.5.2012 22:19 257696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BBSVC
*NewlyCreated* - BBUPDATE
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:19]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{4469DEF7-CE64-4CCC-980E-8B3E0F992380}: NameServer = 213.168.176.3
TCP: Interfaces\{99C3E7FA-B043-4484-9CA8-306CC13AC407}: NameServer = 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-05-20 19:52:11
ComboFix-quarantined-files.txt 2012-05-20 17:52
.
Před spuštěním: Volných bajtů: 32 634 474 496
Po spuštění: Volných bajtů: 33 730 183 168
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7E810037564E2259D16840303B8A2E2F

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Microsoft\BingBar

Driver::
BBUpdate
BBSvc

Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[martin06]

Momentálně jsem v práci, takže se na to vrhnu jakmile přijedu domu, tj kolem 19. hodiny.
Díky

[Rudy]

OK.