VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

JS/Kryptik.L.Gen

https://forum.viry.cz:443/viewtopic.php?t=104878

Stránka 1 z 1

JS/Kryptik.L.Gen

Napsal: 23 zář 2010 10:39
od Santos
Prosím o kontrolu logu, před několika dny mi NOD 32 zachytil a uložil do karantény JS/Kryptik.L.Gen

Logfile of random's system information tool 1.08 (written by random/random)
Run by Krump Svatoslav at 2010-09-23 11:31:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (16%) free of 73 GB
Total RAM: 768 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:44, on 23.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krump Svatoslav\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Krump Svatoslav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Seznam lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Listicka\Toolbar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam Listicka\Toolbar.dll/5035
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3190CE26-0B6E-4133-A7D3-87D29CB92120} (SBIInetInstall Control) - http://www.bezpecnyinternet.cz/SBI.cab
O16 - DPF: {3190CE27-0B6E-4133-A7D3-87D29CB92120} (SBIInetInstall Control) - http://www.bezpecnyinternet.cz/SBIAV.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9284726203
O17 - HKLM\System\CCS\Services\Tcpip\..\{85DF5996-80DE-4119-8F85-1126E05E01A0}: NameServer = 81.0.255.140,84.19.64.2,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{89B781D4-5078-4B3A-AC9B-3A1D54CD40BF}: NameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE805810-F062-4663-915B-8A438A99334F}: NameServer = 81.0.246.253,192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10230 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-27 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam lištička - C:\Program Files\Seznam Listicka\Toolbar.dll [2005-04-01 524288]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-27 2403392]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []
"EPSON Stylus C43 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-12-10 75776]
"602PC SUITE PDF Saver"=C:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]
"pdfSaver3"= []
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2005-06-20 446464]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-04 1817600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=nview.dll,nViewLoadHook []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamAntidialer]
C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe [2005-01-24 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Auto run of VideoCam Suite 1.0.lnk]
C:\PROGRA~1\PANASO~1\VIDEOC~1\VIDEOC~2.EXE [2008-04-18 161160]

C:\Documents and Settings\Krump Svatoslav\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe:*:Enabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Krump Svatoslav\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\Facemoods.exe"="C:\Documents and Settings\Krump Svatoslav\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\Facemoods.exe:*:Enabled:Facemoods Installer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-15 07:11:31 ----HD---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 07:11:25 ----HD---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 07:11:20 ----HD---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 07:11:13 ----HD---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 07:11:07 ----HD---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 07:11:01 ----HD---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 07:08:06 ----HD---- C:\WINDOWS\$NtUninstallKB2141007$
2010-08-27 06:42:17 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2010-09-23 10:56:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-22 12:05:00 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-15 07:11:30 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 07:08:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2002-10-31 30848]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2003-12-15 114496]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-02-02 188672]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-05-21 30592]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-05-21 1063040]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-05-21 196352]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ovt530;Webcam Deluxe; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-04-16 32256]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-05-21 631296]
S3 Am772;SMC2602W 11 Mbps Wireless 802.11 Adapter; C:\WINDOWS\System32\DRIVERS\Am772.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT2400;ASUS Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2400.sys [2003-10-08 51712]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WLAN; Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\wlanNDS.sys [2002-01-18 54784]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2007-05-29 181312]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-04 606720]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2004-01-08 39936]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: JS/Kryptik.L.Gen

Napsal: 23 zář 2010 11:21
od earl
Zdravim,

:arrow: CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

V operacnich systemech Windows Vista a Windows 7 je nutno spoustet aplikaci jako spravce (kliknutim pravym tlacitkem mysi na ikonu ComboFixu a klepnutim levym na volbu "Spustit jako spravce")

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet :!:

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: JS/Kryptik.L.Gen

Napsal: 23 zář 2010 12:03
od Santos
ComboFix 10-09-22.06 - Krump Svatoslav 23.09.2010 12:47:29.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.768.357 [GMT 2:00]
Spuštěný z: c:\documents and settings\Krump Svatoslav\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-08-27 04:42 . 2010-08-27 04:42 -------- d-----w- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 09:35 . 2010-08-20 09:35 -------- d-----w- c:\program files\Canon
2010-08-17 13:17 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 11:44 . 2010-08-13 11:44 -------- d-----w- c:\program files\Haali
2010-08-13 11:15 . 2010-08-13 11:15 -------- d-----w- c:\program files\XVideoConverter
2010-08-13 10:47 . 2010-08-13 10:47 -------- d-----w- c:\program files\Cucusoft
2010-08-13 10:26 . 2010-08-13 10:26 -------- d-----w- c:\program files\Ultra Video Converter
2010-08-13 10:03 . 2010-08-13 10:03 -------- d-----w- c:\program files\The KMPlayer
2010-08-11 09:53 . 1979-12-31 22:00 92730 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 09:53 . 1979-12-31 22:00 456078 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 05:40 . 2010-07-31 05:40 -------- d-----w- c:\program files\Common Files\Skype
2010-07-22 15:46 . 2004-11-01 10:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 1979-12-31 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2006-12-12 12:28 . 2006-12-12 12:26 12844360 ----a-w- c:\program files\SkypeSetup.exe
2006-02-06 15:52 . 2006-02-06 15:45 3256992 ----a-w- c:\program files\quadrax3.exe
2005-12-30 17:02 . 2006-02-23 09:43 8073560 ----a-w- c:\program files\gimp-2.2.10-i586-setup.exe
2005-10-02 09:05 . 2005-10-02 09:04 5510312 ----a-w- c:\program files\kerio-kpf-4.2.1-896-win.exe
2005-09-21 13:43 . 2005-09-21 13:43 202152 ----a-w- c:\program files\CWShredder.zip
2005-09-20 19:28 . 2005-09-23 10:58 184567 ----a-w- c:\program files\ouw850_cs.lng
2005-09-10 22:02 . 2006-02-23 11:51 22486584 ----a-w- c:\program files\gimp-help-2-0.9-setup.exe
2005-06-05 08:23 . 2005-06-05 08:23 2459378 ----a-w- c:\program files\audacity-win-1.2.3.exe
2005-06-02 18:26 . 2005-06-02 18:26 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-05-31 13:49 . 2005-05-31 13:49 7575084 ----a-w- c:\program files\kerio-pf-4.1.3-en-win.exe
2005-02-14 17:17 . 2005-01-07 07:36 384868 ----a-w- c:\program files\sachy.zip
2005-01-07 07:03 . 2005-01-07 07:03 645813 ----a-w- c:\program files\bridge203.exe
2004-09-12 12:02 . 2005-01-05 15:36 1271239 ----a-w- c:\program files\armagetron-windows-0.2.5.2.exe
2004-06-10 07:46 . 2005-01-05 15:45 7919532 ----a-w- c:\program files\setup_kroet-xs.exe
2004-06-10 07:34 . 2005-01-05 15:44 10014395 ----a-w- c:\program files\wof.exe
2002-07-21 11:15 . 2005-01-05 15:38 9637584 ----a-w- c:\program files\ogrebowler-drm3.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-05-21 4608]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-04 1817600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]

c:\documents and settings\Krump Svatoslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Auto run of VideoCam Suite 1.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamAntidialer]
2005-01-24 09:11 286720 ----a-w- c:\program files\Seznam Bezpecny Internet\SBIAntiDialer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [15.12.2005 18:13 274432]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [15.12.2005 18:01 81920]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [15.12.2003 22:20 114496]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.6.2007 11:39 141312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [13.12.2009 12:55 161792]
S3 Am772;SMC2602W 11 Mbps Wireless 802.11 Adapter;c:\windows\system32\DRIVERS\Am772.sys --> c:\windows\system32\DRIVERS\Am772.sys [?]
S3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [4.10.2004 17:43 51712]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [28.10.2009 17:02 54784]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Přelož do češtiny - c:\program files\Seznam Listicka\Toolbar.dll/5034
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledej v &Seznamu - c:\program files\Seznam Listicka\Toolbar.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Listicka\Toolbar.dll/5035
TCP: {85DF5996-80DE-4119-8F85-1126E05E01A0} = 81.0.255.140,84.19.64.2,192.168.2.1
TCP: {89B781D4-5078-4B3A-AC9B-3A1D54CD40BF} = 192.168.100.1
TCP: {CE805810-F062-4663-915B-8A438A99334F} = 81.0.246.253,192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3190CE26-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.bezpecnyinternet.cz/SBI.cab
DPF: {3190CE27-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.bezpecnyinternet.cz/SBIAV.cab
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.listicka.cz/toolbar.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-pdfSaver3 - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-HijackThis - c:\documents and settings\Krump Svatoslav\Data aplikací\Opera\Opera\profile\cache4\temporary_download\HijackThis.exe
AddRemove-Lexicon 4.0 - c:\windows\LgUninst.exe
AddRemove-Opera česky_is1 - c:\program files\Opera\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 12:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-09-23 13:00:28
ComboFix-quarantined-files.txt 2010-09-23 11:00

Před spuštěním: Volných bajtů: 12 326 141 952
Po spuštění: Volných bajtů: 12 751 929 344

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 1D8382BC274C52ECC0A40540B3D654AC

Re: JS/Kryptik.L.Gen

Napsal: 23 zář 2010 23:22
od earl
:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu

c:\program files\quadrax3.exe

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Re: JS/Kryptik.L.Gen

Napsal: 24 zář 2010 05:55
od Santos
VT Community Sign in ▼ Languages ▼

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
quadrax3.exe
Submission date:
2010-09-24 04:44:55 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%) VT Community

not reviewed
Safety score: -

Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2010.09.23.00 2010.09.23 -
AntiVir 7.10.12.23 2010.09.23 -
Antiy-AVL 2.0.3.7 2010.09.24 -
Authentium 5.2.0.5 2010.09.24 -
Avast 4.8.1351.0 2010.09.23 -
Avast5 5.0.594.0 2010.09.23 -
AVG 9.0.0.851 2010.09.23 -
BitDefender 7.2 2010.09.24 -
CAT-QuickHeal 11.00 2010.09.24 -
ClamAV 0.96.2.0-git 2010.09.24 -
Comodo 6182 2010.09.24 -
DrWeb 5.0.2.03300 2010.09.24 -
Emsisoft 5.0.0.37 2010.09.24 -
eSafe 7.0.17.0 2010.09.21 -
eTrust-Vet 36.1.7873 2010.09.23 -
F-Prot 4.6.2.117 2010.09.24 -
F-Secure 9.0.15370.0 2010.09.24 -
Fortinet 4.1.143.0 2010.09.23 -
GData 21 2010.09.24 -
Ikarus T3.1.1.88.0 2010.09.24 -
Jiangmin 13.0.900 2010.09.21 -
K7AntiVirus 9.63.2589 2010.09.23 -
Kaspersky 7.0.0.125 2010.09.24 -
McAfee 5.400.0.1158 2010.09.24 -
McAfee-GW-Edition 2010.1C 2010.09.23 -
Microsoft 1.6201 2010.09.23 -
NOD32 5474 2010.09.23 -
Norman 6.06.06 2010.09.23 -
nProtect 2010-09-24.01 2010.09.24 -
Panda 10.0.2.7 2010.09.23 -
PCTools 7.0.3.5 2010.09.24 -
Prevx 3.0 2010.09.24 -
Rising 22.66.00.07 2010.09.21 -
Sophos 4.58.0 2010.09.24 -
Sunbelt 6921 2010.09.24 -
SUPERAntiSpyware 4.40.0.1006 2010.09.24 -
Symantec 20101.1.1.7 2010.09.23 -
TheHacker 6.7.0.0.029 2010.09.23 -
TrendMicro 9.120.0.1004 2010.09.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.24 -
VBA32 3.12.14.1 2010.09.22 -
ViRobot 2010.9.23.4057 2010.09.23 -
VirusBuster 12.65.23.0 2010.09.23 -
Additional information
Show all
MD5 : 957d528e8d048c8e8f86c0a6dc44635e
SHA1 : 052ddddbe46342bf78a1cd181b72bc0c9b04a8fc
SHA256: a823c77ffae5df7c4a09e91e681690736eee25d0468b7e1f4688a63b4eaee01c
ssdeep: 49152:qiPYg6Iwo4jCvf82xeluLgLfeNchRlPYbEuTcUBrSxpZFTIZoexwLSOZgQR:qiQg6PouE
jLgLIkRlPLule3IZdqxR
File size : 3256992 bytes
First seen: 2010-09-24 04:44:55
Last seen : 2010-09-24 04:44:55
TrID:
Inno Setup installer (96.7%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....:
copyright....: n/a
product......:
description..: Quadrax III Setup
original name:
internal name:
file version.:
comments.....: This installation was built with Inno Setup: http://www.innosetup.com
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9820
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x8F94, 0x9000, 6.59, 5b5fa5263e160a2eeee2ce0fa1f8a7db
DATA, 0xA000, 0x248, 0x400, 2.71, d8b6954551cae1ae096a5422ff951dd5
BSS, 0xB000, 0xE64, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0xC000, 0x8F0, 0xA00, 4.29, 1dd439711b01bd6df25c589b77cf553c
.tls, 0xD000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0xE000, 0x18, 0x200, 0.20, d293bf8d4ebe9826d58e1d27c25fe4b6
.reloc, 0xF000, 0x884, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0x10000, 0x2800, 0x2800, 4.28, 7731739d2c3004c508c626f7bf7774ff

