VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Restartovani Pc

https://forum.viry.cz:443/viewtopic.php?t=111108

Stránka 5 z 25

Re: Restartovani Pc

Napsal: 19 dub 2011 19:54
od Y0G1
motji píše:Klikněte na něj pravým myšítkem - otevřít v notepadu a text z něj sem vložte.


mozete mi povedat presne ako mam ist do systemu windows a tam to tak spravit?

Re: Restartovani Pc

Napsal: 19 dub 2011 20:26
od motji
Pujdete do této složky windows a najdete soubor c:\windows\DelMR.bat.
Kliknete na něj pravým myšítkem, zvolíte otevřít jako - otevřít v notepadu

Re: Restartovani Pc

Napsal: 20 dub 2011 08:43
od Y0G1
motji píše:Pujdete do této složky windows a najdete soubor c:\windows\DelMR.bat.
Kliknete na něj pravým myšítkem, zvolíte otevřít jako - otevřít v notepadu

dufam ze je to ono


rmdir /s /q "C:\Program Files\Intuwave\Shared\mRouterRuntime"
rmdir /q "C:\Program Files\Intuwave\Shared"
rmdir /q "C:\Program Files\Intuwave"

Re: Restartovani Pc

Napsal: 20 dub 2011 08:53
od motji
Děkuji, soubor bude v pořádku. Ted ještě ten gmer :)

Re: Restartovani Pc

Napsal: 20 dub 2011 14:27
od Y0G1
motji píše:Děkuji, soubor bude v pořádku. Ted ještě ten gmer :)
prepacte musite este raz dat ten odkaz nejako som mimo ospravedlnujem sa

Re: Restartovani Pc

Napsal: 20 dub 2011 17:19
od Rudy
Omluva za vstup. GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 .

Re: Restartovani Pc

Napsal: 24 dub 2011 12:48
od Y0G1
zdravim nejaky cas som tu nebol dufam ze mi este pomozete tu je log z toho gmeru

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-24 13:45:50
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys


---- System - GMER 1.0.15 ----

SSDT sprn.sys ZwCreateKey [0xF72940E0]
SSDT sprn.sys ZwEnumerateKey [0xF72ACDA4]
SSDT sprn.sys ZwEnumerateValueKey [0xF72AD132]
SSDT sprn.sys ZwOpenKey [0xF72940C0]
SSDT sprn.sys ZwQueryKey [0xF72AD20A]
SSDT sprn.sys ZwQueryValueKey [0xF72AD08A]
SSDT sprn.sys ZwSetValueKey [0xF72AD29C]

INT 0x62 ? 865DFBF8
INT 0x63 ? 862ACBF8
INT 0x73 ? 862ACBF8
INT 0x82 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8

---- Kernel code sections - GMER 1.0.15 ----

? sprn.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F6D8D62C 5 Bytes JMP 862AC1D8
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF61593A0, 0x5FE082, 0xE8000020]
.text ak0ejr53.SYS F610C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak0ejr53.SYS F610C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak0ejr53.SYS F610C3C4 3 Bytes [00, 80, 02]
.text ak0ejr53.SYS F610C3C9 1 Byte [30]
.text ak0ejr53.SYS F610C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0185ADBD
.text C:\WINDOWS\System32\svchost.exe[1100] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 0185AD54
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 008FADBD
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 10699777 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 10699709 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 1 Byte [E9]
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104C7C37 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104C823A C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\firefox.exe[2028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 C:\Programy\Mozilla\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] sprn.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] sprn.sys
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865DE1F8
Device \FileSystem\Fastfat \FatCdrom 858A41F8
Device \Driver\usbohci \Device\USBPDO-0 8617A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 865731F8
Device \Driver\dmio \Device\DmControl\DmConfig 865731F8
Device \Driver\dmio \Device\DmControl\DmPnP 865731F8
Device \Driver\dmio \Device\DmControl\DmInfo 865731F8
Device \Driver\usbohci \Device\USBPDO-1 8617A1F8
Device \Driver\usbehci \Device\USBPDO-2 8616D368
Device \Driver\sptd \Device\4265438674 sprn.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{82E1B57E-D3D6-4597-B223-9532A75A4DAE} 862991F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 865E01F8
Device \Driver\Cdrom \Device\CdRom0 863EF1F8
Device \Driver\atapi \Device\Ide\IdePort0 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort1 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort2 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort3 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 865DF1F8
Device \Driver\Cdrom \Device\CdRom1 863EF1F8
Device \Driver\Cdrom \Device\CdRom2 863EF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 862991F8
Device \Driver\PCI_PNP9924 \Device\0000003f sprn.sys
Device \Driver\NetBT \Device\NetbiosSmb 862991F8
Device \Driver\usbohci \Device\USBFDO-0 8617A1F8
Device \Driver\usbohci \Device\USBFDO-1 8617A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 858F91F8
Device \Driver\usbehci \Device\USBFDO-2 8616D368
Device \FileSystem\MRxSmb \Device\LanmanRedirector 858F91F8
Device \Driver\Ftdisk \Device\FtControl 865E01F8
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531 86174500
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531Port5Path0Target0Lun0 86174500
Device \FileSystem\Fastfat \Fat 858A41F8
Device \FileSystem\Cdfs \Cdfs 858D31F8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] aigkwb <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...

---- EOF - GMER 1.0.15 ----

Re: Restartovani Pc

Napsal: 24 dub 2011 18:15
od motji
:?: No jo, Vy si tam hýčkáte rootkita, a pak se divím, že se mi tam pořád něco nechce smazat :D . Zkusíme ho zabít a jestli to nepujde, zvolíme jiný kulomet :D

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Driver::
hcfnioac
aigkwb

Netsvc::
hcfnioac
aigkwb

Rootkit::
C:\WINDOWS\system32\oqhre.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hhkjbtsq]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aigkwb]
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Restartovani Pc

Napsal: 24 dub 2011 23:18
od Y0G1
jasny rozumim zitra udelam jezis proc mne nechce opustit ta svne ?:D:(

Re: Restartovani Pc

Napsal: 24 dub 2011 23:33
od motji
Máte tam nějakou krásnou a dobře schovanou potvůrku, když ji ani Avptool nenašel :) .
Zítra tu budu zase večer po 9.hodině :)

Re: Restartovani Pc

Napsal: 27 dub 2011 16:10
od Y0G1
tady je ten log z posledni spravy co ste sem postnul abych udelal


ComboFix 11-04-16.03 - Martin 27.04.2011 17:04:49.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.756 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 15:06 . 2011-04-27 15:06 4096 ----a-w- c:\windows\system32\01.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-21 20:39 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-17_11.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 12:39 . 2011-04-18 12:53 65719 c:\windows\War3Unin.dat
- 2011-04-14 17:53 . 2011-04-14 17:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-04-11 19:48 . 2011-04-11 19:48 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2002-08-29 02:41 . 2004-08-03 23:56 170505 c:\windows\system32\oqhre.dll
+ 2011-04-20 06:54 . 2011-04-20 06:54 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 483328 c:\windows\SoftwareProtection\wxmsw28uh_html_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 708608 c:\windows\SoftwareProtection\wxmsw28uh_adv_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 135168 c:\windows\SoftwareProtection\wxbase28uh_net_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 624608 c:\windows\SoftwareProtection\systemvital.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 102400 c:\windows\SoftwareProtection\pywintypes25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 348160 c:\windows\SoftwareProtection\MSVCR71.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 499712 c:\windows\SoftwareProtection\MSVCP71.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-11-15 17:39 . 2011-03-22 20:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-15 17:39 . 2011-04-20 06:54 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 3166208 c:\windows\SoftwareProtection\wxmsw28uh_core_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1327104 c:\windows\SoftwareProtection\wxbase28uh_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 2113536 c:\windows\SoftwareProtection\python25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1700352 c:\windows\SoftwareProtection\gdiplus.dll
+ 2011-04-26 15:41 . 2011-04-26 15:41 8455680 c:\windows\Installer\85f8f7.msi
+ 2011-04-21 19:01 . 2011-04-21 19:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:52 . 2011-04-14 17:52 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 aigkwb;Security Image;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 17:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aigkwb]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-27 17:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-27 15:08
ComboFix2.txt 2011-04-18 15:34
ComboFix3.txt 2011-04-18 07:17
ComboFix4.txt 2011-04-17 11:26
.
Pre-Run: 62 098 321 408 bytes free
Post-Run: 8 adresárov, 62 102 683 648 voľných bajtov
.
- - End Of File - - 5BE37BE8BD21262F5625F2D0BE528377

Re: Restartovani Pc

Napsal: 27 dub 2011 17:33
od motji
Prosím stahněte si nový combofix a spustte ho znovu s tím skriptem, tohle se nezdařilo :o

Re: Restartovani Pc

Napsal: 30 dub 2011 06:48
od Y0G1
mne tam pise zda ho chci aktualizovat mam to udelat?:

Re: Restartovani Pc

Napsal: 30 dub 2011 06:53
od motji
Ano :)

Re: Restartovani Pc

Napsal: 30 dub 2011 13:39
od Y0G1
je to v poriadku? je to ten spravny?



ComboFix 11-04-29.03 - Martin 30.04.2011 14:31:16.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIGKWB
-------\Service_aigkwb
-------\Legacy_qsqxn
-------\Service_qsqxn
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 12:36 . 2011-04-30 12:36 4096 ----a-w- c:\windows\system32\02.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-29 16:20 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-27_15.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
"6756:TCP"= 6756:TCP:rvgbebls
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 qsqxn;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
qsqxn
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 14:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qsqxn]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-04-30 14:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 12:38
ComboFix2.txt 2011-04-27 15:08
ComboFix3.txt 2011-04-18 15:34
ComboFix4.txt 2011-04-18 07:17
ComboFix5.txt 2011-04-30 12:30
.
Pre-Run: 62 070 493 184 bytes free
Post-Run: 8 adresárov, 62 063 947 776 voľných bajtov
.
- - End Of File - - 264845684B385EAB1B5ED90834F699B3
Všechny časy jsou v UTC+01:00
Stránka 5 z 25

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz