motji píše:Klikněte na něj pravým myšítkem - otevřít v notepadu a text z něj sem vložte.
mozete mi povedat presne ako mam ist do systemu windows a tam to tak spravit?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Restartovani Pc
Moderátoři: Rudy, Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Restartovani Pc
mozete mi povedat presne ako mam ist do systemu windows a tam to tak spravit?
Re: Restartovani Pc
Pujdete do této složky windows a najdete soubor c:\windows\DelMR.bat.
Kliknete na něj pravým myšítkem, zvolíte otevřít jako - otevřít v notepadu
Kliknete na něj pravým myšítkem, zvolíte otevřít jako - otevřít v notepadu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
motji píše:Pujdete do této složky windows a najdete soubor c:\windows\DelMR.bat.
Kliknete na něj pravým myšítkem, zvolíte otevřít jako - otevřít v notepadu
dufam ze je to ono
rmdir /s /q "C:\Program Files\Intuwave\Shared\mRouterRuntime"
rmdir /q "C:\Program Files\Intuwave\Shared"
rmdir /q "C:\Program Files\Intuwave"
Re: Restartovani Pc
Děkuji, soubor bude v pořádku. Ted ještě ten gmer 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
prepacte musite este raz dat ten odkaz nejako som mimo ospravedlnujem samotji píše:Děkuji, soubor bude v pořádku. Ted ještě ten gmer
-
Rudy
- Site Admin
- Příspěvky: 119360
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Restartovani Pc
Omluva za vstup. GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Restartovani Pc
zdravim nejaky cas som tu nebol dufam ze mi este pomozete tu je log z toho gmeru
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-24 13:45:50
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys
---- System - GMER 1.0.15 ----
SSDT sprn.sys ZwCreateKey [0xF72940E0]
SSDT sprn.sys ZwEnumerateKey [0xF72ACDA4]
SSDT sprn.sys ZwEnumerateValueKey [0xF72AD132]
SSDT sprn.sys ZwOpenKey [0xF72940C0]
SSDT sprn.sys ZwQueryKey [0xF72AD20A]
SSDT sprn.sys ZwQueryValueKey [0xF72AD08A]
SSDT sprn.sys ZwSetValueKey [0xF72AD29C]
INT 0x62 ? 865DFBF8
INT 0x63 ? 862ACBF8
INT 0x73 ? 862ACBF8
INT 0x82 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8
---- Kernel code sections - GMER 1.0.15 ----
? sprn.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F6D8D62C 5 Bytes JMP 862AC1D8
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF61593A0, 0x5FE082, 0xE8000020]
.text ak0ejr53.SYS F610C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak0ejr53.SYS F610C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak0ejr53.SYS F610C3C4 3 Bytes [00, 80, 02]
.text ak0ejr53.SYS F610C3C9 1 Byte [30]
.text ak0ejr53.SYS F610C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0185ADBD
.text C:\WINDOWS\System32\svchost.exe[1100] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 0185AD54
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 008FADBD
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 10699777 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 10699709 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 1 Byte [E9]
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104C7C37 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104C823A C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\firefox.exe[2028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 C:\Programy\Mozilla\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] sprn.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] sprn.sys
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 865DE1F8
Device \FileSystem\Fastfat \FatCdrom 858A41F8
Device \Driver\usbohci \Device\USBPDO-0 8617A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 865731F8
Device \Driver\dmio \Device\DmControl\DmConfig 865731F8
Device \Driver\dmio \Device\DmControl\DmPnP 865731F8
Device \Driver\dmio \Device\DmControl\DmInfo 865731F8
Device \Driver\usbohci \Device\USBPDO-1 8617A1F8
Device \Driver\usbehci \Device\USBPDO-2 8616D368
Device \Driver\sptd \Device\4265438674 sprn.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{82E1B57E-D3D6-4597-B223-9532A75A4DAE} 862991F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 865E01F8
Device \Driver\Cdrom \Device\CdRom0 863EF1F8
Device \Driver\atapi \Device\Ide\IdePort0 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort1 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort2 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort3 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 865DF1F8
Device \Driver\Cdrom \Device\CdRom1 863EF1F8
Device \Driver\Cdrom \Device\CdRom2 863EF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 862991F8
Device \Driver\PCI_PNP9924 \Device\0000003f sprn.sys
Device \Driver\NetBT \Device\NetbiosSmb 862991F8
Device \Driver\usbohci \Device\USBFDO-0 8617A1F8
Device \Driver\usbohci \Device\USBFDO-1 8617A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 858F91F8
Device \Driver\usbehci \Device\USBFDO-2 8616D368
Device \FileSystem\MRxSmb \Device\LanmanRedirector 858F91F8
Device \Driver\Ftdisk \Device\FtControl 865E01F8
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531 86174500
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531Port5Path0Target0Lun0 86174500
Device \FileSystem\Fastfat \Fat 858A41F8
Device \FileSystem\Cdfs \Cdfs 858D31F8
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] aigkwb <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-24 13:45:50
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 MAXTOR_6L080L4 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pfedrfow.sys
---- System - GMER 1.0.15 ----
SSDT sprn.sys ZwCreateKey [0xF72940E0]
SSDT sprn.sys ZwEnumerateKey [0xF72ACDA4]
SSDT sprn.sys ZwEnumerateValueKey [0xF72AD132]
SSDT sprn.sys ZwOpenKey [0xF72940C0]
SSDT sprn.sys ZwQueryKey [0xF72AD20A]
SSDT sprn.sys ZwQueryValueKey [0xF72AD08A]
SSDT sprn.sys ZwSetValueKey [0xF72AD29C]
INT 0x62 ? 865DFBF8
INT 0x63 ? 862ACBF8
INT 0x73 ? 862ACBF8
INT 0x82 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8
INT 0x83 ? 865DFBF8
---- Kernel code sections - GMER 1.0.15 ----
? sprn.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F6D8D62C 5 Bytes JMP 862AC1D8
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF61593A0, 0x5FE082, 0xE8000020]
.text ak0ejr53.SYS F610C386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak0ejr53.SYS F610C3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak0ejr53.SYS F610C3C4 3 Bytes [00, 80, 02]
.text ak0ejr53.SYS F610C3C9 1 Byte [30]
.text ak0ejr53.SYS F610C3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0185ADBD
.text C:\WINDOWS\System32\svchost.exe[1100] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 0185AD54
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 008FADBD
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 10699777 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 10699709 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 1 Byte [E9]
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104C7C37 C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\plugin-container.exe[1684] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104C823A C:\Programy\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Programy\Mozilla\firefox.exe[2028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 C:\Programy\Mozilla\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] sprn.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] sprn.sys
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ak0ejr53.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 865DE1F8
Device \FileSystem\Fastfat \FatCdrom 858A41F8
Device \Driver\usbohci \Device\USBPDO-0 8617A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 865731F8
Device \Driver\dmio \Device\DmControl\DmConfig 865731F8
Device \Driver\dmio \Device\DmControl\DmPnP 865731F8
Device \Driver\dmio \Device\DmControl\DmInfo 865731F8
Device \Driver\usbohci \Device\USBPDO-1 8617A1F8
Device \Driver\usbehci \Device\USBPDO-2 8616D368
Device \Driver\sptd \Device\4265438674 sprn.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{82E1B57E-D3D6-4597-B223-9532A75A4DAE} 862991F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 865E01F8
Device \Driver\Cdrom \Device\CdRom0 863EF1F8
Device \Driver\atapi \Device\Ide\IdePort0 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort1 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort2 865DF1F8
Device \Driver\atapi \Device\Ide\IdePort3 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865DF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 865DF1F8
Device \Driver\Cdrom \Device\CdRom1 863EF1F8
Device \Driver\Cdrom \Device\CdRom2 863EF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 862991F8
Device \Driver\PCI_PNP9924 \Device\0000003f sprn.sys
Device \Driver\NetBT \Device\NetbiosSmb 862991F8
Device \Driver\usbohci \Device\USBFDO-0 8617A1F8
Device \Driver\usbohci \Device\USBFDO-1 8617A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 858F91F8
Device \Driver\usbehci \Device\USBFDO-2 8616D368
Device \FileSystem\MRxSmb \Device\LanmanRedirector 858F91F8
Device \Driver\Ftdisk \Device\FtControl 865E01F8
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531 86174500
Device \Driver\ak0ejr53 \Device\Scsi\ak0ejr531Port5Path0Target0Lun0 86174500
Device \FileSystem\Fastfat \Fat 858A41F8
Device \FileSystem\Cdfs \Cdfs 858D31F8
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] aigkwb <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@DisplayName Security Image
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\aigkwb\Parameters@ServiceDll C:\WINDOWS\system32\oqhre.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x10 0x3A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x85 0xA8 0xD1 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xC8 0x20 0xBD ...
---- EOF - GMER 1.0.15 ----
Re: Restartovani Pc
No jo, Vy si tam hýčkáte rootkita, a pak se divím, že se mi tam pořád něco nechce smazat 
. Zkusíme ho zabít a jestli to nepujde, zvolíme jiný kulomet 
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Driver::
hcfnioac
aigkwb
Netsvc::
hcfnioac
aigkwb
Rootkit::
C:\WINDOWS\system32\oqhre.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hhkjbtsq]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aigkwb]
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
jasny rozumim zitra udelam jezis proc mne nechce opustit ta svne ?:D:(
Re: Restartovani Pc
Máte tam nějakou krásnou a dobře schovanou potvůrku, když ji ani Avptool nenašel .
Zítra tu budu zase večer po 9.hodině
.Zítra tu budu zase večer po 9.hodině
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
tady je ten log z posledni spravy co ste sem postnul abych udelal
ComboFix 11-04-16.03 - Martin 27.04.2011 17:04:49.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.756 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 15:06 . 2011-04-27 15:06 4096 ----a-w- c:\windows\system32\01.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-21 20:39 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-17_11.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 12:39 . 2011-04-18 12:53 65719 c:\windows\War3Unin.dat
- 2011-04-14 17:53 . 2011-04-14 17:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-04-11 19:48 . 2011-04-11 19:48 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2002-08-29 02:41 . 2004-08-03 23:56 170505 c:\windows\system32\oqhre.dll
+ 2011-04-20 06:54 . 2011-04-20 06:54 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 483328 c:\windows\SoftwareProtection\wxmsw28uh_html_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 708608 c:\windows\SoftwareProtection\wxmsw28uh_adv_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 135168 c:\windows\SoftwareProtection\wxbase28uh_net_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 624608 c:\windows\SoftwareProtection\systemvital.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 102400 c:\windows\SoftwareProtection\pywintypes25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 348160 c:\windows\SoftwareProtection\MSVCR71.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 499712 c:\windows\SoftwareProtection\MSVCP71.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-11-15 17:39 . 2011-03-22 20:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-15 17:39 . 2011-04-20 06:54 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 3166208 c:\windows\SoftwareProtection\wxmsw28uh_core_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1327104 c:\windows\SoftwareProtection\wxbase28uh_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 2113536 c:\windows\SoftwareProtection\python25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1700352 c:\windows\SoftwareProtection\gdiplus.dll
+ 2011-04-26 15:41 . 2011-04-26 15:41 8455680 c:\windows\Installer\85f8f7.msi
+ 2011-04-21 19:01 . 2011-04-21 19:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:52 . 2011-04-14 17:52 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 aigkwb;Security Image;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 17:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aigkwb]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-27 17:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-27 15:08
ComboFix2.txt 2011-04-18 15:34
ComboFix3.txt 2011-04-18 07:17
ComboFix4.txt 2011-04-17 11:26
.
Pre-Run: 62 098 321 408 bytes free
Post-Run: 8 adresárov, 62 102 683 648 voľných bajtov
.
- - End Of File - - 5BE37BE8BD21262F5625F2D0BE528377
ComboFix 11-04-16.03 - Martin 27.04.2011 17:04:49.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.756 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 15:06 . 2011-04-27 15:06 4096 ----a-w- c:\windows\system32\01.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-21 20:39 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-17_11.23.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 12:39 . 2011-04-18 12:53 65719 c:\windows\War3Unin.dat
- 2011-04-14 17:53 . 2011-04-14 17:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-04-11 19:48 . 2011-04-11 19:48 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2002-08-29 02:41 . 2004-08-03 23:56 170505 c:\windows\system32\oqhre.dll
+ 2011-04-20 06:54 . 2011-04-20 06:54 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 483328 c:\windows\SoftwareProtection\wxmsw28uh_html_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 708608 c:\windows\SoftwareProtection\wxmsw28uh_adv_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 135168 c:\windows\SoftwareProtection\wxbase28uh_net_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 624608 c:\windows\SoftwareProtection\systemvital.exe
+ 2011-04-21 19:35 . 2011-04-21 19:35 102400 c:\windows\SoftwareProtection\pywintypes25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 348160 c:\windows\SoftwareProtection\MSVCR71.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 499712 c:\windows\SoftwareProtection\MSVCP71.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-11-15 17:39 . 2011-03-22 20:48 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-11-15 17:39 . 2011-04-20 06:54 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 3166208 c:\windows\SoftwareProtection\wxmsw28uh_core_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1327104 c:\windows\SoftwareProtection\wxbase28uh_vc.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 2113536 c:\windows\SoftwareProtection\python25.dll
+ 2011-04-21 19:35 . 2011-04-21 19:35 1700352 c:\windows\SoftwareProtection\gdiplus.dll
+ 2011-04-26 15:41 . 2011-04-26 15:41 8455680 c:\windows\Installer\85f8f7.msi
+ 2011-04-21 19:01 . 2011-04-21 19:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:53 . 2011-04-14 17:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-14 17:52 . 2011-04-14 17:52 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-04-21 19:01 . 2011-04-21 19:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 aigkwb;Security Image;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 17:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aigkwb]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-27 17:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-27 15:08
ComboFix2.txt 2011-04-18 15:34
ComboFix3.txt 2011-04-18 07:17
ComboFix4.txt 2011-04-17 11:26
.
Pre-Run: 62 098 321 408 bytes free
Post-Run: 8 adresárov, 62 102 683 648 voľných bajtov
.
- - End Of File - - 5BE37BE8BD21262F5625F2D0BE528377
Re: Restartovani Pc
Prosím stahněte si nový combofix a spustte ho znovu s tím skriptem, tohle se nezdařilo 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
mne tam pise zda ho chci aktualizovat mam to udelat?:
Re: Restartovani Pc
Ano
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Restartovani Pc
je to v poriadku? je to ten spravny?
ComboFix 11-04-29.03 - Martin 30.04.2011 14:31:16.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIGKWB
-------\Service_aigkwb
-------\Legacy_qsqxn
-------\Service_qsqxn
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 12:36 . 2011-04-30 12:36 4096 ----a-w- c:\windows\system32\02.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-29 16:20 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-27_15.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
"6756:TCP"= 6756:TCP:rvgbebls
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 qsqxn;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
qsqxn
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 14:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qsqxn]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-04-30 14:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 12:38
ComboFix2.txt 2011-04-27 15:08
ComboFix3.txt 2011-04-18 15:34
ComboFix4.txt 2011-04-18 07:17
ComboFix5.txt 2011-04-30 12:30
.
Pre-Run: 62 070 493 184 bytes free
Post-Run: 8 adresárov, 62 063 947 776 voľných bajtov
.
- - End Of File - - 264845684B385EAB1B5ED90834F699B3
ComboFix 11-04-29.03 - Martin 30.04.2011 14:31:16.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.762 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AIGKWB
-------\Service_aigkwb
-------\Legacy_qsqxn
-------\Service_qsqxn
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 12:36 . 2011-04-30 12:36 4096 ----a-w- c:\windows\system32\02.tmp
2011-04-21 19:35 . 2011-04-21 19:35 -------- d-----w- c:\windows\SoftwareProtection
2011-04-19 17:03 . 2011-04-19 17:03 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2011-04-19 11:34 . 2011-04-19 11:34 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Help
2011-04-18 12:39 . 2011-04-18 12:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:39 . 2011-04-18 12:42 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-16 13:48 . 2011-04-16 13:48 -------- d-s---w- c:\documents and settings\Martin\UserData
2011-04-15 20:36 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-15 20:28 . 2011-04-15 20:28 -------- d-----w- c:\program files\trend micro
2011-04-15 20:10 . 2011-04-15 20:10 -------- d-----w- c:\program files\Defraggler
2011-04-15 08:48 . 2011-04-15 08:48 -------- d-sh--w- c:\windows\ftpcache
2011-04-14 18:32 . 2011-04-29 16:20 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-04-14 17:52 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-08 19:51 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 19:48 . 2011-04-15 09:08 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PunkBuster
2011-04-08 19:46 . 2011-04-26 16:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-08 19:46 . 2011-04-21 18:59 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-08 19:45 . 2011-04-26 16:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-08 19:45 . 2011-04-26 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-08 19:45 . 2011-04-08 19:45 -------- d-----w- c:\windows\system32\LogFiles
2011-04-05 08:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-05 08:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdm.sys
2011-04-05 08:30 . 2008-01-15 07:44 14848 ----a-r- c:\windows\system32\drivers\zebrmdfl.sys
2011-04-05 08:30 . 2008-01-15 07:44 109568 ----a-r- c:\windows\system32\drivers\zebrmdmc.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcmnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrcm.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwhnt.sys
2011-04-05 08:30 . 2008-01-15 07:44 12160 ----a-r- c:\windows\system32\drivers\zebrwh.sys
2011-04-05 08:30 . 2008-01-15 07:44 83200 ----a-r- c:\windows\system32\drivers\zebrbus.sys
2011-04-05 08:20 . 2011-04-05 08:20 146 ----a-w- c:\windows\DelMR.bat
2011-04-05 08:16 . 2011-04-05 08:16 -------- d-----w- c:\documents and settings\Martin\Application Data\Teleca
2011-04-05 08:02 . 2011-04-05 08:02 -------- d-----w- c:\documents and settings\Martin\Application Data\Sony Ericsson
2011-04-05 08:01 . 2011-04-05 08:20 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-04-05 08:00 . 2011-04-05 08:21 -------- d-----w- c:\program files\Sony Ericsson
2011-04-05 08:00 . 2011-04-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2011-04-05 07:59 . 2011-04-05 07:59 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-27_15.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-18 16:39 . 2011-04-18 16:39 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-11-16 14:35 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57040:TCP"= 57040:TCP:Pando Media Booster
"57040:UDP"= 57040:UDP:Pando Media Booster
"6756:TCP"= 6756:TCP:rvgbebls
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2010 16:55 691696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [15.4.2011 22:36 21992]
S2 qsqxn;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?hcfnioac
qsqxn
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - azet.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 14:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qsqxn]
"ServiceDll"="c:\windows\system32\oqhre.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-04-30 14:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 12:38
ComboFix2.txt 2011-04-27 15:08
ComboFix3.txt 2011-04-18 15:34
ComboFix4.txt 2011-04-18 07:17
ComboFix5.txt 2011-04-30 12:30
.
Pre-Run: 62 070 493 184 bytes free
Post-Run: 8 adresárov, 62 063 947 776 voľných bajtov
.
- - End Of File - - 264845684B385EAB1B5ED90834F699B3
Přispějete na provoz fóra?