VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir bráníci v rozbalení archívů.

https://forum.viry.cz:443/viewtopic.php?t=100457

Stránka 1 z 4

Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 19:39
od Lochna
Dobrý den, chtěl bych se obrátit na fórum viry.cz s problémem který mě trápí už velmi dlouho.
Tím problémem je určitá havěť, která má projevy, se kterými sem se zatím nesetkal a tak ani jestli je tu vlastně způsobené virem. Problém je že mi nejdou rozbalit žádné zazipované soubory, (zip,jar atd.) stažené z internetu, pc nahlásí chyba archívu, ale v samotném archivu problém není, na jiném pc to rozbalit jde. Další projevy nákazy jsou znefunkčnění všech složitějších aplikací jako sou hry a atd. Jinak se vir jinak neprojevuje pc se ani nezpomaluje. Že jde o vir sem vydedukoval s toho že nelze nainstalovat antivirový program kaspersky, při spuštění instalace nahlásí
This could be the result of a damage disk, a failed download or a virus.
V oblasti počítačové bezpečnosti jsem bohužel laik a tak ocením veškeré rady. Už jsem skoušel všemožné antiviry které šly nainstalovat i Combofix. Děkuji Ignác Š.

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 20:19
od motji
Dobrý večer :)
Poprosím o log ze Rsitu, viz můj podpis.

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 20:45
od Lochna
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-25 21:44:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (25%) free of 38 GB
Total RAM: 1022 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:08, on 25.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: everyflv - {5d919d69-332c-67e8-6ad0-525461b8017d} - C:\WINDOWS\system32\yh-_2t.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Mouse Tachometer] C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe --hide
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6304 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d919d69-332c-67e8-6ad0-525461b8017d}]
everyflv - C:\WINDOWS\system32\yh-_2t.dll [2010-03-22 1130496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Mouse Tachometer"=C:\Program Files\Mouse Tachometer\Mouse Tachometer.exe [2002-11-01 282624]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMHelp"=1
"ForceStartMenuLogoff"=0
"NoStartMenuPinnedList"=1
"NoSMConfigurePrograms"=1
"NoUserNameInStartMenu"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\EA GAMES\Battlefield 2\BF2.exe"="D:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2"
"D:\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\TmNationsForever\TmForever.exe"="D:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\EA GAMES\Need for Speed Underground 2\SPEED2.EXE"="D:\EA GAMES\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Sierra\FEARCombat\FEARMP.exe"="D:\Sierra\FEARCombat\FEARMP.exe:*:Enabled:F.E.A.R."
"D:\Steam\SteamApps\klitoriz\half-life 2 deathmatch\hl2.exe"="D:\Steam\SteamApps\klitoriz\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"D:\Steam\SteamApps\klitoriz\team fortress 2\hl2.exe"="D:\Steam\SteamApps\klitoriz\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Left 4 Dead\left4dead.exe"="D:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\Sierra\FEARCombat\FEARServer.exe"="D:\Sierra\FEARCombat\FEARServer.exe:*:Enabled:F.E.A.R. - Stand-Alone Server"
"D:\Activision\Modern Warfare 2\iw4mp.exe"="D:\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"D:\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam 732897"
"D:\Steam\SteamApps\common\zero gear\ZeroGear.bat"="D:\Steam\SteamApps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"D:\Rockstar Games\GTA San Andreas\mIRC\mirc.exe"="D:\Rockstar Games\GTA San Andreas\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-25 21:41:48 ----D---- C:\rsit
2010-04-25 21:41:48 ----D---- C:\Program Files\trend micro
2010-04-25 21:20:39 ----D---- C:\Documents and Settings\Admin\Application Data\Locktime
2010-04-25 21:18:41 ----D---- C:\Documents and Settings\All Users\Application Data\Locktime
2010-04-25 21:18:38 ----D---- C:\Program Files\NetLimiter 2 Pro
2010-04-25 01:25:36 ----A---- C:\WINDOWS\QIII.INI
2010-04-24 16:47:54 ----D---- C:\Program Files\IObit
2010-04-22 02:58:31 ----A---- C:\WINDOWS\system32\_nNr3YoHZf8mI.exe
2010-04-22 02:58:23 ----D---- C:\Program Files\FLV Direct Player
2010-04-20 03:47:27 ----A---- C:\WINDOWS\zSpy.INI
2010-04-14 04:34:29 ----A---- C:\WINDOWS\IsUn0405.exe
2010-04-09 22:25:38 ----D---- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-04-05 07:11:25 ----D---- C:\Program Files\OO Software
2010-04-03 23:30:28 ----D---- C:\Program Files\Zone Labs
2010-04-03 23:29:33 ----D---- C:\WINDOWS\Internet Logs
2010-04-03 23:14:37 ----D---- C:\Program Files\CCleaner
2010-04-03 22:50:38 ----D---- C:\Signs.Xvid.2002
2010-04-02 23:00:26 ----D---- C:\Documents and Settings\Admin\Application Data\GetRightToGo
2010-03-28 17:55:26 ----D---- C:\Program Files\Common Files\Stardock
2010-03-28 17:55:25 ----D---- C:\Program Files\Stardock
2010-03-28 00:35:02 ----SHD---- C:\RECYCLER
2010-03-28 00:23:52 ----D---- C:\The.Fast.and.The.Furious.Quadrilogy.720p.BRRip.XviD-SHiRK
2010-03-26 20:33:14 ----D---- C:\WINDOWS\temp

======List of files/folders modified in the last 1 months======

2010-04-25 21:43:46 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2010-04-25 21:41:48 ----D---- C:\Program Files
2010-04-25 21:30:30 ----A---- C:\WINDOWS\wincmd.ini
2010-04-25 21:27:13 ----SHD---- C:\WINDOWS\Installer
2010-04-25 21:26:00 ----AD---- C:\Program Files\Altap Salamander 2.5
2010-04-25 21:25:31 ----D---- C:\Program Files\BitSpirit
2010-04-25 21:24:51 ----D---- C:\Program Files\IEPro
2010-04-25 21:23:32 ----D---- C:\WINDOWS\system32\PolarClock3 dir
2010-04-25 21:23:03 ----SD---- C:\WINDOWS\Tasks
2010-04-25 21:20:27 ----D---- C:\WINDOWS\system32\config
2010-04-25 21:19:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-25 21:18:39 ----D---- C:\WINDOWS\system32\drivers
2010-04-25 21:17:32 ----D---- C:\WINDOWS\system32
2010-04-25 21:16:27 ----D---- C:\WINDOWS\Prefetch
2010-04-25 15:36:50 ----D---- C:\WINDOWS
2010-04-25 15:31:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-25 05:34:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-24 23:27:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-24 19:12:23 ----A---- C:\WINDOWS\win.ini
2010-04-23 21:41:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-23 21:40:22 ----D---- C:\Program Files\AGEIA Technologies
2010-04-23 21:39:37 ----D---- C:\WINDOWS\system32\DirectX
2010-04-23 21:39:36 ----HD---- C:\WINDOWS\inf
2010-04-23 21:39:21 ----RSD---- C:\WINDOWS\assembly
2010-04-23 00:02:05 ----D---- C:\!!!!!!!!!!!
2010-04-19 19:50:00 ----D---- C:\Documents and Settings\Admin\Application Data\dvdcss
2010-04-17 00:12:01 ----D---- C:\Documents and Settings\Admin\Application Data\ICQ
2010-04-14 14:54:30 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2010-04-13 01:41:59 ----A---- C:\WINDOWS\BlendSettings.ini
2010-04-04 20:08:21 ----D---- C:\Program Files\Postal2
2010-04-04 16:07:20 ----D---- C:\Program Files\Common Files
2010-04-04 00:12:16 ----D---- C:\WINDOWS\system32\Restore
2010-04-03 23:47:45 ----SHD---- C:\System Volume Information
2010-04-03 23:29:36 ----D---- C:\WINDOWS\WinSxS
2010-04-03 23:19:36 ----D---- C:\WINDOWS\Debug
2010-04-03 23:04:05 ----SHD---- C:\WINDOWS\CSC
2010-04-03 22:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2010-04-03 16:32:30 ----D---- C:\Program Files\Mozilla Firefox
2010-03-28 19:12:36 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2010-03-28 18:57:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-28 18:34:35 ----D---- C:\Documents and Settings\Admin\Application Data\skypePM
2010-03-28 17:51:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 15:25:03 ----D---- C:\Program Files\JoWooD
2010-03-26 20:31:29 ----A---- C:\WINDOWS\system.ini
2010-03-26 20:29:50 ----D---- C:\WINDOWS\AppPatch
2010-03-26 20:15:34 ----D---- C:\Program Files\ESET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-23 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-23 25888]
R2 npkcrypt;npkcrypt; \??\D:\Lineage II\system\npkcrypt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-12-28 62336]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-02-26 42496]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-10-16 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-12-28 163456]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-12-28 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-12-28 59264]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-12-28 20608]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 a4yyv6tt;a4yyv6tt; C:\WINDOWS\system32\drivers\a4yyv6tt.sys []
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 axqbp8c3;axqbp8c3; C:\WINDOWS\system32\drivers\axqbp8c3.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter.sys [2006-10-09 34048]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-25 75064]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-05 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 21:21
od motji
Co jste všechno zkoušel za antiviry, našli něco?
Log z combofixu jste si asi neuložil? Jde o to, že když už jste ho použil, tak smazal některé stopy v registrech. Já ted v logu nic nevidím.

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 21:52
od Lochna
No z tech antivirů to byl multi virus cleaner a combofix, v domění že jde též o antivir, jo a taky NOD32 klasický ne ten balík. Pokud jde o ten log z combofixu není problém to zasej spustit, za chvíli ho sem dám.

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 22:08
od motji
:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 22:19
od Lochna
ComboFix 10-04-21.01 - Admin 25.04.2010 23:11:45.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.659 [GMT 2:00]
Spuštěný z: d:\downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Desktop\FLV Direct Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 19:41 . 2010-04-25 19:44 -------- d-----w- c:\program files\trend micro
2010-04-25 19:41 . 2010-04-25 19:42 -------- d-----w- C:\rsit
2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Locktime
2010-04-25 19:18 . 2010-04-25 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2010-04-25 19:18 . 2010-04-25 19:18 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-04-24 14:47 . 2010-04-24 14:47 -------- d-----w- c:\program files\IObit
2010-04-23 20:01 . 2010-04-23 20:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Risen
2010-04-22 00:58 . 2010-04-22 00:58 111513 ----a-w- c:\windows\system32\_nNr3YoHZf8mI.exe
2010-04-20 01:49 . 2010-04-20 01:49 2368 ----a-w- c:\windows\system32\SVKP.sys
2010-04-14 02:34 . 1998-10-09 16:04 327168 ----a-w- c:\windows\IsUn0405.exe
2010-04-09 20:25 . 2010-04-09 20:25 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-04-09 20:23 . 2010-04-09 20:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ArmA 2
2010-04-05 05:12 . 2010-04-05 05:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\O&O
2010-04-05 05:11 . 2010-04-05 05:11 -------- d-----w- c:\program files\OO Software
2010-04-03 21:30 . 2010-04-03 21:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-03 21:30 . 2010-04-03 21:30 -------- d-----w- c:\program files\Zone Labs
2010-04-03 21:29 . 2010-04-25 19:16 -------- d-----w- c:\windows\Internet Logs
2010-04-03 21:14 . 2010-04-03 21:25 -------- d-----w- c:\program files\CCleaner
2010-04-03 20:50 . 2010-04-03 22:33 -------- d-----w- C:\Signs.Xvid.2002
2010-04-02 21:00 . 2010-04-02 21:24 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo
2010-03-28 15:55 . 2010-03-28 15:55 -------- d-----w- c:\program files\Common Files\Stardock
2010-03-28 15:55 . 2010-03-28 15:55 -------- d-----w- c:\program files\Stardock
2010-03-28 15:55 . 2004-04-26 11:47 163456 ----a-w- c:\windows\system32\drivers\vidstub.sys
2010-03-27 22:23 . 2010-03-31 00:21 -------- d-----w- C:\The.Fast.and.The.Furious.Quadrilogy.720p.BRRip.XviD-SHiRK

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 21:05 . 2007-07-26 10:17 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-04-25 19:59 . 2007-12-22 23:55 -------- d-----w- c:\program files\Prime95
2010-04-25 19:25 . 2008-10-17 18:20 -------- d-----w- c:\program files\BitSpirit
2010-04-25 19:24 . 2008-06-03 19:44 -------- d-----w- c:\program files\IEPro
2010-04-25 19:20 . 2007-06-30 02:25 86384 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 13:31 . 2007-06-28 03:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 19:41 . 2007-06-30 02:53 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 19:41 . 2007-06-30 02:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-23 19:41 . 2007-06-28 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-23 19:40 . 2010-01-16 03:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 17:50 . 2009-01-03 17:50 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-04-16 22:12 . 2007-12-16 21:22 -------- d-----w- c:\documents and settings\Admin\Application Data\ICQ
2010-04-04 18:08 . 2009-08-03 00:29 -------- d-----w- c:\program files\Postal2
2010-04-03 20:53 . 2007-06-28 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-03-28 17:12 . 2007-07-05 04:50 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-03-28 16:34 . 2008-12-25 20:07 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-03-28 13:25 . 2010-03-22 09:14 -------- d-----w- c:\program files\JoWooD
2010-03-26 18:15 . 2007-07-26 11:14 -------- d-----w- c:\program files\ESET
2010-03-22 16:09 . 2010-03-22 16:09 1130496 ----a-w- c:\windows\system32\yh-_2t.dll
2010-03-14 23:48 . 2010-03-14 23:48 -------- d-----w- c:\documents and settings\Admin\Application Data\Hewlett-Packard
2010-03-14 23:45 . 2010-03-14 23:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-14 23:44 . 2010-03-14 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-14 14:34 . 2010-03-14 14:34 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-03-14 02:26 . 2010-03-14 02:22 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2010-03-14 02:23 . 2010-03-14 02:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-14 02:23 . 2007-06-28 02:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 02:22 . 2010-03-14 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-14 01:09 . 2010-03-14 01:09 85504 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-03-14 01:09 . 2010-03-14 01:09 -------- d-----w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2010-03-13 20:53 . 2010-03-13 20:54 388608 ----a-w- c:\windows\system32\CF32282.exe
2010-03-12 14:08 . 2010-03-12 14:08 -------- d-----w- c:\program files\Eidos
2010-03-09 17:04 . 2010-03-01 23:32 16 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-03-08 10:31 . 2010-03-08 10:31 16 ----a-w- c:\documents and settings\Admin\Application Data\rbuwzv.dat
2010-03-06 17:32 . 2010-02-28 04:07 16 ----a-w- c:\documents and settings\LocalService\Application Data\rbuwzv.dat
2010-02-18 11:58 . 2010-02-18 11:58 12 ----a-w- c:\documents and settings\NetworkService\Application Data\cqfyto.dat
2010-02-18 01:55 . 2010-02-18 01:55 12 ----a-w- c:\documents and settings\LocalService\Application Data\cqfyto.dat
2010-02-08 21:27 . 2010-02-08 21:27 162816 ----a-w- c:\windows\system32\fmod.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d919d69-332c-67e8-6ad0-525461b8017d}]
2010-03-22 16:09 1130496 ----a-w- c:\windows\system32\yh-_2t.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Tachometer"="c:\program files\Mouse Tachometer\Mouse Tachometer.exe" [2002-11-01 282624]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\EA GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Sierra\\FEARCombat\\FEARMP.exe"=
"d:\\Steam\\SteamApps\\klitoriz\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\klitoriz\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Sierra\\FEARCombat\\FEARServer.exe"=
"d:\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"d:\\Steam\\Steam.exe"=
"d:\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [20.4.2010 3:49 2368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2007 4:07 691696]
S3 cpuz130;cpuz130;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [16.5.2009 15:02 26224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys [26.9.2006 23:21 21920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\3mjwj7a0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{792c571c-06ad-9615-cf39-cf3e7fbdadd7}\components\-k_7JFGN_.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 23:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,58,eb,8a,b1,ae,68,7d,40,3e,72,fb,9a,e3,8b,35,bc,1d,3a,6e,eb,fa,4a,
de,de,56,24,4a,cf,ac,e2,cc,67,73,65,3b,a5,e1,4b,75,5b,f0,87,a8,1e,b7,02,9c,\
"??"=hex:51,43,57,8f,02,09,c0,62,99,51,06,7c,c5,9c,ef,9b

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:db,1b,3a,af,d0,e8,b8,c1,00,26,e2,92,4c,f2,4c,b3,9d,9a,c8,ed,40,
a3,f6,7f,78,fc,8a,42,2b,9c,3e,90,b0,14,03,b6,0d,69,9b,0f,72,05,e8,71,7b,2a,\
"rkeysecu"=hex:23,c4,d5,72,1b,d3,ff,33,61,a9,cd,1a,f5,4e,f5,9a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="64D4B0D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794C038D530D6EB3452C874E194E5E444BFAB7822773940C81FBBFB669EE47E74E504C5085DC10A26A45ED0A15907432A3094460A8F3D28BF952450E622BFCEAFD102BAC705CCAE74E27AE455EE2D367020167F931BE3333068989DA9616E11461D8997459A1E57B07450B78856718B4D8C5BBF87588ED66160DDB4D876407B31FE1980AD368C9F241BB7E488C45466FC6535B878BA87D7A13B5D7AE431E51BECA05131712253F79B0FA99A67A43ABA3D8F16ADB6E97BD23DA9A26A0494F44E7A207A78C66110A6E8F8469EFA1368D250609777D93EF9348A50DE0F2CD9E54BDD0FFBB727A6C5C3637AD0455FE18C4D7DA67482BD47783F5F49E80B1AEA97971F746466CF5CD9BCE1262F7B6F95B39B0F220ECD02C74D8C97A0B6134EE84A104CC9E58DC01D985145816DBFD06953025406E5EF88B537061457E7708D26A3E3F5FC574BBE3A2E966C09B9A666C9C11D9FF9258E79BBD56938633C025E2A2E18AF70B05254B9AD74BDAAE5D5DDD7B9D7471A1967BE382DCAE92D97B60EAFD582937A91694E520E2AA34B6B89A269DCF526772F4B09BE2510171184952CA8EB513DE3BA6A3D702A460B406311E609AC8B9A957D9D4B160BF42E61AF378DB6A702CD6C13C276B4BE2EE6540D502373918407EBBAD53B368F86A261E8C849B120E9E844247794F4709BAA48CB3D8E9A569CD366C182D4CFC62AED4D260BBCA5D43038929A9BF2B8C21A51CCA5E229A32AE7E9E615C1D7442814094E7F5508D125CFE8F14ADA333C230B590CC5E135E721C93840D649472B92507408B28E0E29589A2AEE28F3BA705EA2C39D7BECB874337DB1B94FDFE8CE433D358E9F3577D41732B18C4E3932F9A5E91413B94BFC8CB90FCD906A634AAC608ED1EA4D5931ADEE8FB7BFFA0F08B2123E576E97D88F24F56385F33843B77972CA569AE1A2EA46D07EF8F30F716B249CCF1926CE04C4E40B2DD7096C04C698E44B520E2B4899DF129EB686116F531124246CA6BE50B1ADFE774965DEBD4EA78840D8AB9B19F273ECE2B44AAAA8F7EC6A92654EEB54300FBFA0DD978C9D68F3132C82C9C5F4F52B7D143B832BD5D76116C89D6F7ABC5FCD99D9A29F13E273FE9BE4EAB7E4D06168C64F186E02C0B049B14735D238489F65C228A470B7E116801E17B0B55338B83CAC801CB6C6460CB72CE34BB112C91981516676F1638333E2FBBF787994C6467079EE9A80B3D9306ED6C6063B9AA83404BF43308020C379C479B2692B4CAD9300DB316D60A4022B67686C8F948A61A0046F3E6B6C9F32D578BE96AFE743B2F31AE13271E01E58CD4F7CA41652BB815049232DC6793373FB04"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-25 23:17:11
ComboFix-quarantined-files.txt 2010-04-25 21:16

Před spuštěním: 10 022 580 224 bytes free
Po spuštění: Volných bajtů: 10 037 559 296

- - End Of File - - 198B7157E0FD0024B841A6AA3D641D31

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 22:29
od motji
:arrow: Otestujte na www.virustotal.com

c:\windows\system32\_nNr3YoHZf8mI.exe
c:\windows\system32\yh-_2t.dll
c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
c:\documents and settings\LocalService\Application Data\cqfyto.dat
c:\windows\system32\fmod.dll


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Re: Vir bráníci v rozbalení archívů.

Napsal: 25 dub 2010 23:47
od Lochna
Zde jsou požadované odkazy, tech virů je tam požehnaně...

http://www.virustotal.com/cs/analisis/c ... 1272231802

http://www.virustotal.com/cs/analisis/2 ... 1272232674

http://www.virustotal.com/cs/analisis/0 ... 1272232772

http://www.virustotal.com/cs/analisis/3 ... 1272232843

http://www.virustotal.com/cs/analisis/1 ... 1272232964

Hodil bych to sem dřív, ale zdá se že fórum nějak vypadlo, nebo chyba netu...

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 07:41
od motji
Včera od půlnoci asi půl hodiny nešlo forum, pravidelná udržba :) .
To není počet virů, ale detekce jednotlivých anitivrů, každý má název viru trošku jinak :) .

Než začnu mazat, mohl byjste tento soubor otevřít v notepadu a dát sem obsah?
c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
c:\documents and settings\LocalService\Application Data\cqfyto.dat

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 12:03
od Lochna
Obsah c:\documents and settings\NetworkService\Application Data\rbuwzv.dat:
Â-KVXKľtmK|}’K
Obsah c:\documents and settings\LocalService\Application Data\cqfyto.dat:
ⷂ䬐塖䬐璾䭭

Ten obsah je nějaký divný, ale postupoval sem přesně podle instrukcí. Ale zajímavé kódování.

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 12:12
od motji
:arrow: Ještě prosímotestujte na http://www.virustotal.com
c:\windows\system32\SVKP.sys

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


File::
c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
c:\documents and settings\Admin\Application Data\rbuwzv.dat
c:\documents and settings\LocalService\Application Data\rbuwzv.dat
c:\documents and settings\NetworkService\Application Data\cqfyto.dat
c:\documents and settings\LocalService\Application Data\cqfyto.dat

Collect::
c:\windows\system32\_nNr3YoHZf8mI.exe
c:\windows\system32\yh-_2t.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d919d69-332c-67e8-6ad0-525461b8017d}]

DDS::
uStart Page = hxxp://flvdirect.iamwired.net/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\3mjwj7a0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 13:09
od Lochna
c:\windows\system32\SVKP.sys:
http://www.virustotal.com/cs/analisis/c ... 1272281627


ComboFix 10-04-21.01 - Admin 26.04.2010 13:40:09.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.660 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Desktop\CFScript.txt.txt

FILE ::
"c:\documents and settings\Admin\Application Data\rbuwzv.dat"
"c:\documents and settings\LocalService\Application Data\cqfyto.dat"
"c:\documents and settings\LocalService\Application Data\rbuwzv.dat"
"c:\documents and settings\NetworkService\Application Data\cqfyto.dat"
"c:\documents and settings\NetworkService\Application Data\rbuwzv.dat"

file zipped: c:\windows\system32\_nNr3YoHZf8mI.exe
file zipped: c:\windows\system32\yh-_2t.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\rbuwzv.dat
c:\documents and settings\LocalService\Application Data\cqfyto.dat
c:\documents and settings\LocalService\Application Data\rbuwzv.dat
c:\documents and settings\NetworkService\Application Data\cqfyto.dat
c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
c:\windows\system32\_nNr3YoHZf8mI.exe
c:\windows\system32\yh-_2t.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-25 19:41 . 2010-04-25 19:44 -------- d-----w- c:\program files\trend micro
2010-04-25 19:41 . 2010-04-25 19:42 -------- d-----w- C:\rsit
2010-04-25 19:20 . 2010-04-25 19:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Locktime
2010-04-25 19:18 . 2010-04-25 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2010-04-25 19:18 . 2010-04-25 19:18 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-04-24 14:47 . 2010-04-24 14:47 -------- d-----w- c:\program files\IObit
2010-04-23 20:01 . 2010-04-23 20:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Risen
2010-04-20 01:49 . 2010-04-20 01:49 2368 ----a-w- c:\windows\system32\SVKP.sys
2010-04-14 02:34 . 1998-10-09 16:04 327168 ----a-w- c:\windows\IsUn0405.exe
2010-04-09 20:25 . 2010-04-09 20:25 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-04-09 20:23 . 2010-04-09 20:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ArmA 2
2010-04-05 05:12 . 2010-04-05 05:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\O&O
2010-04-05 05:11 . 2010-04-05 05:11 -------- d-----w- c:\program files\OO Software
2010-04-03 21:30 . 2010-04-03 21:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-03 21:30 . 2010-04-03 21:30 -------- d-----w- c:\program files\Zone Labs
2010-04-03 21:29 . 2010-04-25 19:16 -------- d-----w- c:\windows\Internet Logs
2010-04-03 21:14 . 2010-04-03 21:25 -------- d-----w- c:\program files\CCleaner
2010-04-03 20:50 . 2010-04-03 22:33 -------- d-----w- C:\Signs.Xvid.2002
2010-04-02 21:00 . 2010-04-02 21:24 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo
2010-03-28 15:55 . 2010-03-28 15:55 -------- d-----w- c:\program files\Common Files\Stardock
2010-03-28 15:55 . 2010-03-28 15:55 -------- d-----w- c:\program files\Stardock
2010-03-28 15:55 . 2004-04-26 11:47 163456 ----a-w- c:\windows\system32\drivers\vidstub.sys
2010-03-27 22:23 . 2010-03-31 00:21 -------- d-----w- C:\The.Fast.and.The.Furious.Quadrilogy.720p.BRRip.XviD-SHiRK

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 05:53 . 2007-07-26 10:17 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-04-25 19:59 . 2007-12-22 23:55 -------- d-----w- c:\program files\Prime95
2010-04-25 19:25 . 2008-10-17 18:20 -------- d-----w- c:\program files\BitSpirit
2010-04-25 19:24 . 2008-06-03 19:44 -------- d-----w- c:\program files\IEPro
2010-04-25 19:20 . 2007-06-30 02:25 86384 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-25 13:31 . 2007-06-28 03:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 19:41 . 2007-06-30 02:53 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 19:41 . 2007-06-30 02:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-23 19:41 . 2007-06-28 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-23 19:40 . 2010-01-16 03:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 17:50 . 2009-01-03 17:50 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-04-16 22:12 . 2007-12-16 21:22 -------- d-----w- c:\documents and settings\Admin\Application Data\ICQ
2010-04-04 18:08 . 2009-08-03 00:29 -------- d-----w- c:\program files\Postal2
2010-04-03 20:53 . 2007-06-28 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-03-28 17:12 . 2007-07-05 04:50 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-03-28 16:34 . 2008-12-25 20:07 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-03-28 13:25 . 2010-03-22 09:14 -------- d-----w- c:\program files\JoWooD
2010-03-26 18:15 . 2007-07-26 11:14 -------- d-----w- c:\program files\ESET
2010-03-14 23:48 . 2010-03-14 23:48 -------- d-----w- c:\documents and settings\Admin\Application Data\Hewlett-Packard
2010-03-14 23:45 . 2010-03-14 23:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-14 23:44 . 2010-03-14 23:44 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-14 14:34 . 2010-03-14 14:34 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-03-14 02:26 . 2010-03-14 02:22 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2010-03-14 02:23 . 2010-03-14 02:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-14 02:23 . 2007-06-28 02:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 02:22 . 2010-03-14 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-14 01:09 . 2010-03-14 01:09 85504 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-03-14 01:09 . 2010-03-14 01:09 -------- d-----w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2010-03-13 20:53 . 2010-03-13 20:54 388608 ----a-w- c:\windows\system32\CF32282.exe
2010-03-12 14:08 . 2010-03-12 14:08 -------- d-----w- c:\program files\Eidos
2010-02-08 21:27 . 2010-02-08 21:27 162816 ----a-w- c:\windows\system32\fmod.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Tachometer"="c:\program files\Mouse Tachometer\Mouse Tachometer.exe" [2002-11-01 282624]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\EA GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Sierra\\FEARCombat\\FEARMP.exe"=
"d:\\Steam\\SteamApps\\klitoriz\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\klitoriz\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Sierra\\FEARCombat\\FEARServer.exe"=
"d:\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"d:\\Steam\\Steam.exe"=
"d:\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [20.4.2010 3:49 2368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2007 4:07 691696]
S3 cpuz130;cpuz130;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [16.5.2009 15:02 26224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys [26.9.2006 23:21 21920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\3mjwj7a0.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{792c571c-06ad-9615-cf39-cf3e7fbdadd7}\components\-k_7JFGN_.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-_nNr3YoHZf8mI - c:\windows\system32\_nNr3YoHZf8mI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 13:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,58,eb,8a,b1,ae,68,7d,40,3e,72,fb,9a,e3,8b,35,bc,1d,3a,6e,eb,fa,4a,
de,de,56,24,4a,cf,ac,e2,cc,67,73,65,3b,a5,e1,4b,75,5b,f0,87,a8,1e,b7,02,9c,\
"??"=hex:51,43,57,8f,02,09,c0,62,99,51,06,7c,c5,9c,ef,9b

[HKEY_USERS\S-1-5-21-789336058-1383384898-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:db,1b,3a,af,d0,e8,b8,c1,00,26,e2,92,4c,f2,4c,b3,9d,9a,c8,ed,40,
a3,f6,7f,78,fc,8a,42,2b,9c,3e,90,b0,14,03,b6,0d,69,9b,0f,72,05,e8,71,7b,2a,\
"rkeysecu"=hex:23,c4,d5,72,1b,d3,ff,33,61,a9,cd,1a,f5,4e,f5,9a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="64D4B0D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794C038D530D6EB3452C874E194E5E444BFAB7822773940C81FBBFB669EE47E74E504C5085DC10A26A45ED0A15907432A3094460A8F3D28BF952450E622BFCEAFD102BAC705CCAE74E27AE455EE2D367020167F931BE3333068989DA9616E11461D8997459A1E57B07450B78856718B4D8C5BBF87588ED66160DDB4D876407B31FE1980AD368C9F241BB7E488C45466FC6535B878BA87D7A13B5D7AE431E51BECA05131712253F79B0FA99A67A43ABA3D8F16ADB6E97BD23DA9A26A0494F44E7A207A78C66110A6E8F8469EFA1368D250609777D93EF9348A50DE0F2CD9E54BDD0FFBB727A6C5C3637AD0455FE18C4D7DA67482BD47783F5F49E80B1AEA97971F746466CF5CD9BCE1262F7B6F95B39B0F220ECD02C74D8C97A0B6134EE84A104CC9E58DC01D985145816DBFD06953025406E5EF88B537061457E7708D26A3E3F5FC574BBE3A2E966C09B9A666C9C11D9FF9258E79BBD56938633C025E2A2E18AF70B05254B9AD74BDAAE5D5DDD7B9D7471A1967BE382DCAE92D97B60EAFD582937A91694E520E2AA34B6B89A269DCF526772F4B09BE2510171184952CA8EB513DE3BA6A3D702A460B406311E609AC8B9A957D9D4B160BF42E61AF378DB6A702CD6C13C276B4BE2EE6540D502373918407EBBAD53B368F86A261E8C849B120E9E844247794F4709BAA48CB3D8E9A569CD366C182D4CFC62AED4D260BBCA5D43038929A9BF2B8C21A51CCA5E229A32AE7E9E615C1D7442814094E7F5508D125CFE8F14ADA333C230B590CC5E135E721C93840D649472B92507408B28E0E29589A2AEE28F3BA705EA2C39D7BECB874337DB1B94FDFE8CE433D358E9F3577D41732B18C4E3932F9A5E91413B94BFC8CB90FCD906A634AAC608ED1EA4D5931ADEE8FB7BFFA0F08B2123E576E97D88F24F56385F33843B77972CA569AE1A2EA46D07EF8F30F716B249CCF1926CE04C4E40B2DD7096C04C698E44B520E2B4899DF129EB686116F531124246CA6BE50B1ADFE774965DEBD4EA78840D8AB9B19F273ECE2B44AAAA8F7EC6A92654EEB54300FBFA0DD978C9D68F3132C82C9C5F4F52B7D143B832BD5D76116C89D6F7ABC5FCD99D9A29F13E273FE9BE4EAB7E4D06168C64F186E02C0B049B14735D238489F65C228A470B7E116801E17B0B55338B83CAC801CB6C6460CB72CE34BB112C91981516676F1638333E2FBBF787994C6467079EE9A80B3D9306ED6C6063B9AA83404BF43308020C379C479B2692B4CAD9300DB316D60A4022B67686C8F948A61A0046F3E6B6C9F32D578BE96AFE743B2F31AE13271E01E58CD4F7CA41652BB815049232DC6793373FB04"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-26 13:45:05
ComboFix-quarantined-files.txt 2010-04-26 11:45
ComboFix2.txt 2010-04-25 21:17

Před spuštěním: 10 046 775 296 bytes free
Po spuštění: Volných bajtů: 10 007 138 304

- - End Of File - - D9A15CC3918083A399C3B6B3E8D3D97C
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 14:24
od motji
Jak to vypadá s počítačem?

Re: Vir bráníci v rozbalení archívů.

Napsal: 26 dub 2010 17:58
od Lochna
No ještě nevím, jak sem psal, ten vir se moc neprojevoval, na zkoušku sem spustil instalaci kaspersky jak jsem psal že to nešlo a stále to nejde, ale to je asi poškozený soubor, ještě od toho viru, zkusím jiný. Jinak sem si všiml že při pohlížení internetu furt vyjíždí reklamy, nevím jestli je to nějaká novinka na netu nebo zas nějaký šmejd. Není to vyskakovací okno, ale ta reklama jakoby plynule vyjede shora a celá stránka se kvůli ní trochu posune... Takže ještě budu chviíli testovat a pak dám vědět a také dopředu velké díky :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz