- Kód: Vybrat vše
ComboFix 08-04-03.5 - J 2008-04-04 19:16:04.1 - NTFSx86
Running from: C:\Users\J\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\J\Desktopblackbird.jpg
C:\Users\J\DesktopEditorFKWP1.5.exe
C:\Users\J\DesktopEditorFKWP2.0.exe
C:\Users\J\Desktopfilemanagerclient.exe
C:\Users\J\Desktopfkwp1.5.exe
C:\Users\J\Desktopfkwp2.0.exe
C:\Users\J\Desktopfwebd.exe
C:\Users\J\DesktopFWebdEditor.exe
C:\Users\J\DesktopTrojan.Win32.BlackBird.exe
C:\Users\J\Desktopvirii
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-03-27 19:40 . 2008-03-27 19:40 <DIR> d-------- C:\Program Files\eRightSoft
2008-03-27 19:40 . 2008-03-27 19:40 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-17 18:22 . 2008-03-17 18:22 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-17 18:19 . 2008-03-17 18:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-17 18:19 . 2007-11-30 00:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-03-14 18:17 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-14 18:17 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-07 19:00 . 2008-03-07 18:57 691,545 --a------ C:\Windows\unins000.exe
2008-03-07 19:00 . 2008-03-07 19:00 2,532 --a------ C:\Windows\unins000.dat
2008-03-07 18:43 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-03-07 18:43 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-03-07 18:43 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-03-07 18:42 . 2008-03-07 18:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-07 18:42 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-03-07 18:42 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-07 18:42 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-03-07 02:27 . 2008-03-07 02:31 19,727,416 --a------ C:\Users\Public\setupcze.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 17:14 --------- d-----w C:\Users\J\AppData\Roaming\Skype
2008-03-15 08:22 --------- d-----w C:\Program Files\Windows Mail
2008-03-15 08:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-07 17:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-07 17:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-21 12:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-21 12:52 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-21 12:48 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 12:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 12:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 12:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 19:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 15:15 408,576 ----a-w C:\Windows\System32\Smab.dll
2008-01-29 01:53 612,864 ----a-w C:\Windows\System32\x264vfw.dll
2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
2008-01-10 00:37 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-11-26 05:07 592 ----a-w C:\Users\J\skype-support-drm-info (karty22).dat
2007-10-03 14:35 174 --sha-w C:\Program Files\desktop.ini
2007-10-31 02:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-31 02:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-31 02:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:37 1232896]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 12:54 290816]
"ICQ"="C:\Users\J\Desktop\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 21:00 815104]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"MSVideo8"= VfWWDM32.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 18:06 166424 C:\Windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 18:07 141848 C:\Windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 23:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-06-15 07:45 850704 C:\PROGRA~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
--a------ 2006-03-02 12:54 290816 C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\Windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 18:07 133656 C:\Windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-29 02:29 4472832 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-10 02:37 1232896 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 23:46 709992 C:\Windows\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-25 11:50 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 14:34 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1299855129-419307652-3276834489-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DE1A8DB-1003-43C7-A85E-929DA7F5FB0E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89313455-C8A4-467B-AC36-5882B716C99F}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{D8A30D92-6052-4F6C-B723-BE86BEF9217B}C:\\users\\j\\desktop\\icq6\\icq.exe"= UDP:C:\users\j\desktop\icq6\icq.exe:ICQ Library
"UDP Query User{42004B19-EC74-4FA6-BF62-59CC1D09AA0C}C:\\users\\j\\desktop\\icq6\\icq.exe"= TCP:C:\users\j\desktop\icq6\icq.exe:ICQ Library
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-03 16:30]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 Ethpdrv;Ethernet Packet Driver;C:\Windows\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 02:44]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 00:03]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
R3 IpwP;IPWireless 3G PCMCIA Network Adapter;C:\Windows\system32\DRIVERS\ipwpnet.sys [2005-07-30 11:29]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\Windows\system32\DRIVERS\zebrceb.sys [2007-04-13 09:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 22:18]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-01-11 16:55]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-09 00:29]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-09 00:24]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-09 00:27]
S3 FTLUND;Lundinova Filter Driver;C:\Windows\system32\drivers\ftlund.sys [2004-01-19 17:27]
S3 USBCamera;Digital Blue DMC2 Bulk Camera;C:\Windows\system32\Drivers\Bulk50x.sys [2003-05-14 18:28]
S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\Windows\system32\DRIVERS\zebrbus.sys [2007-04-13 09:50]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\Windows\system32\DRIVERS\zebrmdfl.sys [2007-04-13 09:50]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\Windows\system32\DRIVERS\zebrmdm.sys [2007-04-13 09:50]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\Windows\system32\DRIVERS\zebrmdmc.sys [2007-04-13 09:50]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\Windows\system32\DRIVERS\zebrsce.sys [2007-04-13 09:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:00 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-03 17:25:36 C:\Windows\Tasks\User_Feed_Synchronization-{58BA83BD-A1CC-4AB3-9A50-5548963C6058}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:20:27
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-04 19:21:34
ComboFix-quarantined-files.txt 2008-04-04 17:21:22
Adresářů: 13, Volných bajtů: 17,057,525,760
Adresářů: 19, Volných bajtů: 17,022,480,384
.
2008-03-17 16:22:23 --- E O F ---
[/code]
Log z ComboFixu
Moderátor: Moderátoři Živě.cz
Stránka 1 z 1
od JSzu 4. 4. 2008 20:09
Potreboval bych poradit z ComboFixem, na jednom zaspywarowanym NB ktery jsem fixl HijackThis, jestli mu jeste neco neni:
- JSzu
- Mírně pokročilý
-
Příspěvků: 3 • Stránka 1 z 1
Kdo je online
Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků