Win32/Protector.G vírus

Zpráva

Mikey2692 · #46 Příspěvek od **Mikey2692** » 18 úno 2010 20:16

a tu sú tie dva

File DNSAPI.dll received on 2010.02.18 19:14:52 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 5.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.18 -
AhnLab-V3 5.0.0.2 2010.02.18 -
AntiVir 8.2.1.170 2010.02.18 -
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3982 2010.02.18 -
DrWeb 5.0.1.12222 2010.02.18 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.17 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 -
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.18 -
Microsoft 1.5406 2010.02.18 -
NOD32 4878 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.18 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.18 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 -
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 -
TheHacker 6.5.1.4.198 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Additional information
File size: 147968 bytes
MD5...: 5d3fde8fb2801a2041d1b965372c4928
SHA1..: 3eaf6478c6f14794b05a612d845c1725757beb0b
SHA256: 4ccdc67160606acdc67b50d93f760e7c689fd3f33375dd259f35c76451acb7a8
ssdeep: 1536:umcJoPw9gaCEmeqOUM1AdkeG51l7N4TMA1p/rGnDiztRA2teprRhCI+cr15
0s2H6:u2hL+edkV1NWMA1ZrGq7AUe5CBQ0Ngf
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xac82
timedatestamp.....: 0x485bed11 (Fri Jun 20 17:46:57 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f967 0x1fa00 6.67 e57a55da01bbe1cfa738e3229fa3db4e
.data 0x21000 0x2260 0x2000 3.53 fd26a065e19bbc71910d739f831f7df2
.rsrc 0x24000 0xf68 0x1000 6.79 7504564e9ab8a5dc9656c477fb8e8449
.reloc 0x25000 0x12f4 0x1400 6.55 e8371dc8358c180a52855abc8ff055f5

( 6 imports )
> ADVAPI32.dll: CryptGenRandom, CryptReleaseContext, TraceEvent, RegisterTraceGuidsA, UnregisterTraceGuids, GetTraceLoggerHandle, OpenSCManagerW, OpenServiceW, CloseServiceHandle, ControlService, RegCreateKeyExW, RegOpenKeyExW, RegisterEventSourceW, ReportEventA, CryptAcquireContextA, DeregisterEventSource, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegOpenKeyExA, RegEnumKeyExA, RegQueryValueExW, RegCreateKeyExA, RegDeleteKeyA, RegSetValueExW
> KERNEL32.dll: WideCharToMultiByte, LocalFree, LocalReAlloc, LoadLibraryExW, GetSystemTimeAsFileTime, HeapDestroy, GetProcessHeap, LeaveCriticalSection, CloseHandle, EnterCriticalSection, WaitForSingleObject, SetEvent, HeapAlloc, HeapFree, SetLastError, GetLastError, CreateEventA, HeapCreate, PulseEvent, WaitForMultipleObjects, CreateThread, ResetEvent, LocalAlloc, InitializeCriticalSection, DeleteCriticalSection, DisableThreadLibraryCalls, ExitThread, CreateSemaphoreA, ReleaseSemaphore, GetSystemDirectoryA, GetTickCount, GetEnvironmentVariableW, GetVersionExA, GetVersion, InterlockedIncrement, InterlockedDecrement, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, Sleep, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, MultiByteToWideChar, CompareStringW, CompareStringA, LCMapStringW, DelayLoadFailureHook
> msvcrt.dll: malloc, _initterm, free, srand, rand, atoi, _snwprintf, wcstoul, wcscat, sscanf, _adjust_fdiv, _snprintf, wcschr, strncpy, wcsncpy, _strlwr, strtoul, strncmp, _strupr, sprintf, wcslen, _except_handler3, wcscpy, fopen, wcscmp, strchr, vsprintf, fputs, time, localtime, fprintf, fgets, _strnicmp, strpbrk, fclose, rewind, swprintf, _stricmp
> ntdll.dll: RtlIpv6AddressToStringA, RtlIpv6StringToAddressW, RtlIpv6StringToAddressA
> RPCRT4.dll: NdrClientCall2, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, UuidCreateSequential, RpcBindingFree, I_RpcExceptionFilter
> WS2_32.dll: -, -, -, -, WSASocketA, WSAJoinLeaf, WSAIoctl, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 160 exports )
BreakRecordsIntoBlob, CombineRecordsInBlob, DnsAcquireContextHandle_A, DnsAcquireContextHandle_W, DnsAddRecordSet_A, DnsAddRecordSet_UTF8, DnsAddRecordSet_W, DnsAllocateRecord, DnsApiAlloc, DnsApiFree, DnsApiHeapReset, DnsApiRealloc, DnsApiSetDebugGlobals, DnsAsyncRegisterHostAddrs, DnsAsyncRegisterInit, DnsAsyncRegisterTerm, DnsCopyStringEx, DnsCreateReverseNameStringForIpAddress, DnsCreateStandardDnsNameCopy, DnsCreateStringCopy, DnsDhcpSrvRegisterHostName, DnsDhcpSrvRegisterInit, DnsDhcpSrvRegisterInitialize, DnsDhcpSrvRegisterTerm, DnsDowncaseDnsNameLabel, DnsExtractRecordsFromMessage_UTF8, DnsExtractRecordsFromMessage_W, DnsFindAuthoritativeZone, DnsFlushResolverCache, DnsFlushResolverCacheEntry_A, DnsFlushResolverCacheEntry_UTF8, DnsFlushResolverCacheEntry_W, DnsFree, DnsFreeConfigStructure, DnsGetBufferLengthForStringCopy, DnsGetCacheDataTable, DnsGetDnsServerList, DnsGetDomainName, DnsGetIpAddressInfoList, DnsGetLastFailedUpdateInfo, DnsGetLocalAddrArray, DnsGetLocalAddrArrayDirect, DnsGetPrimaryDomainName_A, DnsGlobals, DnsIpv6AddressToString, DnsIpv6StringToAddress, DnsIsAMailboxType, DnsIsStatusRcode, DnsIsStringCountValidForTextType, DnsMapRcodeToStatus, DnsModifyRecordSet_A, DnsModifyRecordSet_UTF8, DnsModifyRecordSet_W, DnsModifyRecordsInSet_A, DnsModifyRecordsInSet_UTF8, DnsModifyRecordsInSet_W, DnsNameCompareEx_A, DnsNameCompareEx_UTF8, DnsNameCompareEx_W, DnsNameCompare_A, DnsNameCompare_UTF8, DnsNameCompare_W, DnsNameCopy, DnsNameCopyAllocate, DnsNotifyResolver, DnsNotifyResolverClusterIp, DnsNotifyResolverEx, DnsQueryConfig, DnsQueryConfigAllocEx, DnsQueryConfigDword, DnsQueryExA, DnsQueryExUTF8, DnsQueryExW, DnsQuery_A, DnsQuery_UTF8, DnsQuery_W, DnsRecordBuild_UTF8, DnsRecordBuild_W, DnsRecordCompare, DnsRecordCopyEx, DnsRecordListFree, DnsRecordSetCompare, DnsRecordSetCopyEx, DnsRecordSetDetach, DnsRecordStringForType, DnsRecordStringForWritableType, DnsRecordTypeForName, DnsRegisterClusterAddress, DnsReleaseContextHandle, DnsRemoveRegistrations, DnsReplaceRecordSetA, DnsReplaceRecordSetUTF8, DnsReplaceRecordSetW, DnsSetConfigDword, DnsStatusString, DnsStringCopyAllocateEx, DnsUnicodeToUtf8, DnsUpdate, DnsUpdateTest_A, DnsUpdateTest_UTF8, DnsUpdateTest_W, DnsUtf8ToUnicode, DnsValidateName_A, DnsValidateName_UTF8, DnsValidateName_W, DnsValidateUtf8Byte, DnsWriteQuestionToBuffer_UTF8, DnsWriteQuestionToBuffer_W, DnsWriteReverseNameStringForIpAddress, Dns_AddRecordsToMessage, Dns_AllocateMsgBuf, Dns_BuildPacket, Dns_CacheSocketCleanup, Dns_CacheSocketInit, Dns_CleanupWinsock, Dns_CloseConnection, Dns_CloseHostFile, Dns_CloseSocket, Dns_CreateMulticastSocket, Dns_CreateSocket, Dns_CreateSocketEx, Dns_FindAuthoritativeZoneLib, Dns_GetIpAddresses, Dns_GetLocalIpAddressArray, Dns_GetRandomXid, Dns_InitQueryTimeouts, Dns_InitializeMsgRemoteSockaddr, Dns_InitializeWinsock, Dns_OpenHostFile, Dns_OpenTcpConnectionAndSend, Dns_ParseMessage, Dns_ParsePacketRecord, Dns_PingAdapterServers, Dns_ReadHostFileLine, Dns_ReadPacketName, Dns_ReadPacketNameAllocate, Dns_ReadRecordStructureFromPacket, Dns_RecvTcp, Dns_ResetNetworkInfo, Dns_SendAndRecvUdp, Dns_SendEx, Dns_SetRecordDatalength, Dns_SkipPacketName, Dns_SkipToRecord, Dns_UpdateLib, Dns_UpdateLibEx, Dns_WriteDottedNameToPacket, Dns_WriteQuestionToMessage, Dns_WriteRecordStructureToPacketEx, GetCurrentTimeInSeconds, GetRecordsForLocalName, NetInfo_Build, NetInfo_Clean, NetInfo_Copy, NetInfo_Free, NetInfo_IsForUpdate, NetInfo_ResetServerPriorities, QueryDirectEx, Query_Main, Reg_ReadGlobalsEx
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: DNS Client API DLL
original name: dnsapi
internal name: dnsapi
file version.: 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Mikey2692 · #47 Příspěvek od **Mikey2692** » 18 úno 2010 20:20

File gdiplus.dll received on 2010.02.18 19:17:50 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.18 -
AhnLab-V3 5.0.0.2 2010.02.18 -
AntiVir 8.2.1.170 2010.02.18 -
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3982 2010.02.18 -
DrWeb 5.0.1.12222 2010.02.18 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.17 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 -
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.18 -
Microsoft 1.5406 2010.02.18 -
NOD32 4878 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.18 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.18 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 -
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 -
TheHacker 6.5.1.4.198 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Additional information
File size: 1700352 bytes
MD5...: d0aaae16ba162dd89d646887f1539855
SHA1..: 0a222f319b7712b861ef6adf0c38cc2c5a2790fa
SHA256: d84e7eb505adee8ea660f48c89705977f5eb33b7299d0bd981624e3ece320223
ssdeep: 24576:i0CiGmsJ2LC4jJmNwP+6fBUAK8C0m1DQucWM9nul/SuyZfWPP90bTv6:i0
K2L1Pjf2AKWmFcLulMZ9H
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x472cb
timedatestamp.....: 0x3b948ffc (Tue Sep 04 08:25:32 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1782a0 0x179000 6.82 24e4226c3bf56442a135b3b23b9543fb
.data 0x17a000 0xa24c 0xa000 4.50 f813568b08d1e8caba9a161104caa880
Shared 0x185000 0xdc8 0x1000 2.44 3237f20954680d5b09e277883a0ec64e
.rsrc 0x186000 0x119b8 0x12000 6.59 8664cf356b4c5f3da2ce207c59ab1b52
.reloc 0x198000 0x7368 0x8000 6.33 d3da904512745df827e5181594943fa8

( 5 imports )
> KERNEL32.dll: GetOEMCP, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, InterlockedExchange, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, DisableThreadLibraryCalls, RaiseException, Sleep, CloseHandle, WriteFile, CreateFileA, WaitForSingleObject, SetEvent, lstrcmpiA, CreateThread, CreateEventA, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleW, GetACP, GetVersionExA, VirtualQuery, VirtualProtect, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, RtlUnwind, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, ExitProcess, GetCommandLineA, GetSystemInfo, HeapReAlloc, HeapFree, VirtualAlloc, IsValidLocale, ConvertDefaultLocale, GetLocaleInfoW, GetModuleFileNameW, GetModuleFileNameA, FindResourceA, LoadResource, LockResource, GetProfileIntA, GetProfileStringA, lstrcmpiW, IsDBCSLeadByteEx, LocalReAlloc, MulDiv, SetLastError, LocalAlloc, LocalFree, GetFileTime, SearchPathW, SearchPathA, InterlockedIncrement, CreateSemaphoreA, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpyA, lstrcatA, GetSystemDirectoryA, CreateFileMappingW, ReleaseSemaphore, GetProfileSectionA, CreateFileW, SetEndOfFile, SetFilePointer, ReadFile, UnlockFile, GetFileInformationByHandle, LockFile, FlushFileBuffers, GetLastError, VirtualFree, GlobalAlloc, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GlobalLock, GlobalSize, GlobalUnlock, GlobalFree, HeapCreate, GetModuleHandleA, GetSystemDirectoryW, GetWindowsDirectoryA, FreeLibrary, HeapDestroy, LoadLibraryA
> USER32.dll: ReleaseDC, LoadBitmapW, LoadBitmapA, wsprintfW, SystemParametersInfoA, GetDC, wsprintfA, GetSysColor, UnregisterClassA, DestroyWindow, GetSystemMetrics, DefWindowProcA, CreateWindowExA, RegisterClassA, DispatchMessageA, TranslateMessage, MsgWaitForMultipleObjects, PeekMessageA, GetClientRect, GetDesktopWindow, GetWindowRect, WindowFromDC, CreateIconIndirect, GetIconInfo, ClientToScreen, wvsprintfA, GetDCEx, GetWindowLongA, GetClassLongA
> GDI32.dll: GetNearestPaletteIndex, GetDIBColorTable, FillRgn, SetMiterLimit, CreateSolidBrush, StrokePath, GetGraphicsMode, SetPolyFillMode, FillPath, StrokeAndFillPath, GetViewportExtEx, ExtTextOutA, GetTextCharsetInfo, TranslateCharsetInfo, PolylineTo, Polyline, LineTo, GetCurrentPositionEx, ArcTo, SetArcDirection, SelectClipPath, GetPath, CloseFigure, AbortPath, FlattenPath, WidenPath, BeginPath, Ellipse, AngleArc, PolyBezierTo, PolyBezier, RoundRect, PolyDraw, Pie, Chord, Arc, EndPath, OffsetClipRgn, GetRgnBox, CombineRgn, SetPaletteEntries, ResizePalette, ExcludeClipRect, MoveToEx, PlayEnhMetaFile, GetWinMetaFileBits, PlgBlt, BitBlt, OffsetViewportOrgEx, StretchBlt, ScaleViewportExtEx, ScaleWindowExtEx, CombineTransform, SetMapperFlags, CreatePen, CreateDIBitmap, CreatePatternBrush, ExtSelectClipRgn, GetBkMode, GetTextAlign, ModifyWorldTransform, ExtCreateRegion, CreateCompatibleBitmap, GetNearestColor, SetStretchBltMode, StretchDIBits, SetTextAlign, SetTextJustification, PolyPolygon, PlayMetaFileRecord, ExtCreatePen, GetWorldTransform, GetROP2, SetROP2, Rectangle, Polygon, IntersectClipRect, SetBrushOrgEx, GetClipRgn, SelectClipRgn, GetBkColor, GetTextColor, CreatePenIndirect, GetObjectW, DPtoLP, CreateDIBPatternBrushPt, ExtTextOutW, SetBitmapBits, CreateEnhMetaFileW, GdiComment, GetMetaFileW, GetMetaFileA, SaveDC, SetWindowOrgEx, SetViewportOrgEx, SetGraphicsMode, SetWorldTransform, GetEnhMetaFileW, GetEnhMetaFileA, GetEnhMetaFileBits, CopyEnhMetaFileA, CopyMetaFileA, DeleteMetaFile, GetEnhMetaFileHeader, SetMetaFileBitsEx, SetEnhMetaFileBits, CreateEnhMetaFileA, SetMapMode, SetViewportExtEx, SetWindowExtEx, PlayMetaFile, CloseEnhMetaFile, DeleteEnhMetaFile, SetMetaRgn, GetMetaFileBitsEx, EnumMetaFile, EnumEnhMetaFile, PlayEnhMetaFileRecord, RestoreDC, GetStockObject, CreateBitmap, SetTextColor, SetBkColor, SetBkMode, SetDIBits, CreatePalette, GetSystemPaletteEntries, GetSystemPaletteUse, GetDeviceCaps, ExtEscape, GetObjectType, GetPixel, SetDIBColorTable, DeleteObject, SelectPalette, GetTextFaceA, GetTextMetricsA, GetTextFaceW, GetTextMetricsW, EnumFontFamiliesExA, EnumFontFamiliesExW, SelectObject, CreateFontIndirectW, CreateFontIndirectA, GetRegionData, DeleteDC, CreateDCA, CreateICA, CreateRectRgn, GetRandomRgn, LPtoDP, GetWindowExtEx, PolyPolyline, GetWindowOrgEx, GetViewportOrgEx, GetMapMode, SetICMMode, Escape, GetDCOrgEx, GetObjectA, GetCurrentObject, GetDIBits, CreateCompatibleDC, CreateDIBSection, RealizePalette, GetPaletteEntries, GdiFlush, PatBlt, CreateBrushIndirect
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CreateStreamOnHGlobal
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegEnumValueW, RegQueryInfoKeyA, RegOpenKeyExA, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExA, RegEnumKeyExA, RegEnumKeyExW, RegCreateKeyExA, RegQueryValueExW, RegSetValueExW, RegEnumValueA, RegDeleteKeyW, RegDeleteKeyA, RegCreateKeyExW

( 609 exports )
GdipAddPathArc, GdipAddPathArcI, GdipAddPathBezier, GdipAddPathBezierI, GdipAddPathBeziers, GdipAddPathBeziersI, GdipAddPathClosedCurve, GdipAddPathClosedCurve2, GdipAddPathClosedCurve2I, GdipAddPathClosedCurveI, GdipAddPathCurve, GdipAddPathCurve2, GdipAddPathCurve2I, GdipAddPathCurve3, GdipAddPathCurve3I, GdipAddPathCurveI, GdipAddPathEllipse, GdipAddPathEllipseI, GdipAddPathLine, GdipAddPathLine2, GdipAddPathLine2I, GdipAddPathLineI, GdipAddPathPath, GdipAddPathPie, GdipAddPathPieI, GdipAddPathPolygon, GdipAddPathPolygonI, GdipAddPathRectangle, GdipAddPathRectangleI, GdipAddPathRectangles, GdipAddPathRectanglesI, GdipAddPathString, GdipAddPathStringI, GdipAlloc, GdipBeginContainer, GdipBeginContainer2, GdipBeginContainerI, GdipBitmapGetPixel, GdipBitmapLockBits, GdipBitmapSetPixel, GdipBitmapSetResolution, GdipBitmapUnlockBits, GdipClearPathMarkers, GdipCloneBitmapArea, GdipCloneBitmapAreaI, GdipCloneBrush, GdipCloneCustomLineCap, GdipCloneFont, GdipCloneFontFamily, GdipCloneImage, GdipCloneImageAttributes, GdipCloneMatrix, GdipClonePath, GdipClonePen, GdipCloneRegion, GdipCloneStringFormat, GdipClosePathFigure, GdipClosePathFigures, GdipCombineRegionPath, GdipCombineRegionRect, GdipCombineRegionRectI, GdipCombineRegionRegion, GdipComment, GdipCreateAdjustableArrowCap, GdipCreateBitmapFromDirectDrawSurface, GdipCreateBitmapFromFile, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromGdiDib, GdipCreateBitmapFromGraphics, GdipCreateBitmapFromHBITMAP, GdipCreateBitmapFromHICON, GdipCreateBitmapFromResource, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateCachedBitmap, GdipCreateCustomLineCap, GdipCreateFont, GdipCreateFontFamilyFromName, GdipCreateFontFromDC, GdipCreateFontFromLogfontA, GdipCreateFontFromLogfontW, GdipCreateFromHDC, GdipCreateFromHDC2, GdipCreateFromHWND, GdipCreateFromHWNDICM, GdipCreateHBITMAPFromBitmap, GdipCreateHICONFromBitmap, GdipCreateHalftonePalette, GdipCreateHatchBrush, GdipCreateImageAttributes, GdipCreateLineBrush, GdipCreateLineBrushFromRect, GdipCreateLineBrushFromRectI, GdipCreateLineBrushFromRectWithAngle, GdipCreateLineBrushFromRectWithAngleI, GdipCreateLineBrushI, GdipCreateMatrix, GdipCreateMatrix2, GdipCreateMatrix3, GdipCreateMatrix3I, GdipCreateMetafileFromEmf, GdipCreateMetafileFromFile, GdipCreateMetafileFromStream, GdipCreateMetafileFromWmf, GdipCreateMetafileFromWmfFile, GdipCreatePath, GdipCreatePath2, GdipCreatePath2I, GdipCreatePathGradient, GdipCreatePathGradientFromPath, GdipCreatePathGradientI, GdipCreatePathIter, GdipCreatePen1, GdipCreatePen2, GdipCreateRegion, GdipCreateRegionHrgn, GdipCreateRegionPath, GdipCreateRegionRect, GdipCreateRegionRectI, GdipCreateRegionRgnData, GdipCreateSolidFill, GdipCreateStreamOnFile, GdipCreateStringFormat, GdipCreateTexture, GdipCreateTexture2, GdipCreateTexture2I, GdipCreateTextureIA, GdipCreateTextureIAI, GdipDeleteBrush, GdipDeleteCachedBitmap, GdipDeleteCustomLineCap, GdipDeleteFont, GdipDeleteFontFamily, GdipDeleteGraphics, GdipDeleteMatrix, GdipDeletePath, GdipDeletePathIter, GdipDeletePen, GdipDeletePrivateFontCollection, GdipDeleteRegion, GdipDeleteStringFormat, GdipDisposeImage, GdipDisposeImageAttributes, GdipDrawArc, GdipDrawArcI, GdipDrawBezier, GdipDrawBezierI, GdipDrawBeziers, GdipDrawBeziersI, GdipDrawCachedBitmap, GdipDrawClosedCurve, GdipDrawClosedCurve2, GdipDrawClosedCurve2I, GdipDrawClosedCurveI, GdipDrawCurve, GdipDrawCurve2, GdipDrawCurve2I, GdipDrawCurve3, GdipDrawCurve3I, GdipDrawCurveI, GdipDrawDriverString, GdipDrawEllipse, GdipDrawEllipseI, GdipDrawImage, GdipDrawImageI, GdipDrawImagePointRect, GdipDrawImagePointRectI, GdipDrawImagePoints, GdipDrawImagePointsI, GdipDrawImagePointsRect, GdipDrawImagePointsRectI, GdipDrawImageRect, GdipDrawImageRectI, GdipDrawImageRectRect, GdipDrawImageRectRectI, GdipDrawLine, GdipDrawLineI, GdipDrawLines, GdipDrawLinesI, GdipDrawPath, GdipDrawPie, GdipDrawPieI, GdipDrawPolygon, GdipDrawPolygonI, GdipDrawRectangle, GdipDrawRectangleI, GdipDrawRectangles, GdipDrawRectanglesI, GdipDrawString, GdipEmfToWmfBits, GdipEndContainer, GdipEnumerateMetafileDestPoint, GdipEnumerateMetafileDestPointI, GdipEnumerateMetafileDestPoints, GdipEnumerateMetafileDestPointsI, GdipEnumerateMetafileDestRect, GdipEnumerateMetafileDestRectI, GdipEnumerateMetafileSrcRectDestPoint, GdipEnumerateMetafileSrcRectDestPointI, GdipEnumerateMetafileSrcRectDestPoints, GdipEnumerateMetafileSrcRectDestPointsI, GdipEnumerateMetafileSrcRectDestRect, GdipEnumerateMetafileSrcRectDestRectI, GdipFillClosedCurve, GdipFillClosedCurve2, GdipFillClosedCurve2I, GdipFillClosedCurveI, GdipFillEllipse, GdipFillEllipseI, GdipFillPath, GdipFillPie, GdipFillPieI, GdipFillPolygon, GdipFillPolygon2, GdipFillPolygon2I, GdipFillPolygonI, GdipFillRectangle, GdipFillRectangleI, GdipFillRectangles, GdipFillRectanglesI, GdipFillRegion, GdipFlattenPath, GdipFlush, GdipFree, GdipGetAdjustableArrowCapFillState, GdipGetAdjustableArrowCapHeight, GdipGetAdjustableArrowCapMiddleInset, GdipGetAdjustableArrowCapWidth, GdipGetAllPropertyItems, GdipGetBrushType, GdipGetCellAscent, GdipGetCellDescent, GdipGetClip, GdipGetClipBounds, GdipGetClipBoundsI, GdipGetCompositingMode, GdipGetCompositingQuality, GdipGetCustomLineCapBaseCap, GdipGetCustomLineCapBaseInset, GdipGetCustomLineCapStrokeCaps, GdipGetCustomLineCapStrokeJoin, GdipGetCustomLineCapType, GdipGetCustomLineCapWidthScale, GdipGetDC, GdipGetDpiX, GdipGetDpiY, GdipGetEmHeight, GdipGetEncoderParameterList, GdipGetEncoderParameterListSize, GdipGetFamily, GdipGetFamilyName, GdipGetFontCollectionFamilyCount, GdipGetFontCollectionFamilyList, GdipGetFontHeight, GdipGetFontHeightGivenDPI, GdipGetFontSize, GdipGetFontStyle, GdipGetFontUnit, GdipGetGenericFontFamilyMonospace, GdipGetGenericFontFamilySansSerif, GdipGetGenericFontFamilySerif, GdipGetHatchBackgroundColor, GdipGetHatchForegroundColor, GdipGetHatchStyle, GdipGetHemfFromMetafile, GdipGetImageAttributesAdjustedPalette, GdipGetImageBounds, GdipGetImageDecoders, GdipGetImageDecodersSize, GdipGetImageDimension, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipGetImageFlags, GdipGetImageGraphicsContext, GdipGetImageHeight, GdipGetImageHorizontalResolution, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageRawFormat, GdipGetImageThumbnail, GdipGetImageType, GdipGetImageVerticalResolution, GdipGetImageWidth, GdipGetInterpolationMode, GdipGetLineBlend, GdipGetLineBlendCount, GdipGetLineColors, GdipGetLineGammaCorrection, GdipGetLinePresetBlend, GdipGetLinePresetBlendCount, GdipGetLineRect, GdipGetLineRectI, GdipGetLineSpacing, GdipGetLineTransform, GdipGetLineWrapMode, GdipGetLogFontA, GdipGetLogFontW, GdipGetMatrixElements, GdipGetMetafileDownLevelRasterizationLimit, GdipGetMetafileHeaderFromEmf, GdipGetMetafileHeaderFromFile, GdipGetMetafileHeaderFromMetafile, GdipGetMetafileHeaderFromStream, GdipGetMetafileHeaderFromWmf, GdipGetNearestColor, GdipGetPageScale, GdipGetPageUnit, GdipGetPathData, GdipGetPathFillMode, GdipGetPathGradientBlend, GdipGetPathGradientBlendCount, GdipGetPathGradientCenterColor, GdipGetPathGradientCenterPoint, GdipGetPathGradientCenterPointI, GdipGetPathGradientFocusScales, GdipGetPathGradientGammaCorrection, GdipGetPathGradientPath, GdipGetPathGradientPointCount, GdipGetPathGradientPresetBlend, GdipGetPathGradientPresetBlendCount, GdipGetPathGradientRect, GdipGetPathGradientRectI, GdipGetPathGradientSurroundColorCount, GdipGetPathGradientSurroundColorsWithCount, GdipGetPathGradientTransform, GdipGetPathGradientWrapMode, GdipGetPathLastPoint, GdipGetPathPoints, GdipGetPathPointsI, GdipGetPathTypes, GdipGetPathWorldBounds, GdipGetPathWorldBoundsI, GdipGetPenBrushFill, GdipGetPenColor, GdipGetPenCompoundArray, GdipGetPenCompoundCount, GdipGetPenCustomEndCap, GdipGetPenCustomStartCap, GdipGetPenDashArray, GdipGetPenDashCap197819, GdipGetPenDashCount, GdipGetPenDashOffset, GdipGetPenDashStyle, GdipGetPenEndCap, GdipGetPenFillType, GdipGetPenLineJoin, GdipGetPenMiterLimit, GdipGetPenMode, GdipGetPenStartCap, GdipGetPenTransform, GdipGetPenUnit, GdipGetPenWidth, GdipGetPixelOffsetMode, GdipGetPointCount, GdipGetPropertyCount, GdipGetPropertyIdList, GdipGetPropertyItem, GdipGetPropertyItemSize, GdipGetPropertySize, GdipGetRegionBounds, GdipGetRegionBoundsI, GdipGetRegionData, GdipGetRegionDataSize, GdipGetRegionHRgn, GdipGetRegionScans, GdipGetRegionScansCount, GdipGetRegionScansI, GdipGetRenderingOrigin, GdipGetSmoothingMode, GdipGetSolidFillColor, GdipGetStringFormatAlign, GdipGetStringFormatDigitSubstitution, GdipGetStringFormatFlags, GdipGetStringFormatHotkeyPrefix, GdipGetStringFormatLineAlign, GdipGetStringFormatMeasurableCharacterRangeCount, GdipGetStringFormatTabStopCount, GdipGetStringFormatTabStops, GdipGetStringFormatTrimming, GdipGetTextContrast, GdipGetTextRenderingHint, GdipGetTextureImage, GdipGetTextureTransform, GdipGetTextureWrapMode, GdipGetVisibleClipBounds, GdipGetVisibleClipBoundsI, GdipGetWorldTransform, GdipGraphicsClear, GdipImageForceValidation, GdipImageGetFrameCount, GdipImageGetFrameDimensionsCount, GdipImageGetFrameDimensionsList, GdipImageRotateFlip, GdipImageSelectActiveFrame, GdipInvertMatrix, GdipIsClipEmpty, GdipIsEmptyRegion, GdipIsEqualRegion, GdipIsInfiniteRegion, GdipIsMatrixEqual, GdipIsMatrixIdentity, GdipIsMatrixInvertible, GdipIsOutlineVisiblePathPoint, GdipIsOutlineVisiblePathPointI, GdipIsStyleAvailable, GdipIsVisibleClipEmpty, GdipIsVisiblePathPoint, GdipIsVisiblePathPointI, GdipIsVisiblePoint, GdipIsVisiblePointI, GdipIsVisibleRect, GdipIsVisibleRectI, GdipIsVisibleRegionPoint, GdipIsVisibleRegionPointI, GdipIsVisibleRegionRect, GdipIsVisibleRegionRectI, GdipLoadImageFromFile, GdipLoadImageFromFileICM, GdipLoadImageFromStream, GdipLoadImageFromStreamICM, GdipMeasureCharacterRanges, GdipMeasureDriverString, GdipMeasureString, GdipMultiplyLineTransform, GdipMultiplyMatrix, GdipMultiplyPathGradientTransform, GdipMultiplyPenTransform, GdipMultiplyTextureTransform, GdipMultiplyWorldTransform, GdipNewInstalledFontCollection, GdipNewPrivateFontCollection, GdipPathIterCopyData, GdipPathIterEnumerate, GdipPathIterGetCount, GdipPathIterGetSubpathCount, GdipPathIterHasCurve, GdipPathIterIsValid, GdipPathIterNextMarker, GdipPathIterNextMarkerPath, GdipPathIterNextPathType, GdipPathIterNextSubpath, GdipPathIterNextSubpathPath, GdipPathIterRewind, GdipPlayMetafileRecord, GdipPrivateAddFontFile, GdipPrivateAddMemoryFont, GdipRecordMetafile, GdipRecordMetafileFileName, GdipRecordMetafileFileNameI, GdipRecordMetafileI, GdipRecordMetafileStream, GdipRecordMetafileStreamI, GdipReleaseDC, GdipRemovePropertyItem, GdipResetClip, GdipResetImageAttributes, GdipResetLineTransform, GdipResetPageTransform, GdipResetPath, GdipResetPathGradientTransform, GdipResetPenTransform, GdipResetTextureTransform, GdipResetWorldTransform, GdipRestoreGraphics, GdipReversePath, GdipRotateLineTransform, GdipRotateMatrix, GdipRotatePathGradientTransform, GdipRotatePenTransform, GdipRotateTextureTransform, GdipRotateWorldTransform, GdipSaveAdd, GdipSaveAddImage, GdipSaveGraphics, GdipSaveImageToFile, GdipSaveImageToStream, GdipScaleLineTransform, GdipScaleMatrix, GdipScalePathGradientTransform, GdipScalePenTransform, GdipScaleTextureTransform, GdipScaleWorldTransform, GdipSetAdjustableArrowCapFillState, GdipSetAdjustableArrowCapHeight, GdipSetAdjustableArrowCapMiddleInset, GdipSetAdjustableArrowCapWidth, GdipSetClipGraphics, GdipSetClipHrgn, GdipSetClipPath, GdipSetClipRect, GdipSetClipRectI, GdipSetClipRegion, GdipSetCompositingMode, GdipSetCompositingQuality, GdipSetCustomLineCapBaseCap, GdipSetCustomLineCapBaseInset, GdipSetCustomLineCapStrokeCaps, GdipSetCustomLineCapStrokeJoin, GdipSetCustomLineCapWidthScale, GdipSetEmpty, GdipSetImageAttributesCachedBackground, GdipSetImageAttributesColorKeys, GdipSetImageAttributesColorMatrix, GdipSetImageAttributesGamma, GdipSetImageAttributesNoOp, GdipSetImageAttributesOutputChannel, GdipSetImageAttributesOutputChannelColorProfile, GdipSetImageAttributesRemapTable, GdipSetImageAttributesThreshold, GdipSetImageAttributesToIdentity, GdipSetImageAttributesWrapMode, GdipSetImagePalette, GdipSetInfinite, GdipSetInterpolationMode, GdipSetLineBlend, GdipSetLineColors, GdipSetLineGammaCorrection, GdipSetLineLinearBlend, GdipSetLinePresetBlend, GdipSetLineSigmaBlend, GdipSetLineTransform, GdipSetLineWrapMode, GdipSetMatrixElements, GdipSetMetafileDownLevelRasterizationLimit, GdipSetPageScale, GdipSetPageUnit, GdipSetPathFillMode, GdipSetPathGradientBlend, GdipSetPathGradientCenterColor, GdipSetPathGradientCenterPoint, GdipSetPathGradientCenterPointI, GdipSetPathGradientFocusScales, GdipSetPathGradientGammaCorrection, GdipSetPathGradientLinearBlend, GdipSetPathGradientPath, GdipSetPathGradientPresetBlend, GdipSetPathGradientSigmaBlend, GdipSetPathGradientSurroundColorsWithCount, GdipSetPathGradientTransform, GdipSetPathGradientWrapMode, GdipSetPathMarker, GdipSetPenBrushFill, GdipSetPenColor, GdipSetPenCompoundArray, GdipSetPenCustomEndCap, GdipSetPenCustomStartCap, GdipSetPenDashArray, GdipSetPenDashCap197819, GdipSetPenDashOffset, GdipSetPenDashStyle, GdipSetPenEndCap, GdipSetPenLineCap197819, GdipSetPenLineJoin, GdipSetPenMiterLimit, GdipSetPenMode, GdipSetPenStartCap, GdipSetPenTransform, GdipSetPenUnit, GdipSetPenWidth, GdipSetPixelOffsetMode, GdipSetPropertyItem, GdipSetRenderingOrigin, GdipSetSmoothingMode, GdipSetSolidFillColor, GdipSetStringFormatAlign, GdipSetStringFormatDigitSubstitution, GdipSetStringFormatFlags, GdipSetStringFormatHotkeyPrefix, GdipSetStringFormatLineAlign, GdipSetStringFormatMeasurableCharacterRanges, GdipSetStringFormatTabStops, GdipSetStringFormatTrimming, GdipSetTextContrast, GdipSetTextRenderingHint, GdipSetTextureTransform, GdipSetTextureWrapMode, GdipSetWorldTransform, GdipShearMatrix, GdipStartPathFigure, GdipStringFormatGetGenericDefault, GdipStringFormatGetGenericTypographic, GdipTestControl, GdipTransformMatrixPoints, GdipTransformMatrixPointsI, GdipTransformPath, GdipTransformPoints, GdipTransformPointsI, GdipTransformRegion, GdipTranslateClip, GdipTranslateClipI, GdipTranslateLineTransform, GdipTranslateMatrix, GdipTranslatePathGradientTransform, GdipTranslatePenTransform, GdipTranslateRegion, GdipTranslateRegionI, GdipTranslateTextureTransform, GdipTranslateWorldTransform, GdipVectorTransformMatrixPoints, GdipVectorTransformMatrixPointsI, GdipWarpPath, GdipWidenPath, GdipWindingModeOutline, GdiplusNotificationHook, GdiplusNotificationUnhook, GdiplusShutdown, GdiplusStartup
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft GDI_
original name: gdiplus
internal name: gdiplus
file version.: 5.1.3097.0 (xpclient.010811-1534)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#48 Příspěvek od **motji** » 18 úno 2010 20:51

Znovu si stahněte z přílohy ten soubor, tentokrát si založte ještě na disku C jednu složku - složku A - dodržte to velké písmeno. Soubor uložte na disk C a a zkopírujte ho i do složky A, takže cesta bude:
C:\A\cdrom.sys
C:\cdrom.sys

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

Begin copying here:
Files to move:
C:\cdrom.sys | c:\windows\system32\drivers\cdrom.sys 
C:\A\cdrom.sys | c:\windows\system32\dllcache\cdrom.sys  

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | "Regedit32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | "SyncMan"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | "SyncMan"

Files to delete:
c:\windows\system32\SyncMan.exe
c:\windows\system32\regedit.exe
c:\documents and settings\Maminka\SyncMan.exe
C:\Documents and Settings\pc\SyncMan.exe

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

A pak hned spustte combofix, bez skriptu

Mikey2692 · #49 Příspěvek od **Mikey2692** » 18 úno 2010 21:36

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Thu Feb 18 21:32:43 2010

21:32:36: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"SyncMan""
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
21:32:43: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Thu Feb 18 21:33:11 2010

21:33:09: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"SyncMan""
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
21:33:11: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Thu Feb 18 21:33:47 2010

21:33:39: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"SyncMan""
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\cdrom.sys|c:\windows\system32\drivers\cdrom.sys" completed successfully.
File move operation "C:\A\cdrom.sys|c:\windows\system32\dllcache\cdrom.sys" completed successfully.
File "c:\windows\system32\SyncMan.exe" deleted successfully.

Error: file "c:\windows\system32\regedit.exe" not found!
Deletion of file "c:\windows\system32\regedit.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\documents and settings\Maminka\SyncMan.exe" not found!
Deletion of file "c:\documents and settings\Maminka\SyncMan.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Documents and Settings\pc\SyncMan.exe" not found!
Deletion of file "C:\Documents and Settings\pc\SyncMan.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"Regedit32""
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"Regedit32"" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"SyncMan""
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"SyncMan"" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Mikey2692 · #50 Příspěvek od **Mikey2692** » 18 úno 2010 21:46

ComboFix 10-02-12.01 - pc 18.02.2010 21:38:50.9.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.612 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pc\oashdihasidhasuidhiasdhiashdiuasdhasd

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 20:30 . 2010-02-18 20:34 -------- d-----w- C:\A
2010-02-17 21:50 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-02-17 17:36 . 2010-02-17 17:36 -------- d-----w- c:\documents and settings\Marek\Application Data\ESET
2010-02-16 16:23 . 2010-02-16 16:23 42531 ----a-w- c:\documents and settings\NetworkService\SyncMan.exe
2010-02-14 18:58 . 2010-02-14 18:58 -------- d-----w- c:\documents and settings\Marek\Application Data\Apple Computer
2010-02-14 18:57 . 2010-02-14 18:57 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\Apple Computer
2010-02-14 18:31 . 2010-02-14 18:31 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\AOL
2010-02-11 21:18 . 2010-02-11 21:19 -------- d-----w- c:\program files\QuickTime
2010-02-11 21:18 . 2010-02-11 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-09 20:00 . 2010-02-09 20:00 -------- d-----w- C:\ATF
2010-02-08 17:23 . 2010-02-08 17:23 -------- d-----w- c:\program files\Common Files\Skype
2010-02-06 14:18 . 2010-02-17 21:29 -------- d-----w- c:\program files\ICQ7.0
2010-01-30 22:22 . 2010-01-30 22:22 -------- d-----w- c:\program files\DIFX
2010-01-30 22:22 . 2010-01-30 22:22 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-30 22:22 . 2009-05-12 14:53 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2010-01-30 22:20 . 2010-01-30 22:20 -------- d-----w- C:\KP500
2010-01-30 22:19 . 2010-01-27 00:12 935872 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-01-30 22:19 . 2010-01-22 05:43 499712 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-01-30 22:19 . 2010-01-15 04:24 59328 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\LGMLauncher.exe
2010-01-30 22:19 . 2009-11-19 07:28 90112 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-01-30 22:19 . 2009-11-04 03:57 206792 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-01-30 22:19 . 2009-10-06 06:12 24576 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2010-01-30 22:19 . 2009-06-15 06:21 182208 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-01-30 22:19 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-01-30 22:19 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-30 22:19 . 2010-01-30 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-01-30 19:23 . 2010-01-30 19:23 -------- d-----w- c:\program files\Application Updater
2010-01-28 21:38 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-28 21:38 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-28 21:38 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-28 19:10 . 2010-01-28 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-28 19:10 . 2010-01-28 19:11 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-28 19:09 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-28 19:09 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-28 19:09 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-28 19:09 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-28 19:09 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-28 19:09 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- C:\NVIDIA
2010-01-28 18:32 . 2010-01-28 18:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-28 18:32 . 2010-01-28 18:32 552 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 20:35 . 2009-04-15 08:45 -------- d-----w- c:\program files\lg_fwupdate
2010-02-18 20:35 . 2009-04-15 15:54 -------- d-----w- c:\program files\DNA
2010-02-17 19:09 . 2009-05-02 19:34 -------- d-----w- c:\documents and settings\Marek\Application Data\Skype
2010-02-17 17:37 . 2009-05-02 19:39 -------- d-----w- c:\documents and settings\Marek\Application Data\skypePM
2010-02-16 20:47 . 2009-04-15 11:37 -------- d-----w- c:\program files\Eset
2010-02-16 20:47 . 2009-08-18 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-02-15 19:19 . 2009-05-29 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-15 19:19 . 2009-05-29 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 18:37 . 2009-04-27 18:06 69232 ----a-w- c:\documents and settings\Maminka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-14 22:05 . 2009-04-15 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 21:24 . 2009-05-09 12:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-14 18:31 . 2009-04-16 19:05 -------- d-----w- c:\documents and settings\Marek\Application Data\ICQ
2010-02-13 10:21 . 2009-05-08 11:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-13 10:21 . 2009-05-08 11:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-13 10:21 . 2009-05-08 11:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-08 17:23 . 2009-05-02 19:34 -------- d-----r- c:\program files\Skype
2010-02-08 17:23 . 2009-05-02 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-06 13:35 . 2009-05-20 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-01 17:11 . 2009-10-21 19:01 -------- d-----w- c:\program files\LG PC Suite II
2010-01-29 21:01 . 2009-05-02 19:34 -------- d-----w- c:\program files\Google
2010-01-28 19:11 . 2009-11-14 21:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 19:10 . 2009-11-14 21:49 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-27 19:38 . 2009-05-21 14:24 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-23 11:26 . 2009-04-23 18:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:18 . 2009-04-15 14:37 -------- d-----w- c:\program files\Xfire
2010-01-18 14:32 . 2009-04-28 17:25 69232 ----a-w- c:\documents and settings\Marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-03 23:01 . 2010-01-03 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-03 22:52 . 2010-01-03 22:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-03 22:48 . 2010-01-03 22:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 21:37 . 2009-12-26 21:37 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-26 21:37 . 2009-12-26 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-12-25 16:39 . 2009-12-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-22 05:21 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-16 18:43 . 2009-04-14 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 22:14 . 2009-04-15 08:45 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-04-15 11:19 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2007-06-28 22:43 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2007-06-28 22:43 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2007-06-28 22:43 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2007-06-28 22:43 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2007-06-28 22:43 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2007-06-28 22:43 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-15_21.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 20:35 . 2010-02-18 20:35 16384 c:\windows\temp\Perflib_Perfdata_17c.dat
+ 2009-11-16 08:06 . 2009-11-16 08:06 55768 c:\windows\system32\drivers\epfwtdi.sys
+ 2010-02-16 20:48 . 2010-02-16 20:48 97360 c:\windows\Installer\{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}\egui.exe
+ 2010-02-16 20:48 . 2010-02-16 20:48 10134 c:\windows\Installer\{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}\callmsi.exe
+ 2009-11-16 08:03 . 2009-11-16 08:03 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-11-16 07:56 . 2009-11-16 07:56 116520 c:\windows\system32\drivers\eamon.sys
+ 2010-02-16 20:48 . 2010-02-16 20:48 1140736 c:\windows\Installer\4178e0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]
"SyncMan"="c:\documents and settings\pc\SyncMan.exe" [BU]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-15 557056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marek\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Maminka\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\games\\Valve\\hl.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Marek\\Desktop\\Zbierka\\metin 2\\metin2.bin"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\condition zero\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\day of defeat\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58722:TCP"= 58722:TCP:Pando Media Booster
"58722:UDP"= 58722:UDP:Pando Media Booster
"3094:UDP"= 3094:UDP:Windows Media Format SDK (firefox.exe)
"3095:UDP"= 3095:UDP:Windows Media Format SDK (firefox.exe)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29.5.2009 18:31 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.8.2009 15:38 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29.5.2009 18:30 348752]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 14:38]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/icqskins/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\jxcd50ug.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://pokec.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SyncMan - c:\windows\system32\SyncMan.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 21:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-18 21:45:37
ComboFix-quarantined-files.txt 2010-02-18 20:45
ComboFix2.txt 2010-02-17 21:55
ComboFix3.txt 2010-02-16 19:39
ComboFix4.txt 2010-02-16 18:51
ComboFix5.txt 2010-02-18 20:38

Pre-Run: 5 646 323 712 bytes free
Post-Run: 5 606 297 600 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1B86154ACBF5577DA5CD5573CF8447A2

#51 Příspěvek od **motji** » 18 úno 2010 22:10

Otestujte na www.virustotal.com
c:\documents and settings\pc\SyncMan.exe
c:\documents and settings\NetworkService\SyncMan.exe
c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\dllcache\cdrom.sys

Mikey2692 · #52 Příspěvek od **Mikey2692** » 18 úno 2010 22:18

prvý súbor mi to nenašlo

#53 Příspěvek od **motji** » 18 úno 2010 22:19

nevadí, on tam nebude už

Mikey2692 · #54 Příspěvek od **Mikey2692** » 18 úno 2010 22:22

prikladám druhý, tretí a štvrtý

File SyncMan.exe received on 2010.02.18 21:18:26 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/41 (29.27%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.18 Trojan.Crypt!IK
AhnLab-V3 5.0.0.2 2010.02.18 -
AntiVir 8.2.1.170 2010.02.18 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3984 2010.02.18 Heur.Suspicious
DrWeb 5.0.1.12222 2010.02.18 Trojan.Packed.19699
eSafe 7.0.17.0 2010.02.18 Win32.TRCrypt.ZPACK
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.18 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 Trojan.Crypt
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 Artemis!B88F2F6E933E
McAfee-GW-Edition 6.8.5 2010.02.18 Heuristic.LooksLike.Win32.Suspicious.A!80
Microsoft 1.5406 2010.02.18 -
NOD32 4878 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.18 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.18 High Risk Cloaked Malware
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 Mal/Generic-A
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 Suspicious.Insight
TheHacker 6.5.1.4.199 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 TROJ_SHGRAY.SM
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Additional information
File size: 42531 bytes
MD5...: b88f2f6e933e4a0a69b0a6fe443269dc
SHA1..: cc5f885d70e7fea8739b2a45f8ba749a1f6b8294
SHA256: 16de9202675b3b2b6145dfa18d4a4325b587210e9854090921486cf47baf8e62
ssdeep: 768:JGjt8xk7G2A2tZ7K88un8srCFlw4Zu+PmxkMl7AcJhZqrApLNcHkSLVrB:k9
nnAlw4E+Pmx/lfJhZQApLNiLVF
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3af
timedatestamp.....: 0x4b7a600e (Tue Feb 16 09:06:22 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x20c 0x300 4.30 2872248aff5d6fd4b9361c9c568fff64
.rdata 0x600 0xfc 0x100 3.88 12119a9433d6ec14ac97d1596536967a
.data 0x700 0x42 0x100 1.39 a2d85fd52227707916ee70bcf1c060d6
.rsrc 0x800 0xd60 0xe00 5.39 ab990fe738109107fd6c6fecb1f1911c
.text 0x1600 0x9100 0x9100 7.81 779bd0098bb765b22e73925dfdc48446

( 2 imports )
> kernel32.dll: ExitProcess, GetLastError, GetModuleHandleA, GetProcAddress
> user32.dll: EnumChildWindows, MessageBoxA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext. ... 00F1AC1CAB' target='_blank'>http://info.prevx.com/aboutprogramtext. ... 1AC1CAB</a>

File cdrom.sys received on 2010.02.18 21:19:21 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 7.
Estimated start time is between 84 and 120 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.18 -
AhnLab-V3 5.0.0.2 2010.02.18 -
AntiVir 8.2.1.170 2010.02.18 -
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3984 2010.02.18 -
DrWeb 5.0.1.12222 2010.02.18 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.18 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 -
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.18 -
Microsoft 1.5406 2010.02.18 -
NOD32 4878 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.18 -
PCTools 7.0.3.5 2010.02.17 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 -
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 -
TheHacker 6.5.1.4.199 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Additional information
File size: 62976 bytes
MD5...: 1f4260cc5b42272d71f79e570a27a4fe
SHA1..: a80d103eecfe831b93c01f092abcddae90bccd6f
SHA256: b51c2a3ed3c309953d0ea45869c8e464c10f2533dade9e0286af674979098d1d
ssdeep: 1536:WxY6E/OU1rQzm/P174HlqV17EjmwzYVmcsdR:Wj/U1rQ6F74HQV7YYVmcsd
R
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd7f2
timedatestamp.....: 0x480253ad (Sun Apr 13 18:40:45 2008)
machinetype.......: 0x14c (I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0xb336 0xb380 6.47 5a32f306185e1a4ad2cd99f78fd68f95
.rdata 0xb700 0x7ca 0x800 4.59 b065c91fa7f5b699dfa951ee12c50867
.data 0xbf00 0x50 0x80 2.98 3af530f8b58513e653816241f3fd659b
PAGE 0xbf80 0x101b 0x1080 6.05 3a567203d8c32be151bb69e1e2d2b354
PAGEHIT2 0xd000 0x65 0x80 4.39 52e50ac51e6ac2a003e6f84d722e794d
PAGEHITA 0xd080 0x196 0x200 5.48 9e26e56d44e1e2d1516ae69518e050c9
PAGETOSH 0xd280 0x218 0x280 5.60 15796fdd18f07fbca32fce140b5edff7
PAGE 0xd500 0x110 0x180 1.81 b9ffcbab85ed2ab7cfe06001fcc62b34
INIT 0xd680 0xcde 0xd00 5.64 281ca5d003b86f3af422b4ab89db87e2
.rsrc 0xe380 0x3d8 0x400 3.32 7e2d33ab3e6191db9c89c25eb49d0126
.reloc 0xe780 0xe40 0xe80 6.59 52696ee940c55b8f96b1d57bd654d493

( 3 imports )
> ntoskrnl.exe: IoSetHardErrorOrVerifyDevice, _allshr, MmLockPagableDataSection, KeDelayExecutionThread, _allmul, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlGetVersion, KeInitializeSpinLock, MmUnlockPagableImageSection, RtlFreeUnicodeString, IoSetStartIoAttributes, strchr, memmove, _allshl, IoFreeWorkItem, IoReportTargetDeviceChangeAsynchronous, KeReleaseMutex, _aullshr, KeTickCount, ZwCreateKey, KeBugCheckEx, IoGetAttachedDeviceReference, ObfDereferenceObject, IoGetDriverObjectExtension, sprintf, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeInitializeMutex, KeSetEvent, KeClearEvent, IoReuseIrp, KeInitializeEvent, IofCompleteRequest, KeEnterCriticalRegion, KeWaitForSingleObject, KeLeaveCriticalRegion, IoStartPacket, IoAllocateWorkItem, IoQueueWorkItem, RtlWriteRegistryValue, IoOpenDeviceRegistryKey, RtlQueryRegistryValues, ZwClose, swprintf, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoFreeMdl, IoFreeIrp, ExAllocatePoolWithTag, IoBuildAsynchronousFsdRequest, ExFreePoolWithTag, IofCallDriver, IoGetConfigurationInformation, IoWMIRegistrationControl, RtlInitUnicodeString, WmiQueryTraceInformation, WmiTraceMessage, IoAllocateDriverObjectExtension, IoStartNextPacket
> HAL.dll: KfRaiseIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel, KfLowerIrql
> CLASSPNP.SYS: ClassGetVpb, ClassDisableMediaChangeDetection, ClassFindModePage, ClassSpinDownPowerHandler, ClassInitialize, ClassDeleteSrbLookasideList, ClassGetDriverExtension, ClassInitializeSrbLookasideList, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassInitializeMediaChangeDetection, ClassGetDeviceParameter, ClassSetDeviceParameter, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassReleaseQueue, ClassBuildRequest, ClassSplitRequest, ClassClaimDevice, ClassCreateDeviceObject, ClassUpdateInformationInRegistry, ClassInterpretSenseInfo, ClassEnableMediaChangeDetection, ClassIoComplete, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendDeviceIoControlSynchronous, ClassAsynchronousCompletion, ClassSendStartUnit, ClassAcquireRemoveLockEx, ClassReleaseRemoveLock, ClassCompleteRequest, ClassDeviceControl

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: SCSI CD-ROM Driver
original name: cdrom.sys
internal name: cdrom.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

File cdrom.sys received on 2010.02.18 21:19:48 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.18 -
AhnLab-V3 5.0.0.2 2010.02.18 -
AntiVir 8.2.1.170 2010.02.18 -
Antiy-AVL 2.0.3.7 2010.02.18 -
Authentium 5.2.0.5 2010.02.18 -
Avast 4.8.1351.0 2010.02.18 -
AVG 9.0.0.730 2010.02.18 -
BitDefender 7.2 2010.02.18 -
CAT-QuickHeal 10.00 2010.02.18 -
ClamAV 0.96.0.0-git 2010.02.18 -
Comodo 3984 2010.02.18 -
DrWeb 5.0.1.12222 2010.02.18 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7310 2010.02.18 -
F-Prot 4.5.1.85 2010.02.18 -
F-Secure 9.0.15370.0 2010.02.18 -
Fortinet 4.0.14.0 2010.02.18 -
GData 19 2010.02.18 -
Ikarus T3.1.1.80.0 2010.02.18 -
Jiangmin 13.0.900 2010.02.18 -
K7AntiVirus 7.10.977 2010.02.18 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5896 2010.02.18 -
McAfee+Artemis 5896 2010.02.18 -
McAfee-GW-Edition 6.8.5 2010.02.18 -
Microsoft 1.5406 2010.02.18 -
NOD32 4878 2010.02.18 -
Norman 6.04.08 2010.02.18 -
nProtect 2009.1.8.0 2010.02.18 -
Panda 10.0.2.2 2010.02.18 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.18 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.18 -
Sunbelt 5684 2010.02.18 -
Symantec 20091.2.0.41 2010.02.18 -
TheHacker 6.5.1.4.199 2010.02.18 -
TrendMicro 9.120.0.1004 2010.02.18 -
VBA32 3.12.12.2 2010.02.18 -
ViRobot 2010.2.18.2192 2010.02.18 -
VirusBuster 5.0.27.0 2010.02.18 -
Additional information
File size: 62976 bytes
MD5...: 1f4260cc5b42272d71f79e570a27a4fe
SHA1..: a80d103eecfe831b93c01f092abcddae90bccd6f
SHA256: b51c2a3ed3c309953d0ea45869c8e464c10f2533dade9e0286af674979098d1d
ssdeep: 1536:WxY6E/OU1rQzm/P174HlqV17EjmwzYVmcsdR:Wj/U1rQ6F74HQV7YYVmcsd
R
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd7f2
timedatestamp.....: 0x480253ad (Sun Apr 13 18:40:45 2008)
machinetype.......: 0x14c (I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0xb336 0xb380 6.47 5a32f306185e1a4ad2cd99f78fd68f95
.rdata 0xb700 0x7ca 0x800 4.59 b065c91fa7f5b699dfa951ee12c50867
.data 0xbf00 0x50 0x80 2.98 3af530f8b58513e653816241f3fd659b
PAGE 0xbf80 0x101b 0x1080 6.05 3a567203d8c32be151bb69e1e2d2b354
PAGEHIT2 0xd000 0x65 0x80 4.39 52e50ac51e6ac2a003e6f84d722e794d
PAGEHITA 0xd080 0x196 0x200 5.48 9e26e56d44e1e2d1516ae69518e050c9
PAGETOSH 0xd280 0x218 0x280 5.60 15796fdd18f07fbca32fce140b5edff7
PAGE 0xd500 0x110 0x180 1.81 b9ffcbab85ed2ab7cfe06001fcc62b34
INIT 0xd680 0xcde 0xd00 5.64 281ca5d003b86f3af422b4ab89db87e2
.rsrc 0xe380 0x3d8 0x400 3.32 7e2d33ab3e6191db9c89c25eb49d0126
.reloc 0xe780 0xe40 0xe80 6.59 52696ee940c55b8f96b1d57bd654d493

( 3 imports )
> ntoskrnl.exe: IoSetHardErrorOrVerifyDevice, _allshr, MmLockPagableDataSection, KeDelayExecutionThread, _allmul, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlGetVersion, KeInitializeSpinLock, MmUnlockPagableImageSection, RtlFreeUnicodeString, IoSetStartIoAttributes, strchr, memmove, _allshl, IoFreeWorkItem, IoReportTargetDeviceChangeAsynchronous, KeReleaseMutex, _aullshr, KeTickCount, ZwCreateKey, KeBugCheckEx, IoGetAttachedDeviceReference, ObfDereferenceObject, IoGetDriverObjectExtension, sprintf, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeInitializeMutex, KeSetEvent, KeClearEvent, IoReuseIrp, KeInitializeEvent, IofCompleteRequest, KeEnterCriticalRegion, KeWaitForSingleObject, KeLeaveCriticalRegion, IoStartPacket, IoAllocateWorkItem, IoQueueWorkItem, RtlWriteRegistryValue, IoOpenDeviceRegistryKey, RtlQueryRegistryValues, ZwClose, swprintf, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoFreeMdl, IoFreeIrp, ExAllocatePoolWithTag, IoBuildAsynchronousFsdRequest, ExFreePoolWithTag, IofCallDriver, IoGetConfigurationInformation, IoWMIRegistrationControl, RtlInitUnicodeString, WmiQueryTraceInformation, WmiTraceMessage, IoAllocateDriverObjectExtension, IoStartNextPacket
> HAL.dll: KfRaiseIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel, KfLowerIrql
> CLASSPNP.SYS: ClassGetVpb, ClassDisableMediaChangeDetection, ClassFindModePage, ClassSpinDownPowerHandler, ClassInitialize, ClassDeleteSrbLookasideList, ClassGetDriverExtension, ClassInitializeSrbLookasideList, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassInitializeMediaChangeDetection, ClassGetDeviceParameter, ClassSetDeviceParameter, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassReleaseQueue, ClassBuildRequest, ClassSplitRequest, ClassClaimDevice, ClassCreateDeviceObject, ClassUpdateInformationInRegistry, ClassInterpretSenseInfo, ClassEnableMediaChangeDetection, ClassIoComplete, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendDeviceIoControlSynchronous, ClassAsynchronousCompletion, ClassSendStartUnit, ClassAcquireRemoveLockEx, ClassReleaseRemoveLock, ClassCompleteRequest, ClassDeviceControl

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: SCSI CD-ROM Driver
original name: cdrom.sys
internal name: cdrom.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#55 Příspěvek od **motji** » 18 úno 2010 22:32

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\documents and settings\pc\SyncMan.exe
c:\documents and settings\NetworkService\SyncMan.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SyncMan"=-

DDS::
uStart Page = hxxp://start.icq.com/icqskins/

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Jak to vypadá s počítačem?

