Re: Wigon.MM a siszyd32.exe prosím o pomoc
Napsal: 20 pro 2009 18:34
Není zač 
Dobrý den já mám celou stáj trojanu Nod 32 , mimochodem zakoupený detekoval a dal do karantény. Wogona, Downloaedra, 12 dalších prosím o pomoc
ComboFix 10-02-08.02 - Miroslav Babušek 09.02.2010 1:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2559.2171 [GMT 1:00]
Spuštěný z: c:\documents and settings\Miroslav Babušek\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\STEC3.sys
c:\windows\UA000106.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_STEC3
-------\Service_STEC3
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-09 do 2010-02-09 )))))))))))))))))))))))))))))))
.
2010-02-07 13:49 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-07 13:49 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-07 13:49 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-07 13:49 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-07 13:49 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-07 13:48 . 2010-02-07 13:49 -------- d-----w- c:\program files\Trojan Remover
2010-02-07 13:26 . 2010-02-07 13:26 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-02-07 12:45 . 2010-02-07 12:45 -------- d-----w- c:\windows\ERUNT
2010-02-07 12:41 . 2010-02-07 12:41 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-07 12:35 . 2010-02-07 13:37 -------- d-----w- C:\SDFix
2010-01-26 16:52 . 2010-01-26 16:53 -------- d-----w- c:\program files\Penezni denik
2010-01-14 22:14 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-01-14 22:14 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-01-14 22:14 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-01-14 22:14 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-01-14 22:14 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-01-14 22:14 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-01-14 22:13 . 2010-01-14 22:14 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-01-14 22:11 . 2002-03-17 01:00 7420 ----a-w- c:\windows\UA000104.DLL
2010-01-14 22:01 . 2010-01-14 22:01 -------- d-----w- c:\program files\Windows Media Components
2010-01-14 21:58 . 2010-01-14 22:13 -------- d-----w- c:\program files\Corel
2010-01-12 19:05 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 00:23 . 2007-03-05 13:00 -------- d-----w- c:\program files\lg_fwupdate
2010-02-09 00:20 . 2009-05-28 13:54 -------- d-----w- c:\program files\ICQ6.5
2010-02-08 21:21 . 2009-09-03 16:33 -------- d-----w- c:\program files\Gamenext
2010-02-08 20:54 . 2007-02-17 01:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-03 11:53 . 2009-05-24 21:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 14:57 . 2009-05-04 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 14:13 . 2008-09-26 19:29 -------- d-----w- c:\program files\Spyware Terminator
2010-01-14 22:14 . 2007-02-08 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:07 . 2009-05-04 02:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-05-04 02:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 16:46 . 2009-12-30 14:21 -------- d-----w- c:\program files\Gamesgames.com
2010-01-01 16:34 . 2010-01-01 16:34 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-01-01 15:58 . 2010-01-01 15:57 -------- d-----w- c:\program files\Zylom Games
2010-01-01 09:18 . 2009-11-21 13:01 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-01 09:17 . 2009-11-21 12:40 -------- d-----w- c:\program files\Nokia
2010-01-01 09:17 . 2010-01-01 09:17 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 20:20 . 2008-09-15 12:52 -------- d-----w- c:\program files\rajce
2009-12-12 13:38 . 2009-05-24 21:22 -------- d-----w- c:\program files\Norton Security Scan
2009-12-12 12:32 . 2009-03-15 12:58 -------- d-----w- c:\program files\FDRLab
2009-12-12 12:28 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 12:28 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-10-01 14:00 . 2007-03-05 12:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-30 7630848]
"nwiz"="nwiz.exe" [2006-08-30 1519616]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-22 949376]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-26 1817600]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-10-13 16:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-02-10 19:40 2048000 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-30 17:51 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-27 20:18 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\TRANSLAT\\WEBTRANS.EXE"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Miroslav Babušek\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2008 13:34 717296]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [22.2.2007 23:38 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26.9.2008 20:29 141312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 18:55 222456]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [8.2.2007 9:26 1180544]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [4.3.2007 22:12 129535]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'
2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-02-05 c:\windows\Tasks\Norton Security Scan for Miroslav Babušek.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 10:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: dvi.cz\itutor
Trusted Zone: stahuj.cz
FF - ProfilePath - c:\documents and settings\Miroslav Babušek\Data aplikací\Mozilla\Firefox\Profiles\mzcby9lm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Web Translator - (no file)
MSConfigStartUp-Cas 2 - c:\libor\Instalčky\Čas 2.1\Cas 2.1.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(1376)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-09 01:27:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-09 00:27
Před spuštěním: Volných bajtů: 93 774 991 360
Po spuštění: Volných bajtů: 93 763 952 640
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 4BE0C1D2503714A6A06B5F7B06B9D77B
