Prosím o kontrolu logu

Zpráva

busy · #1 Příspěvek od **busy** » 20 pro 2010 13:53

Firewall mi ukázal že NewDotNet se pokouší připoji k internetu,zjistil jsem si co je to za program.Tak jsem ho zkoušel přes Spybot a Antivir odstranit,ale nepodařilo se jim to.Pokusil jsem se ho také odinstalovat(jak jsem se tu dočetl).Pořád ale zůstaly po něm soubory které nešly odstranit.Dočetl jsem se tu o ComboFixu tak jsem to zkusil a podařilo se to.Prosím o kontrolu logu.Předem děkuji.

ComboFix 10-12-18.01 - Marek 19.12.2010 10:25:19.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.516 [GMT 1:00]
Spuštěný z: c:\filmy\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\NDNuninstall5_64.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-19 do 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-18 10:50 . 2010-12-18 10:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2010-12-17 23:03 . 2010-12-17 23:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Extreme Picture Finder
2010-12-17 22:56 . 2010-12-17 22:56 8464 ----a-w- c:\windows\system32\sporder.dll
2010-12-17 22:55 . 2010-12-18 21:27 -------- d-----w- c:\program files\Kool Musik
2010-12-17 22:21 . 2010-12-17 22:23 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\BearShare
2010-12-17 22:20 . 2010-12-18 10:50 -------- d-----w- c:\program files\BearShare Applications
2010-12-17 22:19 . 2010-12-17 22:19 -------- d-----w- c:\documents and settings\Marek\Local Settings\Data aplikací\PackageAware
2010-12-17 16:30 . 2010-12-17 16:35 -------- d-----w- c:\documents and settings\Tonířek\Data aplikací\Apple Computer
2010-12-17 16:30 . 2010-12-17 16:30 -------- d-----w- c:\documents and settings\Tonířek\Local Settings\Data aplikací\Apple Computer
2010-12-15 13:44 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 13:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-12 15:43 . 2010-12-12 15:45 -------- d-----w- c:\program files\Liška Ryška - nová dobrodružství
2010-12-12 15:36 . 2010-02-14 13:52 -------- d-----w- C:\spidla
2010-12-10 16:51 . 2010-12-10 16:51 -------- d-----w- c:\program files\Common Files\Skype
2010-12-05 22:32 . 2010-12-05 22:32 -------- d-----w- C:\ProgramData
2010-12-05 22:30 . 2010-10-27 17:25 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-05 22:30 . 2010-10-27 17:21 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-05 22:30 . 2010-12-07 18:13 -------- d-----w- c:\program files\TuneUp Utilities 2011
2010-12-05 22:21 . 2010-12-05 22:21 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-05 18:06 . 2010-12-06 22:04 -------- d-----w- C:\BywifiShare
2010-12-05 18:06 . 2010-12-05 18:34 -------- d-----w- C:\BywifiSave
2010-12-05 18:06 . 2010-12-05 19:29 -------- d-----w- c:\program files\Bywifi
2010-11-22 20:21 . 2010-11-22 20:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 10:28 . 2010-11-28 16:31 -------- d-----w- c:\program files\Včeličky
2010-11-20 10:26 . 2010-11-20 10:26 -------- d-----w- c:\program files\Roboball

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2010-07-30 10:36 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-17 13:44 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-25 124224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"µTorrent"=c:\program files\uTorrent\utorrent.exe
"bywifi"=c:\program files\Bywifi\bywifi.exe "-silent"
"getfreemp3"=c:\program files\GetFreeMP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"bywifi"=c:\program files\Bywifi\bywifi.exe "-silent"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.7.2010 14:24 721904]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [25.3.2010 19:07 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [30.7.2010 12:25 70728]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.9.2010 22:07 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [30.7.2010 14:30 88176]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [28.10.2010 14:40 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [28.10.2010 14:40 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [28.10.2010 14:40 38784]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [30.7.2010 12:25 66600]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-07-30 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\8swidpk4.default\
FF - prefs.js: browser.search.selectedEngine - BezpeÄŤnĂ© vyhledĂˇvĂˇnĂ
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Live PageRank: {8061ddcf-3632-4287-8d8a-133e219ae838} - %profile%\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 10:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-12-19 10:30:35
ComboFix-quarantined-files.txt 2010-12-19 09:30

Před spuštěním: Volných bajtů: 22 152 908 800
Po spuštění: Volných bajtů: 22 559 326 208

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EBF126E8DC9D53E19726EFDD68857560

#2 Příspěvek od **JaRon** » 20 pro 2010 14:00

preventivne prescanuj PC s MBAM

busy · #3 Příspěvek od **busy** » 20 pro 2010 14:13

O tom jsem se tu taky dočetl a stáhnul ho a kontrola byla v pořádku.

busy · #4 Příspěvek od **busy** » 21 pro 2010 14:26

díky za kontrolu

#5 Příspěvek od **JaRon** » 21 pro 2010 14:53

za malo

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu