Log z ComboFixu

Antivirové programy, firewally, viry, spyware, aktuální hrozby

Moderátor: Moderátoři Živě.cz

Odeslat příspěvekod JSzu 4. 4. 2008 20:09

Potreboval bych poradit z ComboFixem, na jednom zaspywarowanym NB ktery jsem fixl HijackThis, jestli mu jeste neco neni:

Kód: Vybrat vše
ComboFix 08-04-03.5 - J 2008-04-04 19:16:04.1 - NTFSx86
Running from: C:\Users\J\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\J\Desktopblackbird.jpg
C:\Users\J\DesktopEditorFKWP1.5.exe
C:\Users\J\DesktopEditorFKWP2.0.exe
C:\Users\J\Desktopfilemanagerclient.exe
C:\Users\J\Desktopfkwp1.5.exe
C:\Users\J\Desktopfkwp2.0.exe
C:\Users\J\Desktopfwebd.exe
C:\Users\J\DesktopFWebdEditor.exe
C:\Users\J\DesktopTrojan.Win32.BlackBird.exe
C:\Users\J\Desktopvirii
C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Files Created from 2008-03-04 to 2008-04-04  )))))))))))))))))))))))))))))))
.

2008-03-27 19:40 . 2008-03-27 19:40   <DIR>   d--------   C:\Program Files\eRightSoft
2008-03-27 19:40 . 2008-03-27 19:40   <DIR>   d--------   C:\Program Files\AviSynth 2.5
2008-03-17 18:22 . 2008-03-17 18:22   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-03-17 18:19 . 2008-03-17 18:19   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2008-03-17 18:19 . 2007-11-30 00:30   3,596,288   --a------   C:\Windows\System32\qt-dx331.dll
2008-03-14 18:17 . 2007-12-17 00:50   1,060,920   --a------   C:\Windows\System32\drivers\ntfs.sys
2008-03-14 18:17 . 2007-12-16 11:56   41,984   --a------   C:\Windows\System32\drivers\monitor.sys
2008-03-07 19:00 . 2008-03-07 18:57   691,545   --a------   C:\Windows\unins000.exe
2008-03-07 19:00 . 2008-03-07 19:00   2,532   --a------   C:\Windows\unins000.dat
2008-03-07 18:43 . 2007-12-04 14:54   95,608   --a------   C:\Windows\System32\AvastSS.scr
2008-03-07 18:43 . 2007-12-04 16:51   42,912   --a------   C:\Windows\System32\drivers\aswTdi.sys
2008-03-07 18:43 . 2007-12-04 16:53   23,152   --a------   C:\Windows\System32\drivers\aswRdr.sys
2008-03-07 18:42 . 2008-03-07 18:42   <DIR>   d--------   C:\Program Files\Alwil Software
2008-03-07 18:42 . 2007-12-04 15:04   837,496   --a------   C:\Windows\System32\aswBoot.exe
2008-03-07 18:42 . 2004-01-09 11:13   380,928   --a------   C:\Windows\System32\actskin4.ocx
2008-03-07 18:42 . 2007-12-04 16:52   45,648   --a------   C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-07 02:27 . 2008-03-07 02:31   19,727,416   --a------   C:\Users\Public\setupcze.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 17:14   ---------   d-----w   C:\Users\J\AppData\Roaming\Skype
2008-03-15 08:22   ---------   d-----w   C:\Program Files\Windows Mail
2008-03-15 08:18   ---------   d-----w   C:\ProgramData\Microsoft Help
2008-03-07 17:06   ---------   d-----w   C:\ProgramData\Spybot - Search & Destroy
2008-03-07 17:01   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-03-06 16:51   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-02-21 12:55   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
2008-02-21 12:55   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
2008-02-21 12:52   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
2008-02-21 12:48   824,832   ----a-w   C:\Windows\System32\wininet.dll
2008-02-21 12:48   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-02-21 12:48   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-02-21 12:48   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-02-18 19:27   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-07 15:15   408,576   ----a-w   C:\Windows\System32\Smab.dll
2008-01-29 01:53   612,864   ----a-w   C:\Windows\System32\x264vfw.dll
2008-01-10 12:16   159,839   ----a-w   C:\Windows\System32\xvidvfw.dll
2008-01-10 12:15   755,027   ----a-w   C:\Windows\System32\xvidcore.dll
2008-01-10 00:37   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2007-11-26 05:07   592   ----a-w   C:\Users\J\skype-support-drm-info (karty22).dat
2007-10-03 14:35   174   --sha-w   C:\Program Files\desktop.ini
2007-10-31 02:06   16,384   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-31 02:06   32,768   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-31 02:06   16,384   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 10:06   163,328   --sh--r   C:\Windows\System32\flvDX.dll
2007-02-21 11:47   31,232   --sh--r   C:\Windows\System32\msfDX.dll
2007-12-17 13:43   27,648   --sh--w   C:\Windows\System32\Smab0.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:37 1232896]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 12:54 290816]
"ICQ"="C:\Users\J\Desktop\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 21:00 815104]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"MSVideo8"= VfWWDM32.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 18:06 166424 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 18:07 141848 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 23:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-06-15 07:45 850704 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
--a------ 2006-03-02 12:54 290816 C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\Windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 18:07 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-29 02:29 4472832 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-10 02:37 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 23:46 709992 C:\Windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-25 11:50 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:34 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1299855129-419307652-3276834489-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DE1A8DB-1003-43C7-A85E-929DA7F5FB0E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89313455-C8A4-467B-AC36-5882B716C99F}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{D8A30D92-6052-4F6C-B723-BE86BEF9217B}C:\\users\\j\\desktop\\icq6\\icq.exe"= UDP:C:\users\j\desktop\icq6\icq.exe:ICQ Library
"UDP Query User{42004B19-EC74-4FA6-BF62-59CC1D09AA0C}C:\\users\\j\\desktop\\icq6\\icq.exe"= TCP:C:\users\j\desktop\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-03 16:30]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 Ethpdrv;Ethernet Packet Driver;C:\Windows\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 02:44]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 00:03]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
R3 IpwP;IPWireless 3G PCMCIA Network Adapter;C:\Windows\system32\DRIVERS\ipwpnet.sys [2005-07-30 11:29]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\Windows\system32\DRIVERS\zebrceb.sys [2007-04-13 09:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 22:18]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-01-11 16:55]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-09 00:29]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-09 00:24]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-09 00:27]
S3 FTLUND;Lundinova Filter Driver;C:\Windows\system32\drivers\ftlund.sys [2004-01-19 17:27]
S3 USBCamera;Digital Blue DMC2 Bulk Camera;C:\Windows\system32\Drivers\Bulk50x.sys [2003-05-14 18:28]
S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\Windows\system32\DRIVERS\zebrbus.sys [2007-04-13 09:50]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\Windows\system32\DRIVERS\zebrmdfl.sys [2007-04-13 09:50]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\Windows\system32\DRIVERS\zebrmdm.sys [2007-04-13 09:50]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\Windows\system32\DRIVERS\zebrmdmc.sys [2007-04-13 09:50]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\Windows\system32\DRIVERS\zebrsce.sys [2007-04-13 09:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:00 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-03 17:25:36 C:\Windows\Tasks\User_Feed_Synchronization-{58BA83BD-A1CC-4AB3-9A50-5548963C6058}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:20:27
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 19:21:34
ComboFix-quarantined-files.txt  2008-04-04 17:21:22
           Adresářů:    13,   Volných bajtů: 17,057,525,760
           Adresářů:    19,   Volných bajtů: 17,022,480,384
.
2008-03-17 16:22:23   --- E O F --- 
[/code]
JSzu
Mírně pokročilý
Uživatelský avatar

Odeslat příspěvekod bubu1 8. 4. 2008 21:23

Dost toho zmazalo.

Toto otestujte na virustotal.com :
C:\Users\Public\setupcze.exe

Vysledky z neho skopirujte sem.
bubu1
Junior
Uživatelský avatar

Odeslat příspěvekod JSzu 8. 4. 2008 21:38

To je prece inastalator Avastu, i kdyz na divnem umisteni.
No ale ted u toho NB nejsem, az budou vysledky, tak dam vedet.
JSzu
Mírně pokročilý
Uživatelský avatar


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků