VIRY.CZ

pocas priebehu vybehla tabulka ze ochrana systemu windows, predpokladam ze ten skript nahradil nejaku jeho sucast tak som mu to povolil. alebo sem nemnel ???


ComboFix 10-02-24.03 - User . 02. 2010 18:42:22.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3062.2537 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 17:39 . 2009-08-17 14:26 1571840 ------w- C:\sfcfiles.dll
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\windows\system32\1029
2010-02-25 15:23 . 2010-02-25 15:24 -------- d-----w- c:\program files\trend micro
2010-02-25 15:23 . 2010-02-25 15:24 -------- d-----w- C:\rsit
2010-02-22 16:41 . 2010-02-22 16:41 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-22 16:40 . 2010-02-22 16:40 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-22 16:38 . 2010-02-22 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-22 16:38 . 2010-02-22 16:38 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-02-21 23:18 . 2010-02-23 16:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Windows Update
2010-01-28 10:04 . 2006-05-19 13:55 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-01-28 10:04 . 2006-05-19 13:52 69721 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-01-28 10:04 . 2006-05-19 13:30 94297 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-01-28 10:04 . 2006-05-19 13:24 193088 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-01-28 10:04 . 2006-05-19 13:29 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-01-28 10:04 . 2006-05-19 13:29 82012 ----a-w- c:\windows\system32\SynCOM.dll
2010-01-28 10:04 . 2010-01-28 10:04 -------- d-----w- c:\program files\Synaptics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 21:00 . 2009-07-18 15:53 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-02-22 17:57 . 2009-07-18 15:56 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-02-22 16:28 . 2009-07-19 12:46 -------- d-----w- c:\documents and settings\User\Application Data\ICQ
2010-02-19 08:39 . 2009-07-08 19:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 18:18 . 2009-07-09 15:32 66960 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 21:19 . 2009-07-19 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-28 10:10 . 2009-07-08 19:54 -------- d-----w- c:\program files\Lenovo
2010-01-28 10:10 . 2009-07-08 19:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 13:45 . 2009-07-19 12:45 -------- d-----w- c:\program files\ICQ6.5
2010-01-22 09:26 . 2010-01-22 09:26 475136 ------w- c:\windows\Setup1.exe
2010-01-22 09:26 . 2010-01-22 09:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-05 08:15 . 2009-10-25 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2010-01-04 12:50 . 2010-01-04 11:55 -------- d-----w- c:\program files\Google
2010-01-04 11:52 . 2009-08-17 16:11 -------- d-----w- c:\program files\ALFA
2010-01-04 11:51 . 2009-08-17 16:17 -------- d-----w- c:\program files\OLYMP
2010-01-04 11:44 . 2010-01-04 11:44 -------- d-----w- c:\program files\Elcom
2010-01-04 11:42 . 2009-08-17 16:11 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-01-04 11:42 . 2009-08-17 16:11 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-01-04 11:42 . 2009-08-17 16:11 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-01-04 11:42 . 2009-08-17 16:11 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-05-13 10:38 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-07-08 18:55 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-13 22:54 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 17:49 . 2009-12-03 17:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 17:48 . 2009-12-03 17:48 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 17:47 . 2009-12-03 17:47 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

------- Sigcheck -------

[-] 2009-08-17 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-25_15.49.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-25 16:56 . 2010-02-25 16:56 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6. 2. 2009 13:24 93336]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [17. 8. 2009 17:11 51072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 13:23 727720]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sme.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u55bg5k.default\
FF - prefs.js: browser.startup.homepage - www.sme.sk
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 18:45:39
ComboFix-quarantined-files.txt 2010-02-25 17:45
ComboFix2.txt 2010-02-25 17:33
ComboFix3.txt 2010-02-25 16:27
ComboFix4.txt 2010-02-25 15:50

Pre-Run: 28 118 953 984 bytes free
Post-Run: 28 103 819 264 bytes free

- - End Of File - - 5EB5BB8AB27C1A2D6D1BB905709406D9

Ano, ComboFix nahrazoval součást systému.

Jak to vypadá s PC

asi to uz bude ok a PC se chova normalne. takze velmi pekne dekuji a moc si cenim vasi pomoc a snahu

Na c: bude složka qoobox\quarantine najděte v ní následující soubor a obnovte do původního umístění.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk


Dejte nový log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

doufam ze sem to pochopil dobre ze z cesty c:\qoobox\quarantine\c\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.vir sem mnel tento subor Bluetooth.lnk.vir umistnit do c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.vir

Ano, a ještě umažte koncovku .vir

ok. tak vykonane a jeste jednou dekuji

Ještě ten log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-02-25 19:45:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (67%) free of 40 GB
Total RAM: 3062 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:18, on 25. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sme.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7927152467
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8022184328
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6712 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-03 149280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-19 774233]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-25 18:48:26 ----SHD---- C:\RECYCLER
2010-02-25 18:45:40 ----A---- C:\ComboFix.txt
2010-02-25 18:41:47 ----D---- C:\ComboFix
2010-02-25 18:39:58 ----N---- C:\sfcfiles.dll
2010-02-25 17:56:26 ----D---- C:\WINDOWS\system32\1029
2010-02-25 16:44:55 ----A---- C:\Boot.bak
2010-02-25 16:44:50 ----RASHD---- C:\cmdcons
2010-02-25 16:43:50 ----A---- C:\WINDOWS\zip.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\SWSC.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\SWREG.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\sed.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\PEV.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\MBR.exe
2010-02-25 16:43:50 ----A---- C:\WINDOWS\grep.exe
2010-02-25 16:43:44 ----D---- C:\WINDOWS\ERDNT
2010-02-25 16:43:36 ----D---- C:\Qoobox
2010-02-25 16:23:57 ----D---- C:\Program Files\trend micro
2010-02-25 16:23:56 ----D---- C:\rsit
2010-02-25 00:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 17:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-22 17:38:32 ----D---- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2010-02-22 02:36:48 ----RAD---- C:\autorun.inf
2010-02-19 09:38:46 ----D---- C:\Program Files\Adobe
2010-02-10 22:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 22:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 22:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 22:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 22:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 22:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 22:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 22:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 22:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-28 11:04:54 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2010-01-28 11:04:54 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2010-01-28 11:04:54 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2010-01-28 11:04:53 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2010-01-28 11:04:53 ----A---- C:\WINDOWS\system32\SynCOM.dll
2010-01-28 11:04:51 ----D---- C:\Program Files\Synaptics

======List of files/folders modified in the last 1 months======

2010-02-25 19:44:55 ----D---- C:\WINDOWS\Temp
2010-02-25 19:06:35 ----D---- C:\Program Files\Mozilla Firefox
2010-02-25 18:59:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-25 18:44:19 ----D---- C:\WINDOWS
2010-02-25 18:44:19 ----A---- C:\WINDOWS\system.ini
2010-02-25 18:43:24 ----D---- C:\WINDOWS\system32
2010-02-25 18:43:23 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 18:43:23 ----D---- C:\WINDOWS\AppPatch
2010-02-25 18:43:20 ----D---- C:\Program Files\Common Files
2010-02-25 18:42:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 17:56:27 ----D---- C:\WINDOWS\Minidump
2010-02-25 17:56:26 ----D---- C:\WINDOWS\system32\mui
2010-02-25 17:56:22 ----D---- C:\Config.Msi
2010-02-25 16:48:43 ----RD---- C:\Program Files
2010-02-25 16:44:55 ----RASH---- C:\boot.ini
2010-02-25 16:22:42 ----SHD---- C:\WINDOWS\Installer
2010-02-25 00:09:20 ----HD---- C:\WINDOWS\inf
2010-02-25 00:09:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 00:08:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-25 00:08:55 ----A---- C:\WINDOWS\imsins.BAK
2010-02-24 08:58:12 ----D---- C:\WINDOWS\Prefetch
2010-02-22 22:00:46 ----D---- C:\Documents and Settings\User\Application Data\Skype
2010-02-22 18:57:22 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2010-02-22 17:28:57 ----D---- C:\Documents and Settings\User\Application Data\ICQ
2010-02-19 09:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-19 09:39:00 ----D---- C:\Program Files\Common Files\Adobe
2010-02-10 22:19:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 20:48:13 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-01-28 12:09:08 ----D---- C:\DRIVERS
2010-01-28 11:21:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-28 11:10:09 ----D---- C:\Program Files\Lenovo
2010-01-28 11:10:08 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-01-04 51072]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-30 329901]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-13 862922]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-30 67672]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-19 193088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-30 149123]
S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-11-11 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-03 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523


Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

• Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

tak vsetko vykonane a ked vas este mozem otravovat aky firewall by ste odporucali. dakujem

Osobně bych doporučil Zone Alarm.

Tiez mam problem s USBManager.exe cez autorun.inf. Isiel by som aj nejako podla predchadzajuceho riesenia, ale mam Vistu 64bit a ComboFix na takomto nebezi.
Mozem poprosit o radu?

danielson84

Založte si prosím své vlastní téma a vložte tam log z RSIT.