pomale pc . winesm32.exe ve startupu

[takjak]

Ahoj
prosim o kontrolu logu . pocitac blbne, je vytizeny na 100% a autoruns.exe minasel ve startupu winesm32.exe . spustil jsem bohuzel combofix misto rsitu, tak posilam vypis alespon z combofixu .
diky predem za radu

ComboFix 10-02-24.01 - HAHA 25.02.2010 1:01.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.625 [GMT 1:00]
Spuštěný z: c:\documents and settings\HAHA\Desktop\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HAHA\Application Data\avdrn.dat
c:\documents and settings\HAHA\My Documents\cc_20090115_221643.reg
c:\documents and settings\HAHA\My Documents\ZbThumbnail.info
c:\documents and settings\HAHA\Start Menu\Programs\Startup\winesm32.exe
c:\program files\INSTALL.LOG
c:\windows\BM4e38a79a.txt
c:\windows\BM4e38a79a.xml
c:\windows\EventSystem.log
c:\windows\system32\AdCache
c:\windows\system32\AdmDll.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\tdmwbpe.sys
c:\windows\system32\Memman.vxd
c:\windows\system32\raddrv.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tdmwbpe
-------\Service_tdmwbpe


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-25 do 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-24 23:35 . 2010-02-24 23:35 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-12 22:49 . 2010-02-12 22:49 -------- d-sh--w- c:\documents and settings\haha\IETldCache
2010-02-03 19:49 . 2010-02-03 19:49 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-03 19:47 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-03 19:47 . 2010-02-03 19:47 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-03 19:47 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-02-03 19:47 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-03 19:47 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-03 19:47 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-02-03 19:47 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-03 19:47 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 00:16 . 2003-12-24 16:52 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2010-02-25 00:16 . 2003-12-24 16:52 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2010-02-24 23:35 . 2010-02-24 23:35 12 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-02-23 01:08 . 2003-12-30 06:38 -------- d-----w- c:\program files\IrfanView
2010-02-16 22:30 . 2005-02-16 02:07 -------- d-----w- c:\program files\FlashGet
2010-02-13 03:10 . 2009-12-15 22:58 256 ----a-w- c:\windows\system32\pool.bin
2010-02-10 01:33 . 2005-07-11 23:23 -------- d-----w- c:\documents and settings\HAHA\Application Data\PC Suite
2010-02-10 01:33 . 2010-02-10 01:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-03 19:49 . 2004-04-01 00:12 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-03 19:49 . 2004-01-09 06:41 -------- d-----w- c:\program files\Nokia
2010-02-03 19:45 . 2010-02-03 19:45 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-03 19:45 . 2010-02-03 19:45 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-03 19:45 . 2010-02-03 19:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-03 19:45 . 2010-02-03 19:45 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-03 19:44 . 2007-07-24 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-02-03 19:44 . 2010-02-03 19:45 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng.exe
2010-01-25 20:11 . 2009-04-21 17:13 -------- d-----w- c:\program files\NetWorx
2008-09-02 19:56 . 2008-09-02 19:56 1371954 ----a-w- c:\program files\VirtualDub-1.8.5.zip
2008-07-23 20:35 . 2008-07-23 20:35 2538511 ----a-w- c:\program files\rviewer32exe.zip
2005-05-13 15:12 . 2005-05-13 15:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 09:13 . 2005-10-24 09:13 66560 --sha-r- c:\windows\MOTA113.exe
2007-12-19 23:05 . 2007-12-19 23:05 8192 --sha-w- c:\windows\o2cLicStore.bin
2005-10-13 19:27 . 2005-10-13 19:27 422400 --sha-r- c:\windows\x2.64.exe
2004-10-13 23:36 . 2004-10-13 23:36 56 --sha-r- c:\windows\system32\5025D14CDA.sys
2005-07-14 10:31 . 2005-07-14 10:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2006-02-27 23:20 . 2006-02-22 23:09 80 --sh--r- c:\windows\system32\B2E1B3F34A.dll
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sha-r- c:\windows\system32\cygz.dll
2007-08-01 23:02 . 2007-08-01 23:02 8 --sh--r- c:\windows\system32\D2C412EA17.sys
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-08-01 23:02 . 2007-08-01 23:02 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-04-27 08:24 . 2006-04-27 08:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sha-r- c:\windows\system32\x.264.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG.EXE -off" [X]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2010-01-24 2892288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\HAHA\Start Menu\Programs\Startup\
winesm32.PIF [2010-2-25 2855]

c:\documents and settings\HAHA\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-2 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 569405]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetWorx\\networx.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ2003\\Icq.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [11/15/2004 9:39 PM 6097]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [11/13/2005 11:43 PM 14336]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/11/2009 8:52 PM 38976]
R1 tvtool;tvtool;c:\program files\TVTool\TVTOOL.SYS [4/3/1996 7:33 PM 5248]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/25/2005 10:36 PM 2368]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [3/23/2004 10:08 PM 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [3/23/2004 10:08 PM 19534]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [6/24/2004 3:54 AM 23552]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [1/13/2006 2:52 PM 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [1/13/2006 2:52 PM 64896]
S3 ASANYs_guide6;Adaptive Server Anywhere - guide6;c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe -hvASANYs_guide6 --> c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe -hvASANYs_guide6 [?]
S3 ASANYs_guide8;Adaptive Server Anywhere - guide8;c:\program files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe -hvASANYs_guide8 --> c:\program files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe -hvASANYs_guide8 [?]
S3 ASANYs_infa;Adaptive Server Anywhere - infa;c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe -hvASANYs_infa --> c:\program files\sybase\adaptive server anywhere 6.0\win32\dbsrv6.exe -hvASANYs_infa [?]
S3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [3/5/2009 1:45 AM 16640]
S3 gtcdcmdm;Z010 USB CDC Driver (PID 3196);c:\windows\system32\drivers\zapp.sys [4/23/2007 11:58 PM 89856]
S3 IdcAdminService idcm1_admin;IDC Content Admin Service idcm1_admin;c:\stellent\idcm1\admin\bin\IdcAdminNT.exe [9/20/2005 11:32 PM 98304]
S3 IdcContentService idcm1;IDC Content Service idcm1;c:\stellent\idcm1\bin\IdcServerNT.exe [9/20/2005 11:32 PM 98304]
S3 IdcRefineryService idcm1;IDC Inbound Refinery Service idcm1;c:\stellent\idcrefinery\connections\main\IdcRefineryNT.exe [9/21/2005 10:08 PM 98304]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [9/24/2004 1:01 AM 59392]
S3 MSSQL$idc;MSSQL$idc;c:\stellent\msde\MSSQL$idc\Binn\sqlservr.exe -sidc --> c:\stellent\msde\MSSQL$idc\Binn\sqlservr.exe -sidc [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [7/29/2009 6:41 AM 32377]
S3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [5/27/2008 5:37 AM 349856]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [11/15/2004 9:39 PM 299923]
S3 SQLAgent$idc;SQLAgent$idc;c:\stellent\msde\MSSQL$idc\Binn\sqlagent.EXE -i idc --> c:\stellent\msde\MSSQL$idc\Binn\sqlagent.EXE -i idc [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-25 c:\windows\Tasks\startIE2.job
- C:\startIE2.vbs [2009-09-12 19:49]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 91.121.70.56:3128
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with &ZipScan - c:\progra~1\ZipScan\zs_ie.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail.profitest.eu/dwa85W.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-20-20 Version 6.1 - c:\2020v61\ComUninst32.exe
AddRemove-XPv3.8.330 - c:\windows\Radeon Omega Drivers v3.8.330



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 01:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ů•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\SYSTEM32\GEARSec.exe
c:\lotus\notes\nsd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\inetsrv\inetinfo.exe
.
**************************************************************************
.
Celkový čas: 2010-02-25 01:29:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-25 00:29
ComboFix2.txt 2008-07-16 20:35

Před spuštěním: 6 499 737 600 bytes free
Po spuštění: 7 146 143 744 bytes free

- - End Of File - - B1DFFB86465778781F560CD41F7B9FB1

[JaRon]

vycisti PC s MBAM v nudzovom rezime