Mikey2692 · #56 Příspěvek od **Mikey2692** » 18 úno 2010 22:46

ComboFix 10-02-12.01 - pc 18.02.2010 22:40:09.10.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.527 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\documents and settings\NetworkService\SyncMan.exe"
"c:\documents and settings\pc\SyncMan.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\SyncMan.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 20:30 . 2010-02-18 20:34 -------- d-----w- C:\A
2010-02-17 21:50 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-02-17 17:36 . 2010-02-17 17:36 -------- d-----w- c:\documents and settings\Marek\Application Data\ESET
2010-02-14 18:58 . 2010-02-14 18:58 -------- d-----w- c:\documents and settings\Marek\Application Data\Apple Computer
2010-02-14 18:57 . 2010-02-14 18:57 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\Apple Computer
2010-02-14 18:31 . 2010-02-14 18:31 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\AOL
2010-02-11 21:18 . 2010-02-11 21:19 -------- d-----w- c:\program files\QuickTime
2010-02-11 21:18 . 2010-02-11 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-09 20:00 . 2010-02-09 20:00 -------- d-----w- C:\ATF
2010-02-08 17:23 . 2010-02-08 17:23 -------- d-----w- c:\program files\Common Files\Skype
2010-02-06 14:18 . 2010-02-17 21:29 -------- d-----w- c:\program files\ICQ7.0
2010-01-30 22:22 . 2010-01-30 22:22 -------- d-----w- c:\program files\DIFX
2010-01-30 22:22 . 2010-01-30 22:22 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-30 22:22 . 2009-05-12 14:53 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2010-01-30 22:20 . 2010-01-30 22:20 -------- d-----w- C:\KP500
2010-01-30 22:19 . 2010-01-27 00:12 935872 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-01-30 22:19 . 2010-01-22 05:43 499712 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-01-30 22:19 . 2010-01-15 04:24 59328 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\LGMLauncher.exe
2010-01-30 22:19 . 2009-11-19 07:28 90112 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-01-30 22:19 . 2009-11-04 03:57 206792 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-01-30 22:19 . 2009-10-06 06:12 24576 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2010-01-30 22:19 . 2009-06-15 06:21 182208 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-01-30 22:19 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-01-30 22:19 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-30 22:19 . 2010-01-30 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-01-30 19:23 . 2010-01-30 19:23 -------- d-----w- c:\program files\Application Updater
2010-01-28 21:38 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-28 21:38 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-28 21:38 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-28 21:38 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-28 19:10 . 2010-01-28 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-28 19:10 . 2010-01-28 19:11 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-28 19:09 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-28 19:09 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-28 19:09 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-28 19:09 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-28 19:09 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-28 19:09 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-28 19:09 . 2010-01-28 19:09 -------- d-----w- C:\NVIDIA
2010-01-28 18:32 . 2010-01-28 18:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-28 18:32 . 2010-01-28 18:32 552 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 20:35 . 2009-04-15 08:45 -------- d-----w- c:\program files\lg_fwupdate
2010-02-18 20:35 . 2009-04-15 15:54 -------- d-----w- c:\program files\DNA
2010-02-17 19:09 . 2009-05-02 19:34 -------- d-----w- c:\documents and settings\Marek\Application Data\Skype
2010-02-17 17:37 . 2009-05-02 19:39 -------- d-----w- c:\documents and settings\Marek\Application Data\skypePM
2010-02-16 20:47 . 2009-04-15 11:37 -------- d-----w- c:\program files\Eset
2010-02-16 20:47 . 2009-08-18 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-02-15 19:19 . 2009-05-29 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-15 19:19 . 2009-05-29 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 18:37 . 2009-04-27 18:06 69232 ----a-w- c:\documents and settings\Maminka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-14 22:05 . 2009-04-15 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 21:24 . 2009-05-09 12:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-14 18:31 . 2009-04-16 19:05 -------- d-----w- c:\documents and settings\Marek\Application Data\ICQ
2010-02-13 10:21 . 2009-05-08 11:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-13 10:21 . 2009-05-08 11:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-13 10:21 . 2009-05-08 11:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-08 17:23 . 2009-05-02 19:34 -------- d-----r- c:\program files\Skype
2010-02-08 17:23 . 2009-05-02 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-06 13:35 . 2009-05-20 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-01 17:11 . 2009-10-21 19:01 -------- d-----w- c:\program files\LG PC Suite II
2010-01-29 21:01 . 2009-05-02 19:34 -------- d-----w- c:\program files\Google
2010-01-28 19:11 . 2009-11-14 21:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 19:10 . 2009-11-14 21:49 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-27 19:38 . 2009-05-21 14:24 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-23 11:26 . 2009-04-23 18:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:18 . 2009-04-15 14:37 -------- d-----w- c:\program files\Xfire
2010-01-18 14:32 . 2009-04-28 17:25 69232 ----a-w- c:\documents and settings\Marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-03 23:01 . 2010-01-03 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-03 22:52 . 2010-01-03 22:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-03 22:48 . 2010-01-03 22:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 21:37 . 2009-12-26 21:37 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-26 21:37 . 2009-12-26 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-12-25 16:39 . 2009-12-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-22 05:21 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-16 18:43 . 2009-04-14 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 22:14 . 2009-04-15 08:45 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-04-15 11:19 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2007-06-28 22:43 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2007-06-28 22:43 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2007-06-28 22:43 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2007-06-28 22:43 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2007-06-28 22:43 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2007-06-28 22:43 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-15_21.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 20:35 . 2010-02-18 20:35 16384 c:\windows\temp\Perflib_Perfdata_17c.dat
+ 2009-11-16 08:06 . 2009-11-16 08:06 55768 c:\windows\system32\drivers\epfwtdi.sys
+ 2010-02-16 20:48 . 2010-02-16 20:48 97360 c:\windows\Installer\{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}\egui.exe
+ 2010-02-16 20:48 . 2010-02-16 20:48 10134 c:\windows\Installer\{A32D29EB-F9F5-4F35-87F5-B638F818B0B0}\callmsi.exe
+ 2009-11-16 08:03 . 2009-11-16 08:03 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-11-16 07:56 . 2009-11-16 07:56 116520 c:\windows\system32\drivers\eamon.sys
+ 2010-02-16 20:48 . 2010-02-16 20:48 1140736 c:\windows\Installer\4178e0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-15 557056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marek\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Maminka\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\games\\Valve\\hl.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Marek\\Desktop\\Zbierka\\metin 2\\metin2.bin"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\condition zero\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\92_mikey_92\\day of defeat\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58722:TCP"= 58722:TCP:Pando Media Booster
"58722:UDP"= 58722:UDP:Pando Media Booster
"3094:UDP"= 3094:UDP:Windows Media Format SDK (firefox.exe)
"3095:UDP"= 3095:UDP:Windows Media Format SDK (firefox.exe)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29.5.2009 18:31 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.8.2009 15:38 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29.5.2009 18:30 348752]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 14:38]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 14:38]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\jxcd50ug.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://pokec.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-18 22:46:01
ComboFix-quarantined-files.txt 2010-02-18 21:45
ComboFix2.txt 2010-02-18 20:45
ComboFix3.txt 2010-02-17 21:55
ComboFix4.txt 2010-02-16 19:39
ComboFix5.txt 2010-02-18 21:39

Pre-Run: 5 616 148 480 bytes free
Post-Run: 5 597 409 280 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4CEDA28746B263245F7B3000C0831273

Mikey2692 · #57 Příspěvek od **Mikey2692** » 18 úno 2010 22:47

no vyzerá to tak že to zatial neštrajkuje nejako obzvlášť vela

#58 Příspěvek od **motji** » 18 úno 2010 22:51

Fajn, až budete mít čas, spustte ještě znovu Gmer a Webcureit.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- ]nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Při použití combofixu byl vypnut autorun - nefunguje automatické spouštění cd rom a pod. Doporučovala bych nechat vypnuté, ale pokud je chcete zapnout, zde je návod

Obrázek

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom] 
"AutoRun"=dword:00000001 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
-klikněte na uložit,
- pak na soubor standardně 2x klikněte a potvrďte dialogové okno.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Mikey2692 · #59 Příspěvek od **Mikey2692** » 18 úno 2010 23:19

ok ten sken s tým Dc. webom spravím až ked prídem zasa zo školy kedže to môže dlhšie trvať

potom sa ozvem zatial ide komp v pohode

#60 Příspěvek od **motji** » 18 úno 2010 23:21

No to doufám že jde v pohodě

, ale udělejte i sken Gmerem

VIRY.CZ

Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus

Re: Win32/Protector.G vírus