nod detekuje virus

Zpráva

herodesominv · #1 Příspěvek od **herodesominv** » 28 led 2011 09:38

Objekt "ezula Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

zavireny PC
nod detekuje trojskeho kona a na USB vytvara zastupcov s priponou EXE
mwav nasiel toto

#2 Příspěvek od **JaRon** » 28 led 2011 09:43

MWAV uz istu dobu nepatri ku spicke ,,,
vloz log RSIT a uvidime

herodesominv · #3 Příspěvek od **herodesominv** » 28 led 2011 09:49

samozrejme, to som sa pokusil prist sam na koren ale hned som aj rsit:

Logfile of random's system information tool 1.08 (written by random/random)
Run by obvodne at 2011-01-28 08:42:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (65%) free of 38 GB
Total RAM: 503 MB (20% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-13 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2011-01-13 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-13 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-16 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-11-29 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-08 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SymmTime.lnk - C:\Program Files\Symmetricom\SymmTime\SymmTime.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-01-28 08:42:27 ----D---- C:\Program Files\trend micro
2011-01-28 08:42:26 ----D---- C:\rsit
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\VDLL.DLL
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\rundll16.exe
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\logo1_.exe
2011-01-28 07:34:13 ----AD---- C:\WINDOWS\logo_1.exe
2011-01-28 07:31:29 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-01-28 07:31:28 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-01-28 07:31:27 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-01-28 07:31:20 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-01-28 07:31:20 ----A---- C:\WINDOWS\system32\T.COM
2011-01-28 07:31:20 ----A---- C:\WINDOWS\R.COM
2011-01-28 07:31:19 ----A---- C:\WINDOWS\REGEDIT.COM
2011-01-28 07:31:17 ----D---- C:\Program Files\Common Files\MicroWorld
2011-01-28 07:31:12 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2011-01-27 15:03:53 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2011-01-27 15:03:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-27 15:03:44 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-27 15:03:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-27 15:03:40 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-27 13:33:35 ----SHD---- C:\RECYCLER
2011-01-27 13:08:04 ----D---- C:\WINDOWS\temp
2011-01-27 13:08:02 ----A---- C:\ComboFix.txt
2011-01-27 13:00:00 ----A---- C:\WINDOWS\zip.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\SWSC.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\SWREG.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\sed.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\PEV.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\MBR.exe
2011-01-27 13:00:00 ----A---- C:\WINDOWS\grep.exe
2011-01-27 12:59:51 ----D---- C:\WINDOWS\ERDNT
2011-01-27 12:58:42 ----D---- C:\Qoobox
2011-01-26 15:47:34 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-13 22:24:42 ----D---- C:\WINDOWS\ie8updates
2011-01-13 22:23:05 ----D---- C:\WINDOWS\WBEM
2011-01-13 22:21:21 ----HDC---- C:\WINDOWS\ie8
2011-01-13 22:21:21 ----D---- C:\WINDOWS\system32\sk-SK
2011-01-13 21:47:43 ----A---- C:\WINDOWS\system32\normaliz.dll
2011-01-13 21:47:43 ----A---- C:\WINDOWS\system32\nlsdl.dll
2011-01-13 21:47:43 ----A---- C:\WINDOWS\system32\msdbg2.dll
2011-01-13 21:47:43 ----A---- C:\WINDOWS\system32\ieudinit.exe
2011-01-13 21:47:43 ----A---- C:\WINDOWS\system32\idndl.dll
2011-01-13 21:47:42 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2011-01-13 21:47:41 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2011-01-13 21:47:39 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2011-01-13 21:47:39 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2011-01-13 21:47:39 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-01-13 21:47:39 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-01-13 21:47:38 ----N---- C:\WINDOWS\system32\ieui.dll
2011-01-13 21:47:38 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2011-01-13 21:47:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-01-13 21:47:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-01-13 21:47:33 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2011-01-13 21:47:33 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2011-01-13 21:47:33 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2011-01-13 21:47:33 ----N---- C:\WINDOWS\system32\icardie.dll
2011-01-13 21:47:32 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2011-01-08 20:56:25 ----D---- C:\Documents and Settings\user\Application Data\Google
2011-01-08 20:55:26 ----D---- C:\Program Files\Google
2011-01-08 20:55:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 1 months======

2011-01-28 08:42:36 ----D---- C:\WINDOWS\Prefetch
2011-01-28 08:42:27 ----RD---- C:\Program Files
2011-01-28 08:42:26 ----D---- C:\Install
2011-01-28 08:42:14 ----A---- C:\WINDOWS\wincmd.ini
2011-01-28 07:34:13 ----D---- C:\WINDOWS\system32
2011-01-28 07:34:13 ----D---- C:\WINDOWS
2011-01-28 07:31:17 ----D---- C:\Program Files\Common Files
2011-01-27 15:03:44 ----D---- C:\WINDOWS\system32\drivers
2011-01-27 13:05:25 ----A---- C:\WINDOWS\system.ini
2011-01-27 13:05:16 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-27 13:03:36 ----D---- C:\WINDOWS\AppPatch
2011-01-27 13:00:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-27 13:00:06 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-27 12:59:49 ----A---- C:\WINDOWS\ZoneLib-DisplayNames.ini
2011-01-27 12:59:49 ----A---- C:\WINDOWS\SymmTime.ini
2011-01-27 12:19:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-26 15:47:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-01-24 17:09:57 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2011-01-21 13:09:07 ----SHD---- C:\WINDOWS\CSC
2011-01-16 15:01:25 ----D---- C:\WINDOWS\network diagnostic
2011-01-14 08:21:52 ----HD---- C:\WINDOWS\inf
2011-01-14 03:00:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-13 22:31:29 ----D---- C:\WINDOWS\Help
2011-01-13 22:31:29 ----D---- C:\Program Files\Internet Explorer
2011-01-13 22:29:39 ----SHD---- C:\WINDOWS\Installer
2011-01-13 22:26:58 ----A---- C:\WINDOWS\imsins.BAK
2011-01-13 22:26:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-13 22:23:12 ----D---- C:\WINDOWS\system32\config
2011-01-13 22:22:56 ----D---- C:\WINDOWS\Media
2011-01-09 03:33:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-01-09 03:01:01 ----D---- C:\Program Files\Outlook Express
2011-01-08 20:56:10 ----SD---- C:\WINDOWS\Tasks
2011-01-04 17:20:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2008-06-06 98816]
S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2004-06-17 708608]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NDNKlient;NDNKlient; C:\NDN Klient v7\srvany.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#4 Příspěvek od **motji** » 28 led 2011 10:48

Na žádost po sz

Hezké dopoledne

To co našel mwaw, jsou jen neškodné zbytky v registrech. Co počítač trápí?
Vidím, že jste dělal combofix, poprosím o jeho log
C:\ComboFix.txt

#5 Příspěvek od **JaRon** » 28 led 2011 10:49

citat:

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

herodesominv · #6 Příspěvek od **herodesominv** » 28 led 2011 10:56

to co som pisal v prvom prispevku, nod detekuje trojskeho kona a na USB vytvara zastupcov s priponou EXE

USB su vsetky naformatovane a utilitkou flasdesinfector bol na nich vytvoreny autorun.inf ...

nelakajte sa, na PC pouzivam vzdialenu spravu remote admin

ComboFix 11-01-26.01 - obvodne 27.01.2011 13:01:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.503.228 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\raddrv.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-26 14:53 . 2011-01-26 14:53 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ESET
2011-01-26 14:47 . 2011-01-27 01:04 -------- d-----w- c:\windows\system32\NtmsData
2011-01-16 13:59 . 2011-01-16 13:59 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2011-01-13 21:32 . 2011-01-13 21:32 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2011-01-13 21:31 . 2011-01-13 21:31 -------- d-sh--w- c:\documents and settings\user\IETldCache
2011-01-13 21:21 . 2011-01-13 21:23 -------- dc-h--w- c:\windows\ie8
2011-01-13 21:21 . 2011-01-13 21:23 -------- d-----w- c:\windows\system32\sk-SK
2011-01-13 21:14 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-13 21:05 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-13 21:05 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-13 21:05 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-13 21:05 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-13 21:05 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-13 21:05 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-13 21:05 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-09 01:01 . 2011-01-09 01:01 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2011-01-08 20:21 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-08 20:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-08 20:01 . 2011-01-08 20:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-08 19:56 . 2011-01-08 19:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-08 19:56 . 2011-01-13 21:32 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2011-01-08 19:55 . 2011-01-08 19:56 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-01-22 13:08 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-03 22:56 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 14:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2004-12-08 09:39 . 2010-11-16 10:29 138 ----a-w- c:\program files\Zmaz_index_pri_chybe_profilu.cmd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-16 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SymmTime.lnk - c:\program files\Symmetricom\SymmTime\SymmTime.exe [2010-2-11 778240]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:radm

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [9.3.2010 7:35 708608]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.1.2011 20:56 136176]
.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 19:56]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-phqghu.exe - c:\windows\system32\phqghu.exe
HKLM-Run-phqghu.exe - c:\windows\system32\phqghu.exe
HKLM-Explorer_Run-phqghu.exe - c:\windows\system32\phqghu.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 13:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-27 13:08:02
ComboFix-quarantined-files.txt 2011-01-27 12:07

Pre-Run: 26 238 189 568 bytes free
Post-Run: 26 185 400 320 bytes free

- - End Of File - - 705B71AD249082F4118DC53A6124E5FC

#7 Příspěvek od **JaRon** » 28 led 2011 12:24

no rad by som videl log z USBFix + prip. vloz hlasku NOD-u

herodesominv · #8 Příspěvek od **herodesominv** » 01 úno 2011 10:24

v node to boli vacsinou hlasky z Jednotiek E F a pod. takze flasky, tie som poriesil. este tam boli system volume information takze idem zakazat a restart aby sa to zmazalo a boli tam ale aj nejake z adresara system32 exacove subory ale to je uz par dni do zadu takze snad si nod poradil. ak nie budem pokracovat v tomto vlakne ci ak to volate alebo po zamkunuti zalozim nove, ale zatial dakujem

#9 Příspěvek od **JaRon** » 01 úno 2011 10:30

jak Ti je libo my sme tu stale

VIRY.CZ

nod detekuje virus

nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus

Re: nod detekuje virus