Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Rozesílám spam :-(

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Rozesílám spam :-(

#1 Příspěvek od bflmpsvz »

Může mi někdo poradit čím začít? Rozesílám spam (vidím to pomocí TCPdumpu), starý hijackthis nevidí nic podezřelého, v Process Exploreru nic zvláštního nevidím, Symantec Antivirus nic, Spybot jako vždy něco smazal ale spam odchází pořád.
Když ve firewallu stopnu Exception services.exe, Windows přestanou na výzvy z venku odpovídat (po rebootu si to ale ten vir zase sám povolí).
RSIT hlásí toto:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Moje at 2010-08-04 18:09:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 514 MB (2%) free of 22 GB
Total RAM: 3326 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:24, on 4.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ICO.EXE
D:\Program Files\Freebie Notes\FreebieNotes.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VLC\planovac\pl_pr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Analyzer\Analyzer.exe
D:\Program Files\ProcessExplorer\procexp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\EditPad\EditPad.exe
D:\Program Files\RKR\RSIT.exe
D:\Program Files\RKR\Moje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utdallas.edu/cgi-bin/cgiwrap ... ceroute.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe_Reader_8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Freebie Notes] "D:\Program Files\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Shortcut to pl_pr.lnk = D:\Program Files\VLC\planovac\pl_pr.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E5B374-C3E1-4419-8246-1D811DB82F85}: NameServer = 195.113.144.194,195.113.144.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{C4E5B374-C3E1-4419-8246-1D811DB82F85}: NameServer = 195.113.144.194,195.113.144.233
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 9259 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\bg_kolekce.job
C:\WINDOWS\tasks\do_nothing.job
C:\WINDOWS\tasks\Karlik.job
C:\WINDOWS\tasks\leonard.job
C:\WINDOWS\tasks\rudolf.job
C:\WINDOWS\tasks\shrek.job
C:\WINDOWS\tasks\stihaci2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - D:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-09-24 1036288]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-26 178712]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-06-12 408344]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"BuildBU"=c:\dell\bldbubg.exe [2004-02-19 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-07-17 125072]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"DLADiag"=C:\WINDOWS\DLADiag.EXE [2006-08-11 56056]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2007-03-08 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe_Reader_8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Freebie Notes"=D:\Program Files\Freebie Notes\FreebieNotes.exe [2007-05-20 1033216]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-14 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Shortcut to pl_pr.lnk - D:\Program Files\VLC\planovac\pl_pr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-07-17 43664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoStrCmpLogical"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"D:\Program Files\Orbitdownloader\orbitdm.exe"="D:\Program Files\Orbitdownloader\orbitdm.exe:*:Disabled:Orbit"
"D:\Program Files\DCplus\DCPlusPlus.exe"="D:\Program Files\DCplus\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Orbitdownloader\orbitnet.exe"="D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cisco SCA\SCA BB Console 3.5.5\scabb.exe"="D:\Program Files\Cisco SCA\SCA BB Console 3.5.5\scabb.exe:*:Enabled:scabb"
"D:\Program Files\Serv-U\ServUDaemon.exe"="D:\Program Files\Serv-U\ServUDaemon.exe:*:Enabled:Serv-U FTP Server"
"D:\Program Files\VLC\vlc.exe"="D:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Disabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-04 18:09:23 ----D---- C:\rsit
2010-08-04 12:53:48 ----ASH---- C:\hiberfil.sys
2010-08-04 10:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-03 21:08:56 ----A---- C:\WINDOWS\system32\drivers\gmxxk.sys
2010-08-03 21:08:47 ----A---- C:\WINDOWS\system32\drivers\hfzlnc.sys
2010-08-03 16:06:25 ----A---- C:\CountCyclesWMVDecLog.txt
2010-07-18 23:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-18 23:07:06 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-04 18:07:43 ----A---- C:\WINDOWS\winzip32.ini
2010-08-04 18:07:43 ----A---- C:\WINDOWS\win.ini
2010-08-04 17:42:49 ----D---- C:\WINDOWS\system32\drivers
2010-08-04 17:42:20 ----A---- C:\WINDOWS\ssdiag.ini
2010-08-04 17:42:10 ----D---- C:\WINDOWS\temp
2010-08-04 17:38:37 ----D---- C:\WINDOWS\Prefetch
2010-08-04 17:38:27 ----D---- C:\Program Files\Symantec AntiVirus
2010-08-04 17:38:18 ----D---- C:\MDT
2010-08-04 17:37:53 ----A---- C:\WINDOWS\ModemLog_Courier V.Everything V.90 X2 European PnP.txt
2010-08-04 17:37:51 ----A---- C:\WINDOWS\system32\log.txt
2010-08-04 17:36:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-04 14:46:34 ----D---- C:\WINDOWS
2010-08-04 13:31:27 ----D---- C:\WINDOWS\Minidump
2010-08-04 13:18:54 ----RASH---- C:\boot.ini
2010-08-04 13:18:54 ----A---- C:\WINDOWS\system.ini
2010-08-04 12:50:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-04 12:35:39 ----D---- C:\WINDOWS\system32
2010-08-04 12:33:07 ----D---- C:\Documents and Settings\Moje\Application Data\WORK
2010-08-04 11:33:47 ----D---- C:\WINDOWS\pss
2010-08-04 10:38:41 ----HD---- C:\WINDOWS\inf
2010-08-04 10:38:27 ----SHD---- C:\WINDOWS\system32\dllcache
2010-08-03 21:15:22 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 03:10:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 23:12:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-18 23:12:17 ----RSD---- C:\WINDOWS\assembly
2010-07-18 23:10:13 ----A---- C:\WINDOWS\imsins.BAK
2010-07-18 23:08:42 ----SHD---- C:\WINDOWS\Installer
2010-07-18 23:07:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-18 23:07:41 ----D---- C:\WINDOWS\WinSxS
2010-07-18 23:06:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-18 22:56:56 ----RD---- C:\Program Files
2010-07-18 22:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-07-09 16:48:07 ----A---- C:\WINDOWS\GPro.ini
2010-07-09 00:48:38 ----A---- C:\WINDOWS\gpro.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2007-09-23 305688]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-17 717296]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLADiagM;DLADiagM; C:\WINDOWS\System32\Drivers\DLADiagM.SYS [2006-08-11 13688]
R1 DLAPMonM;DLAPMonM; C:\WINDOWS\System32\Drivers\DLAPMonM.SYS [2006-08-11 30744]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2003-03-14 4228]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-09-24 307712]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100803.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100803.004\navex15.sys []
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
R3 pmxmouse;PMXMOUSE; C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 18432]
R3 pmxusblf;PMXUSBLF; C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 14336]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2007-09-24 392960]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 DLADHK_M;DLADHK_M; C:\WINDOWS\System32\Drivers\DLADHK_M.SYS [2006-08-18 33592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a0c6h1od;a0c6h1od; C:\WINDOWS\system32\drivers\a0c6h1od.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSSUSBF;DSSUSBF Device; C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys [2001-01-30 25381]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EraserUtilDrv11010;EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys []
S3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-07-23 45056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-01-23 133968]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-12 183064]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-07-17 31376]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-26 358936]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-06-12 109336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-17 66872]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-07-17 1817744]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-06-12 2521880]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-06-01 2045632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-07-17 118928]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PYGDAZB;PYGDAZB; C:\DOCUME~1\Moje\LOCALS~1\Temp\PYGDAZB.exe []
S4 XFP;XFP; C:\DOCUME~1\Moje\LOCALS~1\Temp\XFP.exe []
S4 ZJIWS;ZJIWS; C:\DOCUME~1\Moje\LOCALS~1\Temp\ZJIWS.exe []

-----------------EOF-----------------
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#2 Příspěvek od riffman »

zdravim

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce" :!:

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#3 Příspěvek od bflmpsvz »

Tady to je, v autorun.inf jsou jen odkazy na ikony.

ComboFix 10-08-04.02 - Moje 04.08.2010 22:26:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3326.2665 [GMT 2:00]
Spuštěný z: c:\documents and settings\Moje\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Moje\Application Data\avdrn.dat
c:\windows\system32\prejmenovat_jde_a_smazat_ne!!!!was_riched20.dllllll
D:\Autorun.inf
E:\autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 16:09 . 2010-08-04 16:09 -------- d-----w- C:\rsit
2010-08-03 19:08 . 2010-08-04 20:28 765952 ----a-w- c:\windows\system32\drivers\gmxxk.sys
2010-08-03 19:08 . 2010-08-04 20:28 585472 ----a-w- c:\windows\system32\drivers\hfzlnc.sys
2010-07-18 21:05 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 20:18 . 2008-01-21 21:18 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-04 11:12 . 2008-03-13 22:03 4689 ----a-w- c:\documents and settings\Moje\Application Data\hexplorer.dat
2010-08-04 11:12 . 2008-02-27 16:53 78046 ----a-w- c:\documents and settings\Moje\Application Data\mclip.dat
2010-08-04 10:33 . 2008-02-07 10:48 -------- d-----w- c:\documents and settings\Moje\Application Data\WORK
2010-08-04 09:59 . 2007-12-13 18:16 58152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 19:08 . 2010-08-03 19:08 16 ----a-w- c:\documents and settings\LocalService\Application Data\bawuho.dat
2010-07-18 21:06 . 2008-01-21 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-18 20:56 . 2010-01-24 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-08 22:48 . 2008-02-29 22:04 3214 ----a-w- c:\windows\gpro.tmp
2010-07-02 20:53 . 2009-12-17 21:01 -------- d-----w- c:\documents and settings\Moje\Application Data\AllDup
2010-06-16 20:15 . 2009-10-13 13:42 -------- d-----w- c:\documents and settings\Moje\Application Data\avidemux
2010-06-15 18:44 . 2008-01-02 10:35 -------- d-----w- c:\program files\SpeedFan
2010-06-14 21:17 . 2009-10-23 21:33 -------- d-----w- c:\documents and settings\Moje\Application Data\Orbit
2010-06-14 14:31 . 2004-08-11 17:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 08:12 . 2010-06-06 08:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Orbit
2008-02-21 21:38 . 2008-02-21 21:22 10134 ---ha-w- c:\program files\Red_folder_ico_L.ico
2006-05-03 09:06 . 2010-05-04 20:14 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-05-04 20:14 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-05-04 20:14 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Freebie Notes"="d:\program files\Freebie Notes\FreebieNotes.exe" [2007-05-20 1033216]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-07-17 125072]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DLADiag"="c:\windows\DLADiag.EXE" [2006-08-11 56056]
"PMX Daemon"="ICO.EXE" [2007-03-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe_Reader_8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to pl_pr.lnk - d:\program files\VLC\planovac\pl_pr.exe [2008-2-7 302592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\DCplus\\DCPlusPlus.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Cisco SCA\\SCA BB Console 3.5.5\\scabb.exe"=
"d:\\Program Files\\Serv-U\\ServUDaemon.exe"=
"d:\\Program Files\\VLC\\vlc.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3963:UDP"= 3963:UDP:Windows Media Format SDK (iexplore.exe)
"3964:UDP"= 3964:UDP:Windows Media Format SDK (iexplore.exe)
"3962:UDP"= 3962:UDP:Windows Media Format SDK (iexplore.exe)
"3965:UDP"= 3965:UDP:Windows Media Format SDK (iexplore.exe)
"3977:UDP"= 3977:UDP:Windows Media Format SDK (iexplore.exe)
"3978:UDP"= 3978:UDP:Windows Media Format SDK (iexplore.exe)
"3976:UDP"= 3976:UDP:Windows Media Format SDK (iexplore.exe)
"3979:UDP"= 3979:UDP:Windows Media Format SDK (iexplore.exe)
"3983:UDP"= 3983:UDP:Windows Media Format SDK (iexplore.exe)
"3984:UDP"= 3984:UDP:Windows Media Format SDK (iexplore.exe)
"3982:UDP"= 3982:UDP:Windows Media Format SDK (iexplore.exe)
"3985:UDP"= 3985:UDP:Windows Media Format SDK (iexplore.exe)
"3987:UDP"= 3987:UDP:Windows Media Format SDK (iexplore.exe)
"3986:UDP"= 3986:UDP:Windows Media Format SDK (iexplore.exe)
"25:TCP"= 25:TCP:192.168.1.1/255.255.255.255:Enabled:Mail

R1 DLADiagM;DLADiagM;c:\windows\system32\drivers\DLADiagM.SYS [26.3.2008 21:23 13688]
R1 DLAPMonM;DLAPMonM;c:\windows\system32\drivers\DLAPMonM.SYS [26.3.2008 21:23 30744]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [23.1.2007 5:58 133968]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [13.12.2007 20:14 183064]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [13.12.2007 20:14 2521880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [13.6.2010 23:09 102448]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [24.1.2008 23:34 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [24.1.2008 23:34 14336]
S1 DLADHK_M;DLADHK_M;c:\windows\system32\drivers\DLADHK_M.SYS [26.3.2008 21:23 33592]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [30.1.2001 17:34 25381]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.7.2006 18:38 118928]
S4 PYGDAZB;PYGDAZB;c:\docume~1\Moje\LOCALS~1\Temp\PYGDAZB.exe --> c:\docume~1\Moje\LOCALS~1\Temp\PYGDAZB.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2008 21:14 717296]
S4 XFP;XFP;c:\docume~1\Moje\LOCALS~1\Temp\XFP.exe --> c:\docume~1\Moje\LOCALS~1\Temp\XFP.exe [?]
S4 ZJIWS;ZJIWS;c:\docume~1\Moje\LOCALS~1\Temp\ZJIWS.exe --> c:\docume~1\Moje\LOCALS~1\Temp\ZJIWS.exe [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - gmxxk
*Deregistered* - hfzlnc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2008-12-15 c:\windows\Tasks\bg_kolekce.job
- d:\util\empty.txt [2008-12-15 21:44]

2008-12-15 c:\windows\Tasks\do_nothing.job
- d:\util\empty.txt [2008-12-15 21:44]

2010-01-02 c:\windows\Tasks\Karlik.job
- d:\util\empty.txt [2008-12-15 21:44]

2009-09-19 c:\windows\Tasks\leonard.job
- d:\util\empty.txt [2008-12-15 21:44]

2008-12-23 c:\windows\Tasks\rudolf.job
- d:\util\empty.txt [2008-12-15 21:44]

2010-04-05 c:\windows\Tasks\shrek.job
- d:\util\empty.txt [2008-12-15 21:44]

2009-05-14 c:\windows\Tasks\stihaci2.job
- d:\util\empty.txt [2008-12-15 21:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.utdallas.edu/cgi-bin/cgiwrap/joe/traceroute.pl
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {C4E5B374-C3E1-4419-8246-1D811DB82F85} = 195.113.144.194,195.113.144.233
FF - ProfilePath - c:\documents and settings\Moje\Application Data\Mozilla\Firefox\Profiles\wqn5hnyv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.enabled - false
FF - component: c:\documents and settings\Moje\Application Data\Mozilla\Firefox\Profiles\wqn5hnyv.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\components\libchm.dll
FF - component: d:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-ITBar7Position - (no file)
AddRemove-HTML Help Workshop - c:\program files\HTML Help Workshop\setup.exe
AddRemove-IcoFX_is1 - d:\program files\IcoFX 1.5\unins000.exe
AddRemove-{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} - c:\program files\GetDataBackNTFS\GetDataBack for NTFS\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 22:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gmxxk]

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hfzlnc]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2324071218-3804417376-3041544015-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2324071218-3804417376-3041544015-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*b*i*l%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2324071218-3804417376-3041544015-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%i*n*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2324071218-3804417376-3041544015-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%i*n*\OpenWithList]
@Class="Shell"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-04 22:29:32
ComboFix-quarantined-files.txt 2010-08-04 20:29
ComboFix2.txt 2008-12-07 00:13
ComboFix3.txt 2008-12-07 01:22

Před spuštěním: 495 378 432 bytes free
Po spuštění: 519 356 416 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1914163EA4F6EAFA700B7C6BDA5AC238
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#4 Příspěvek od riffman »

nez zacneme vrazdit, optam se na tohle:
Obsah adresáře 'Naplánované úlohy'

2008-12-15 c:\windows\Tasks\bg_kolekce.job
- d:\util\empty.txt [2008-12-15 21:44]

2008-12-15 c:\windows\Tasks\do_nothing.job
- d:\util\empty.txt [2008-12-15 21:44]

2010-01-02 c:\windows\Tasks\Karlik.job
- d:\util\empty.txt [2008-12-15 21:44]

2009-09-19 c:\windows\Tasks\leonard.job
- d:\util\empty.txt [2008-12-15 21:44]

2008-12-23 c:\windows\Tasks\rudolf.job
- d:\util\empty.txt [2008-12-15 21:44]

2010-04-05 c:\windows\Tasks\shrek.job
- d:\util\empty.txt [2008-12-15 21:44]

2009-05-14 c:\windows\Tasks\stihaci2.job
- d:\util\empty.txt [2008-12-15 21:44]
to je v poradku?
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#5 Příspěvek od bflmpsvz »

Já doufám že ano, to jsou jednorázové joby které zapínaly uspaný počítač, a protože se musí něco otevřít aby se počítač zase neuspal, tak jsem nechal otvírat prázdný textový soubor.

Mimochodem, zkusil jsem spustit MWAV MircoWorld Anti Virus Toolkit, Scan&Clean jen na memory, a on mi bez náhrady smazal soubory autorun.inf , že prý je v tom Fujack virus.
Což je nesmysl, byl tam jen řádek odkazující na ikonu. Jinak ale když jsem nechal jen scanovat soubory, hlásil spoustu různé havěti. Já se ho ale bojím pustit naostro, když to vypadá, že maže bez náhrady. Tvrdil, že je zavirovaný třeba nircmd.exe, který je určitě O.K. Nevíte, jestli MWAV nemá někde nastavení aby soubory ukládal do karantény, jak je obvyklé?
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#6 Příspěvek od riffman »

chovani MWAV je vicemene paranoidni; od te doby, co zmenili skenovaci motor, jej neaplikuji

dame jeste jeden sken, nez to zabijeme

stahnete GMER , rozbalte a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce" :!:

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem :)
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#7 Příspěvek od bflmpsvz »

Tady je prvni pokus.
Momentálně Windows už nenabootuju ani do safe modu, až seženu bootovací CD a nějak to vzkřísím tak budu pokračovat.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-06 00:15:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Moje\LOCALS~1\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT spks.sys ZwEnumerateKey [0xB9EC6CA2] <-- ROOTKIT !!!
SSDT spks.sys ZwEnumerateValueKey [0xB9EC7030] <-- ROOTKIT !!!

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A812D98
Device \FileSystem\Ntfs \Ntfs 8B3831F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \Fat 8A4E91F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 8A76C3A8
Device \Driver\Tcpip \Device\Tcp 8A76C3A8
Device \Driver\Tcpip \Device\Udp 8A76C3A8
Device \Driver\Tcpip \Device\RawIp 8A76C3A8

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] gmxxk <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] hfzlnc <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#8 Příspěvek od riffman »

uz ho melem :)

zkuste po startu mackat F8 a vybrat Posledni znamou funkcni konfiguraci...

az to pujde, stahnete Avenger


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce" :!:

do okna s nazvem Input script here vlozte nasledujici text:

Kód: Vybrat vše

Drivers to delete:
hfzlnc
gmxxk
XFP
ZJIWS
PYGDAZB
kliknete na Execute, potvrdte na vyskocivsim okne hlasku o potvrzeni provedeni skriptu klikem na Yes:

Obrázek

pote budete odmeneni dalsim okynkem informujicim vas o nastaveni skriptu pro dalsi start OS, kliknutim na tlacitko Yes restartujete pocitac

po restartu na vas vybafne log z avengeru, vlozte jej sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#9 Příspěvek od bflmpsvz »

Nakonec jsem musel nabootovat z instalačního CD a v adresáři C:\WINDOWS\system32\drivers smazat nulové soubory gmxxk.sys a hfzlnc.sys . Pak jsem zase normálně nabootoval.

Avenger napsal toto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "hfzlnc" deleted successfully.
Driver "gmxxk" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\XFP" not found!
Deletion of driver "XFP" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ZJIWS" not found!
Deletion of driver "ZJIWS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\PYGDAZB" not found!
Deletion of driver "PYGDAZB" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


Ovšem v registrech vidím ještě několik záznamů na jméno hfzlnc a gmxxk. Taky po prvním spuštění jsem zahlídl něco jako "not enough virtual memory" a po rebootu
mi ViewTCP z MWAV ukázal, že se pořád něco snaží navázat https někam ven (raději to filtruju na nejbližším routeru). Pustil jsem to ještě jednou,
Avenger už hlásí že nic nenašel, a ViewTCP už nic neukazuje. Tak nevím. Mám zkusit ten GMER?
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#10 Příspěvek od riffman »

zkuste GMER a poprosim i o aktualni sken RSIT
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#11 Příspěvek od bflmpsvz »

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-10 17:18:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Moje\LOCALS~1\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT spqo.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spqo.sys ZwEnumerateValueKey [0xB9EC7030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B3841F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \Fat 8A3E4500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-10 22:25:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Moje\LOCALS~1\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A6DAB08 ZwAlertResumeThread
SSDT 8A592080 ZwAlertThread
SSDT 8A8295A0 ZwAllocateVirtualMemory
SSDT spzb.sys ZwCreateKey [0xB9EA80E0]
SSDT 8A6D32C0 ZwCreateMutant
SSDT 8A588C10 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9CD6BCC0]
SSDT spzb.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spzb.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT 8A598EF8 ZwFreeVirtualMemory
SSDT 8A8614D8 ZwImpersonateAnonymousToken
SSDT 8A861510 ZwImpersonateThread
SSDT 8A574220 ZwMapViewOfSection
SSDT 8A6D4998 ZwOpenEvent
SSDT spzb.sys ZwOpenKey [0xB9EA80C0]
SSDT 8A5BE138 ZwOpenProcessToken
SSDT 8A6E4D88 ZwOpenThreadToken
SSDT spzb.sys ZwQueryKey [0xB9EC7108]
SSDT 8A5A1210 ZwQueryValueKey
SSDT 8A80BD80 ZwResumeThread
SSDT 8A8260D8 ZwSetContextThread
SSDT 8A83EDE8 ZwSetInformationProcess
SSDT 8A30B3F8 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9CD6BF20]
SSDT 8A5AB3A8 ZwSuspendProcess
SSDT 8A320118 ZwSuspendThread
SSDT 8A73D2D8 ZwTerminateProcess
SSDT 8A3F6118 ZwTerminateThread
SSDT 8A5A9190 ZwUnmapViewOfSection
SSDT 8A549EE8 ZwWriteVirtualMemory

INT 0x73 ? 8B384BF8
INT 0x83 ? 8A847F00
INT 0x94 ? 8A847F00
INT 0xA4 ? 8A847F00
INT 0xB4 ? 8A847F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F60 805047FC 8 Bytes CALL 78DACBEE
.text ntkrnlpa.exe!ZwCallbackReturn + 3024 805048C0 4 Bytes CALL 74DA9D63
? spzb.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB80B8000, 0x187662, 0xE8000020]
.text USBPORT.SYS!DllUnload B80568AC 5 Bytes JMP 8A8474E0
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0x9CE2AA00]
.text a3i1pn2r.SYS 9CB5B384 1 Byte [20]
.text a3i1pn2r.SYS 9CB5B384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a3i1pn2r.SYS 9CB5B3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a3i1pn2r.SYS 9CB5B3C4 3 Bytes [00, 00, 00]
.text a3i1pn2r.SYS 9CB5B3C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spzb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spzb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spzb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spzb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spzb.sys
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a3i1pn2r.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B3831F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 8A52C500
Device \Driver\NetBT \Device\NetBT_Tcpip_{C4E5B374-C3E1-4419-8246-1D811DB82F85} 8A73D500
Device \Driver\PCI_PNP5490 \Device\00000050 spzb.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A85A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3851F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B3851F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B3851F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B3851F8
Device \Driver\usbuhci \Device\USBPDO-1 8A85A1F8
Device \Driver\usbehci \Device\USBPDO-2 8A7A61F8
Device \Driver\sptd \Device\1564569240 spzb.sys
Device \Driver\usbuhci \Device\USBPDO-3 8A85A1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A85A1F8
Device \Driver\usbuhci \Device\USBPDO-5 8A85A1F8
Device \Driver\usbehci \Device\USBPDO-6 8A7A61F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3171F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3171F8
Device \Driver\Cdrom \Device\CdRom0 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B3171F8
Device \Driver\Cdrom \Device\CdRom1 8A75C1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D70A50] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D70A50] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D70A50] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [B9D70A50] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8B3171F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8B3171F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8B3171F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A73D500
Device \Driver\NetBT \Device\NetbiosSmb 8A73D500
Device \Driver\usbuhci \Device\USBFDO-0 8A85A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A85A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A59E500
Device \Driver\usbehci \Device\USBFDO-2 8A7A61F8
Device 8A59E500
Device \Driver\usbuhci \Device\USBFDO-3 8A85A1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A85A1F8
Device \Driver\Ftdisk \Device\FtControl 8B3171F8
Device \Driver\usbuhci \Device\USBFDO-5 8A85A1F8
Device \Driver\usbehci \Device\USBFDO-6 8A7A61F8
Device \Driver\a3i1pn2r \Device\Scsi\a3i1pn2r1Port1Path0Target0Lun0 8A590500
Device \Driver\a3i1pn2r \Device\Scsi\a3i1pn2r1 8A590500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device 8A34C500
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x5E 0x47 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3D 0xE8 0x9C 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFE 0x45 0xAD 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x5E 0x47 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3D 0xE8 0x9C 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAF 0x59 0xBA 0x07 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x22 0x5E 0x47 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3D 0xE8 0x9C 0xC7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAF 0x59 0xBA 0x07 ...


Scanování souborů skončilo vždycky vytuhnutím počítače, tak jsem je scanoval zvlášť, s výsledkem
"GMER hasn't found any system modification."

RSIT vyhodil toto:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Moje at 2010-08-11 02:34:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 22 GB
Total RAM: 3326 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:59, on 11.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Freebie Notes\FreebieNotes.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VLC\planovac\pl_pr.exe
D:\Program Files\EditPad\EditPad.exe
C:\DOCUME~1\Moje\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\Moje\LOCALS~1\temp\viewtcp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tracert.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\RKR\RSIT.exe
D:\Program Files\RKR\Moje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe_Reader_8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Freebie Notes] "D:\Program Files\Freebie Notes\FreebieNotes.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Shortcut to pl_pr.lnk = D:\Program Files\VLC\planovac\pl_pr.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E5B374-C3E1-4419-8246-1D811DB82F85}: NameServer = 195.113.144.194,195.113.144.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{C4E5B374-C3E1-4419-8246-1D811DB82F85}: NameServer = 195.113.144.194,195.113.144.233
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 8862 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\bg_kolekce.job
C:\WINDOWS\tasks\do_nothing.job
C:\WINDOWS\tasks\Karlik.job
C:\WINDOWS\tasks\leonard.job
C:\WINDOWS\tasks\rudolf.job
C:\WINDOWS\tasks\shrek.job
C:\WINDOWS\tasks\stihaci2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - D:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-09-24 1036288]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-26 178712]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-06-12 408344]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"BuildBU"=c:\dell\bldbubg.exe [2004-02-19 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-07-17 125072]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"DLADiag"=C:\WINDOWS\DLADiag.EXE [2006-08-11 56056]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2007-03-08 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe_Reader_8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Freebie Notes"=D:\Program Files\Freebie Notes\FreebieNotes.exe [2007-05-20 1033216]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-14 486856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Shortcut to pl_pr.lnk - D:\Program Files\VLC\planovac\pl_pr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-07-17 43664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoStrCmpLogical"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDrives"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\Orbitdownloader\orbitdm.exe"="D:\Program Files\Orbitdownloader\orbitdm.exe:*:Disabled:Orbit"
"D:\Program Files\DCplus\DCPlusPlus.exe"="D:\Program Files\DCplus\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Orbitdownloader\orbitnet.exe"="D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cisco SCA\SCA BB Console 3.5.5\scabb.exe"="D:\Program Files\Cisco SCA\SCA BB Console 3.5.5\scabb.exe:*:Enabled:scabb"
"D:\Program Files\Serv-U\ServUDaemon.exe"="D:\Program Files\Serv-U\ServUDaemon.exe:*:Enabled:Serv-U FTP Server"
"D:\Program Files\VLC\vlc.exe"="D:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-09 19:29:19 ----A---- C:\avenger.txt
2010-08-09 19:16:53 ----D---- C:\Avenger
2010-08-09 19:16:53 ----A---- C:\avenger_9-8-2010_1.txt
2010-08-09 18:36:06 ----ASH---- C:\pagefile.sys
2010-08-05 14:51:53 ----AD---- C:\WINDOWS\VDLL.DLL
2010-08-05 14:51:53 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-08-05 14:51:53 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-08-05 14:51:53 ----AD---- C:\WINDOWS\logo_1.exe
2010-08-05 14:50:27 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-08-05 14:50:27 ----A---- C:\WINDOWS\REGEDIT.COM
2010-08-05 14:50:25 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-04 22:54:47 ----SHD---- C:\RECYCLER
2010-08-04 22:29:32 ----A---- C:\ComboFix.txt
2010-08-04 22:24:59 ----A---- C:\WINDOWS\PEV.exe
2010-08-04 22:24:59 ----A---- C:\WINDOWS\MBR.exe
2010-08-04 18:09:23 ----D---- C:\rsit
2010-08-04 10:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-03 16:06:25 ----A---- C:\CountCyclesWMVDecLog.txt
2010-07-18 23:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-18 23:07:06 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-11 02:27:18 ----D---- C:\WINDOWS\temp
2010-08-11 02:26:53 ----A---- C:\WINDOWS\ssdiag.ini
2010-08-11 02:26:36 ----D---- C:\MDT
2010-08-11 02:25:26 ----D---- C:\Program Files\Symantec AntiVirus
2010-08-11 02:25:20 ----A---- C:\WINDOWS\ModemLog_Courier V.Everything V.90 X2 European PnP.txt
2010-08-11 02:25:18 ----A---- C:\WINDOWS\system32\log.txt
2010-08-11 02:24:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-11 00:30:05 ----D---- C:\WINDOWS\Prefetch
2010-08-11 00:29:31 ----D---- C:\WINDOWS\system32\drivers
2010-08-10 17:29:04 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-10 16:00:07 ----D---- C:\WINDOWS\system32
2010-08-09 23:27:21 ----D---- C:\WINDOWS
2010-08-09 19:47:34 ----A---- C:\WINDOWS\winzip32.ini
2010-08-09 19:47:34 ----A---- C:\WINDOWS\win.ini
2010-08-06 00:12:18 ----D---- C:\WINDOWS\Minidump
2010-08-05 22:28:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-05 14:50:25 ----D---- C:\Program Files\Common Files
2010-08-05 14:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2010-08-05 12:33:55 ----RD---- C:\Program Files
2010-08-05 12:26:27 ----A---- C:\WINDOWS\wininit.ini
2010-08-04 23:24:49 ----D---- C:\WINDOWS\Registration
2010-08-04 22:29:34 ----AD---- C:\Qoobox
2010-08-04 22:28:50 ----D---- C:\WINDOWS\ERDNT
2010-08-04 22:28:38 ----A---- C:\WINDOWS\system.ini
2010-08-04 22:28:31 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-04 22:27:49 ----D---- C:\WINDOWS\AppPatch
2010-08-04 13:18:54 ----RASH---- C:\boot.ini
2010-08-04 12:33:07 ----D---- C:\Documents and Settings\Moje\Application Data\WORK
2010-08-04 11:33:47 ----D---- C:\WINDOWS\pss
2010-08-04 10:38:41 ----HD---- C:\WINDOWS\inf
2010-08-04 10:38:27 ----SHD---- C:\WINDOWS\system32\dllcache
2010-08-03 21:15:22 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-18 23:12:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-18 23:12:17 ----RSD---- C:\WINDOWS\assembly
2010-07-18 23:10:13 ----A---- C:\WINDOWS\imsins.BAK
2010-07-18 23:08:42 ----SHD---- C:\WINDOWS\Installer
2010-07-18 23:07:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-18 23:07:41 ----D---- C:\WINDOWS\WinSxS
2010-07-18 23:06:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-18 22:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2007-09-23 305688]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-17 717296]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLADiagM;DLADiagM; C:\WINDOWS\System32\Drivers\DLADiagM.SYS [2006-08-11 13688]
R1 DLAPMonM;DLAPMonM; C:\WINDOWS\System32\Drivers\DLAPMonM.SYS [2006-08-11 30744]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2003-03-14 4228]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-09-24 307712]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100809.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100809.002\navex15.sys []
R3 pmxmouse;PMXMOUSE; C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 18432]
R3 pmxusblf;PMXUSBLF; C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 14336]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2007-09-24 392960]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 DLADHK_M;DLADHK_M; C:\WINDOWS\System32\Drivers\DLADHK_M.SYS [2006-08-18 33592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ahk71epn;ahk71epn; C:\WINDOWS\system32\drivers\ahk71epn.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSSUSBF;DSSUSBF Device; C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys [2001-01-30 25381]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-07-23 45056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-01-23 133968]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-12 183064]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-07-17 31376]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-26 358936]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-06-12 109336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-17 66872]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-07-17 1817744]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-06-12 2521880]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-06-01 2045632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-07-17 118928]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#12 Příspěvek od riffman »

dle logu je zavrazdeno, tudiz v poradku

jeste stale rozesilate spam?
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#13 Příspěvek od bflmpsvz »

Zatím zdá se je to O.K.
Mám ale pár dotazů - jednak, kde jsem to mohl chytit a pak jak se vyhnout recidivě. Firewall mám standardní z Windows, updaty stahuju, hlídá mi to Symantec Antivirus.

Taky mi na C: disku přibylo 2,5GB volného prostoru, ačkoliv jsem tam měl plno už relativně dávno a při hledání co bych smazal jsem na nic
podezřelého nepřišel.
Nahoru
Uživatelský avatar
riffman
VIP
VIP
Příspěvky: 3203
Registrován: 20 říj 2004 07:00
Bydliště: České Budějovice
Kontaktovat uživatele:
Kontaktovat uživatele riffman

Re: Rozesílám spam :-(

#14 Příspěvek od riffman »

windowsoidni firewall ee, to fakt ne...kontroluje pouze prichozi komunikaci a jeste tak nejak blbe...

zkousel jste cistit pocitac CCleanerem?
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Nahoru
bflmpsvz
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 02 pro 2008 16:58

Re: Rozesílám spam :-(

#15 Příspěvek od bflmpsvz »

CCleaner jsem nezkoušel. Co se od toho dá očekávat?

Mimochodem, Combofix vytvoří key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf s hodnotou @="@SYS:Software\\Swearware\\dump
čímž zruší funkci souborů autorun.inf . To se mi nelíbí, tak jsem ten key zase vyhodil.
Autorun mám zakázaný pomocí gpedit.msc->Computer Configuration->Administrative Template->System->Turn off Autoplay.
Je takový stav nějak potenciálně nebezpečný?
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“