[[ 8 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll: MessageBoxA
oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, InterlockedExchange, FormatMessageA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
comctl32.dll: InitCommonControls
advapi32.dll: AdjustTokenPrivileges
Symantec reputation:Suspicious.Insight


VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download


Preview comment
Post comment






ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Re: JS/Kryptik.L.Gen

Napsal: 24 zář 2010 06:00
od Santos
Jottiho malware testNázev souboru: quadrax3.exe
Stav: Test dokončen. 0 z 19 programů nalezlo škodlivý kód.
Test proveden: Pá 24 zář 2010 06:57:57 (CET) Trvalý odkaz



Podrobné informaceVelikost souboru: 3256992 bajtů
Typ souboru: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 957d528e8d048c8e8f86c0a6dc44635e
SHA1: 052ddddbe46342bf78a1cd181b72bc0c9b04a8fc
Packer (Drweb): BINARYRES, PESTUB





Výsledky 2010-09-23 Žádný nález 2010-09-24 Žádný nález
2010-09-23 Žádný nález 2010-09-24 Žádný nález
2010-09-23 Žádný nález 2010-09-23 Žádný nález
2010-09-23 Žádný nález 2010-09-23 Žádný nález
2010-09-24 Žádný nález 2010-09-23 Žádný nález
2010-09-24 Žádný nález 2010-09-24 Žádný nález
2010-09-24 Žádný nález 2010-09-24 Žádný nález
2010-09-24 Žádný nález 2010-09-22 Žádný nález
2010-09-23 Žádný nález 2010-09-23 Žádný nález
2010-09-24 Žádný nález

Re: JS/Kryptik.L.Gen

Napsal: 24 zář 2010 10:27
od earl
Pokud se uz pc chova ok,tak =>

:arrow: Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho

:arrow: Stahnete OTC

spustte a klepnete na CleanUp.

Obrázek

:arrow: Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo :D )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.

Re: JS/Kryptik.L.Gen

Napsal: 24 zář 2010 14:10
od Santos
Dík za pomoc.

Re: JS/Kryptik.L.Gen

Napsal: 24 zář 2010 22:17
od earl
Nemate zac.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz