virus Security tool

[stell]

nie, normalne z windows, spust RKILL a potom RSIT.,log vloz sem,

[Weenie]

omg neda sa to sem postnut ked kliknem na odeslat tak mi vypise vypadok pripojenia...skusal som to x krat a nic

[stell]

vloz to sem
http://leteckaposta.cz/
link vloz sem

[Weenie]

nejde to ani uploadnut skusal som letecku postu sendspace edisk uloztoo.....nejde to proste nechapem nejde mi upload alebo co? ale toto mi zverejni...?

[Weenie]

nejde to ani uploadnut skusal som letecku postu sendspace edisk uloztoo.....nejde to proste nechapem nejde mi upload alebo co? ale toto mi zverejni...?

tak to nechapem skusal som aj cez iny prehliadac

[stell]

dobre,nechaj to tak, pravdepodobne blokuje to security tool, alebo whistler bootkit, uvidime,, teraz sprav postupne toto:

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]
[EMPTYFLASH]
[Reboot]

Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[Weenie]

je to moc dlhe tak som ti to upol ten log...uz to islo:)

http://leteckaposta.cz/359958773

este to druhe ten tdsskiller idem treraz

[stell]

Ok,
Logy
TDSSKILLER.txt
Combofix.txt
vloz sem

[Weenie]

TDSSKILLER:

2010/08/24 15:36:33.0828 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 15:36:33.0828 ================================================================================
2010/08/24 15:36:33.0828 SystemInfo:
2010/08/24 15:36:33.0828
2010/08/24 15:36:33.0828 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 15:36:33.0828 Product type: Workstation
2010/08/24 15:36:33.0828 ComputerName: TATD
2010/08/24 15:36:33.0828 UserName: tam
2010/08/24 15:36:33.0828 Windows directory: C:\WINDOWS
2010/08/24 15:36:33.0828 System windows directory: C:\WINDOWS
2010/08/24 15:36:33.0828 Processor architecture: Intel x86
2010/08/24 15:36:33.0828 Number of processors: 2
2010/08/24 15:36:33.0828 Page size: 0x1000
2010/08/24 15:36:33.0828 Boot type: Safe boot with network
2010/08/24 15:36:33.0828 ================================================================================
2010/08/24 15:36:34.0171 Initialize success
2010/08/24 15:36:53.0750 ================================================================================
2010/08/24 15:36:53.0750 Scan started
2010/08/24 15:36:53.0750 Mode: Manual;
2010/08/24 15:36:53.0750 ================================================================================
2010/08/24 15:36:55.0343 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 15:36:55.0390 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 15:36:55.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 15:36:55.0500 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 15:36:55.0671 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/24 15:36:55.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 15:36:55.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 15:36:56.0000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 15:36:56.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 15:36:56.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 15:36:56.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 15:36:56.0187 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 15:36:56.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 15:36:56.0281 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 15:36:56.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 15:36:56.0640 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 15:36:56.0718 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 15:36:56.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 15:36:56.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 15:36:56.0890 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/08/24 15:36:56.0921 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/08/24 15:36:56.0953 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/08/24 15:36:56.0984 dot4usb (ccc4092dfc85336f2e1c142483adeb42) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/08/24 15:36:57.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 15:36:57.0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 15:36:57.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/24 15:36:57.0234 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 15:36:57.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/24 15:36:57.0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/24 15:36:57.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 15:36:57.0421 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 15:36:57.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 15:36:57.0593 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/08/24 15:36:57.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/24 15:36:57.0984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 15:36:58.0218 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 15:36:58.0484 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/08/24 15:36:58.0531 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 15:36:58.0765 IntcAzAudAddService (8cd7f3fb0b2418af79914adb1e265184) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/24 15:36:58.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/24 15:36:58.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 15:36:59.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 15:36:59.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 15:36:59.0062 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 15:36:59.0109 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/24 15:36:59.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 15:36:59.0171 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/08/24 15:36:59.0203 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 15:36:59.0250 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 15:36:59.0296 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/24 15:36:59.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 15:36:59.0375 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 15:36:59.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 15:36:59.0593 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 15:36:59.0640 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 15:36:59.0687 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 15:36:59.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 15:36:59.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 15:36:59.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 15:36:59.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 15:37:00.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 15:37:00.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 15:37:00.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 15:37:00.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 15:37:00.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 15:37:00.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 15:37:00.0343 Ndisprot (a3b80c6e0774815c362aeb5ed5ac047d) C:\WINDOWS\system32\drivers\Ndisprot.sys
2010/08/24 15:37:00.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 15:37:00.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 15:37:00.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 15:37:00.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 15:37:00.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 15:37:00.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 15:37:00.0687 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 15:37:00.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 15:37:00.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 15:37:01.0218 nv (da8c5723ad3a73f57ffd4dd64aba2c77) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/24 15:37:01.0671 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/08/24 15:37:01.0687 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/08/24 15:37:01.0718 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/08/24 15:37:01.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 15:37:01.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 15:37:01.0921 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 15:37:01.0937 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 15:37:02.0000 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 15:37:02.0062 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/24 15:37:02.0109 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 15:37:02.0187 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 15:37:02.0234 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 15:37:02.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 15:37:02.0531 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/24 15:37:02.0593 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 15:37:02.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 15:37:02.0703 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/24 15:37:02.0921 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 15:37:02.0953 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/24 15:37:03.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 15:37:03.0046 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 15:37:03.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 15:37:03.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 15:37:03.0156 RDPCDD (6fd57a87157ff84a7cffaf49f425aad7) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 15:37:03.0156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 6fd57a87157ff84a7cffaf49f425aad7, Fake md5: 4912d5b403614ce99c28420f75353332
2010/08/24 15:37:03.0156 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/24 15:37:03.0218 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 15:37:03.0296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 15:37:03.0343 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 15:37:03.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 15:37:03.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 15:37:03.0625 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 15:37:03.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 15:37:03.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 15:37:03.0890 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/24 15:37:03.0984 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 15:37:04.0015 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 15:37:04.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 15:37:04.0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 15:37:04.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 15:37:04.0390 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 15:37:04.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 15:37:04.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 15:37:04.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 15:37:04.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 15:37:04.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 15:37:04.0812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 15:37:04.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 15:37:04.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 15:37:04.0921 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/24 15:37:04.0968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/24 15:37:05.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/24 15:37:05.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 15:37:05.0140 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 15:37:05.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 15:37:05.0281 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/24 15:37:05.0343 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 15:37:05.0500 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/24 15:37:05.0593 ================================================================================
2010/08/24 15:37:05.0593 Scan finished
2010/08/24 15:37:05.0593 ================================================================================
2010/08/24 15:37:05.0609 Detected object count: 1
2010/08/24 15:37:20.0250 RDPCDD (6fd57a87157ff84a7cffaf49f425aad7) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 15:37:20.0250 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 6fd57a87157ff84a7cffaf49f425aad7, Fake md5: 4912d5b403614ce99c28420f75353332
2010/08/24 15:37:21.0484 Backup copy found, using it..
2010/08/24 15:37:21.0515 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured after reboot
2010/08/24 15:37:21.0515 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure
2010/08/24 15:38:06.0203 Deinitialize success

[stell]

dobre, bolo tam infikovany miniport driver, TDSSKILLER vyliecil,, pokracuj combofixom.

[Weenie]

COMBOFIX

ComboFix 10-08-23.02 - tam . 08. 2010 16:11:17.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.991.649 [GMT 2:00]
Running from: c:\documents and settings\tam\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\\setup.exe
c:\program files\Setup.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
S:\Autorun.inf

-- Previous Run --

c:\windows\system32\spoolsv.exe . . . is infected!!

--------

c:\windows\system32\spoolsv.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 13:14 . 2010-08-24 13:14 -------- d-----w- C:\_OTM
2010-08-24 11:55 . 2010-08-24 11:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 11:30 . 2010-08-24 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 10:14 . 2010-08-24 12:40 -------- d-----w- c:\program files\trend micro
2010-08-24 10:07 . 2010-08-24 10:07 -------- d-----w- c:\windows\RegLooks
2010-08-24 10:03 . 2010-08-24 13:05 -------- d-----w- C:\rsit
2010-08-23 22:41 . 2010-08-23 22:41 -------- d-----w- c:\program files\Magic Bullet Suite 2.1
2010-08-23 22:40 . 2010-08-23 22:44 -------- d-----w- c:\program files\Magic Bullet Looks
2010-08-23 21:42 . 2004-10-03 15:41 167936 ----a-w- c:\windows\system32\Engine3D.dll
2010-08-23 21:34 . 2005-11-20 18:42 3272704 ----a-w- c:\windows\system32\sapphire_ae.dll
2010-08-23 12:16 . 2010-08-23 12:16 -------- d-----w- C:\NVIDIA
2010-08-23 11:50 . 2010-08-23 11:50 -------- d-----w- c:\program files\Magic Bullet Mojo Vegas
2010-08-23 11:47 . 2010-08-23 11:47 59392 --sha-r- c:\windows\system32\kbdfi9.dll
2010-08-23 11:47 . 2010-08-23 11:47 50400 ----a-w- c:\windows\system32\uepzunjvwporzc.exe
2010-08-22 07:47 . 2010-08-22 07:47 -------- d-----w- c:\program files\Audacity1.2.6
2010-08-22 07:05 . 2010-08-22 07:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-20 09:02 . 2010-08-20 09:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 19:52 . 2010-08-19 19:52 -------- d-----w- c:\program files\Cycore FX 1.0.1
2010-08-07 18:31 . 2010-08-07 18:31 -------- d-----w- c:\program files\Digieffects
2010-08-03 10:53 . 2010-08-03 10:53 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-08-03 10:53 . 2010-08-03 10:53 -------- d-----w- C:\Presets
2010-08-03 10:51 . 2010-08-03 10:51 36868 ----a-w- c:\program files\uninst-Lux.exe
2010-08-03 10:50 . 2010-08-03 10:50 -------- d-----w- c:\program files\Trapcode Form
2010-08-03 10:47 . 2010-08-03 10:49 36868 ----a-w- c:\program files\uninst-Echospace.exe
2010-08-03 10:45 . 2010-08-03 10:56 -------- d-----w- c:\program files\Trapcode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 14:03 . 2008-05-24 13:25 -------- d-----w- c:\program files\Steam
2010-08-24 13:39 . 2001-10-25 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-08-23 22:41 . 2010-08-23 22:41 3932 ----a-w- c:\program files\mbsuite21.log
2010-08-23 12:08 . 2009-11-24 20:14 -------- d-----w- c:\program files\BitComet
2010-08-21 15:22 . 2010-01-27 11:35 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-08-16 12:18 . 2009-12-11 13:02 -------- d-----w- c:\program files\Absolute Poker
2010-08-15 07:54 . 2010-06-24 16:02 -------- d-----w- c:\program files\ICQ7.2
2010-08-03 10:56 . 2010-08-03 10:56 1999 ----a-w- c:\program files\trapcodeStarglow.log
2010-08-03 10:55 . 2010-08-03 10:55 1972 ----a-w- c:\program files\trapcodeShine.log
2010-08-03 10:50 . 2010-08-03 10:50 19549 ----a-w- c:\program files\trapcodeform.log
2010-08-03 10:45 . 2010-08-03 10:45 4556 ----a-w- c:\program files\trapcode3Dstroke.log
2010-07-22 16:58 . 2009-08-25 20:54 -------- d-----w- c:\program files\Boris FX, Inc
2010-07-22 16:57 . 2010-07-22 16:57 -------- d-----w- c:\program files\GenArts
2010-07-07 10:47 . 2009-12-20 13:30 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-07-06 16:51 . 2010-07-06 16:36 -------- d-----w- c:\program files\New Star Soccer 2
2010-07-06 16:36 . 2010-07-03 19:08 63473 ----a-w- c:\windows\system32\SpoonUninstall-New Star Soccer 2.dat
2010-07-06 16:36 . 2010-07-03 19:08 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-06 16:27 . 2010-01-08 21:10 -------- d-----w- c:\program files\CamStudio
2010-07-05 21:21 . 2009-12-27 23:20 -------- d-----w- c:\program files\DivX
2010-07-02 20:16 . 2009-08-29 18:04 -------- d-----w- c:\program files\EslWire
2010-07-01 12:18 . 2010-07-01 12:14 -------- d-----w- c:\program files\LEGO Company
2010-06-17 09:25 . 2001-10-25 12:00 804456 ----a-w- c:\windows\system32\perfh005.dat
2010-06-17 09:25 . 2001-10-25 12:00 289656 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 11:56 . 2008-05-21 20:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 10:45 . 2010-01-02 10:34 91849619 ----a-w- c:\program files\rsk55ind.zip
2007-07-17 11:13 . 2007-07-12 09:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
2005-06-13 11:46 . 2009-02-28 22:13 45 ----a-w- c:\program files\Setup.Ini
2001-09-25 20:05 . 2009-02-28 22:13 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 23:04 . 2009-02-28 22:13 1821008 ----a-w- c:\program files\InstMsiW.Exe
.

------- Sigcheck -------

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2009-02-09 . D41D8CD98F00B204E9800998ECF8427E . 113152 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 567090A92EF6686F5BE2176B69E41DEC . 58880 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-05-07 . F587B0981034E79FF9C447C16CB66380 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Octoshape Streaming Services"="c:\documents and settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"46357"="c:\docume~1\tam\LOCALS~1\DATAAP~1\46357.exe" [2010-08-24 1026560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AfaKq"= {F073992E-5AD9-3384-04FA-03BCC1CFCF69} - c:\windows\system32\tnd.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\lukesin15\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\tam\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\tam\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hlds.exe"=
"c:\\Documents and Settings\\tam\\Plocha\\NOVE MOVIE\\genArts sapphire plugins\\GENARTS_SAPPHIRE\\rlm.exe"=
"c:\\Program Files\\GenArts\\rlm\\rlm.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12817:TCP"= 12817:TCP:BitComet 12817 TCP
"12817:UDP"= 12817:UDP:BitComet 12817 UDP
"14457:TCP"= 14457:TCP:BitComet 14457 TCP
"14457:UDP"= 14457:UDP:BitComet 14457 UDP

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 5. 2008 22:04 691696]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee);c:\program files\Google\Update\GoogleUpdate.exe [24. 2. 2009 17:30 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2. 7. 2008 19:21 246520]
S2 RLM-GenArts;RLM-GenArts;c:\program files\GenArts\rlm\rlm.exe [22. 7. 2010 19:00 1540096]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [25. 11. 2008 20:42 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 19:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} - hxxp://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - hxxp://televizia.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\tam\Data aplikací\Mozilla\Firefox\Profiles\p79xkhnr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-c:\windows\system32\kdrqu.exe - c:\windows\system32\kdrqu.exe
Notify-winveg32 - winveg32.dll
SafeBoot-klmdb.sys
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Water v 1.03. for Adobe After Effects_is1 - c:\program files\Adobe\After Effects 6.5\Support Files\Plug-ins\Panopticum\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\tam\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 16:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,4e,ec,71,67,9b,e6,a3,97,38,64,42,ea,66,3b,bb,27,7d,75,f5,12,32,38,
09,1d,e7,ce,e6,cf,f4,9c,f3,d3,87,c3,b7,3c,ec,71,9a,ca,c3,9e,35,36,37,b5,f9,\
"??"=hex:24,87,4a,ae,2e,96,d4,2c,9e,c5,0a,7e,0a,a2,54,3e

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,54,bc,21,be,e4,ee,9c,b9,6e,d9,29,25,7a,20,c9,03,69,b0,e1,e0,
02,47,b9,00,b5,35,a8,40,7d,23,0d,d8,90,db,6f,04,42,40,66,84,04,3a,d5,3a,ad,\
"rkeysecu"=hex:c9,cf,ca,23,e6,27,fa,31,26,64,84,09,80,f6,2f,25

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="13?¨5c?00001'\185daa8"
"NoPollSucceed"="{3E6420DF-2EB4-9D67-965E-FA089F1291D5}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455432:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{76BDB40C-968B-8E4E-277B-785FCC40D09C}\Version 1.1]
@DACL=
"dat"="806585365:{9A4BEEAA-58C2-3121-CD00-595F9999DB65}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455453:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{2C1CB378-14E9-6E8F-37F3-7E6A2B48EE42}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232075:{CC49DEC1-5F2E-2269-2EB9-A59FD5C08B2D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{2C1CB378-14E9-6E8F-37F3-7E6A2B48EE42}*\Install*Loc\xga-3v5\dat]
@DACL=
"default"="516232032:{030CD98B-0CE6-FD27-08E8-3285ED8A7C89}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{76BDB40C-968B-8E4E-277B-785FCC40D09C}\Version 3.x]
@DACL=
"dat"="1767914624:{31AE5B43-DF01-8293-87F3-15295894EA71}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="13­A45d665cQ¬ 745bf"
"ChkAppHelp"="{FF50D7F1-4D29-3BAA-D337-A572A5AAAFDF}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714932:{899AEF7A-C970-589E-3477-DA3D1F0AA3A6}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-3v5\ver]
@DACL=
"KnownSvcs"="923714975:{57301480-335F-F3AD-4E43-AFD920D78D8D}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521760:{8EE8EBB7-8779-40F7-4D39-6FC7317906CA}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-3v5\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521675:{3E6A452B-F43C-0927-D234-BEDD49471FB8}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="0:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
Completion time: 2010-08-24 16:19:58
ComboFix-quarantined-files.txt 2010-08-24 14:19

Pre-Run: Volných bajtů: 48 124 567 552
Post-Run: Volných bajtů: 48 089 591 808

- - End Of File - - 33B81923993D8E849C174B1BDE2805F2

[Weenie]

mal som tam jeden problem po prvom skenovani combofixom sa restartoval comp a po spusteni mi ten drbnuty security tool prerusil combofix...a log nebol kompletny tak som to musel oskenovat este raz...bude tam nejaky rozdiel v logu? vides z toho?

[stell]

ok, vsetko v pohode,
otestuj na www.virustotal.com
c:\windows\system32\tnd.dll
link z testu vloz sem.

[Weenie]

hmm stale je tam okno sending file ale uz snad 10 min... pritom to ma mozno 20kb...to ma trvat tak dlho ci to mam poslat este raz?

[stell]

nie,
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Collect::
c:\windows\system32\tnd.dll
FCOPY::
c:\WINDOWS\ServicePackFiles\i386\lsass.exe | c:\windows\system32\lsass.exe
c:\WINDOWS\ServicePackFiles\i386\spoolsv.exe | c:\windows\system32\spoolsv.exe
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe | c:\windows\system32\services.exe
c:\WINDOWS\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\WINDOWS\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe
c:\WINDOWS\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
c:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll | c:\windows\system32\sfcfiles.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"46357"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AfaKq"=-
Rootkit::
c:\docume~1\tam\LOCALS~1\DATAAP~1\46357.exe
DDS::
uStart Page = hxxp://start.icq.com/
FireFox::
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.4&q=
RegNull::
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{2C1CB378-14E9-6E8F-37F3-7E6A2B48EE42}*\Install*Loc\xga-3v5\dat]
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-3v5\ver]
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-1\Install*Loc]
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-3v5\Install*Loc]
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{76BDB40C-968B-8E4E-277B-785FCC40D09C}\Version 1.1]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{2C1CB378-14E9-6E8F-37F3-7E6A2B48EE42}*\Install*Loc\xga-1\dat]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{2C1CB378-14E9-6E8F-37F3-7E6A2B48EE42}*\Install*Loc\xga-3v5\dat]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{76BDB40C-968B-8E4E-277B-785FCC40D09C}\Version 3.x]
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-3v5\ver]
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-1\Install*Loc]
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{DDA43E01-8165-BC98-9A5E-4B7E6E920C0D}\xga-3v5\Install*Loc]
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
Driver::
ICQ Service

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí