aviro901 píše:
Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sUBs/ComboFix.exeRiaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vlož sem log D:\ComboFix.txt
ComboFix 07-08-25.2 - "xxxxx" 2007-08-25 13:24:59.1 -
FAT32x86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.260 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\DOCUME~1\xxxxx\ravmonlog
D:\WINDOWS\regedit.com
D:\WINDOWS\system32\taskmgr.com
D:\WINDOWS\system32\tmp18.tmp
D:\WINDOWS\system32\tmp24.tmp
D:\WINDOWS\system32\tmp25.tmp
((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))
2007-08-25 13:21 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-23 21:32 <DIR> d--hs---- D:\FOUND.020
2007-08-23 20:34 <DIR> d--hs---- D:\FOUND.019
2007-08-23 20:17 <DIR> d--hs---- D:\FOUND.018
2007-08-22 22:56 <DIR> d--hs---- D:\FOUND.017
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\zts2.exe
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\system32\vcmgcd32.dll
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\system32\iifgfgf.dll
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\rundll16.exe
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\rundl132.dll
2007-08-18 13:26 <DIR> d-a------ D:\WINDOWS\logo1_.exe
2007-08-18 13:19 147,968 --a------ D:\WINDOWS\R.COM
2007-08-18 13:19 137,216 --a------ D:\WINDOWS\system32\T.COM
2007-08-17 23:36 <DIR> d--hs---- D:\FOUND.016
2007-08-15 00:02 <DIR> d--hs---- D:\FOUND.015
2007-08-14 23:48 <DIR> d--hs---- D:\FOUND.014
2007-08-14 20:10 <DIR> d--hs---- D:\FOUND.013
2007-08-14 09:03 552 --a------ D:\WINDOWS\system32\d3d8caps.dat
2007-08-13 23:09 <DIR> d--hs---- D:\FOUND.012
2007-08-13 19:17 <DIR> d--hs---- D:\FOUND.011
2007-08-13 14:46 <DIR> d--hs---- D:\FOUND.010
2007-08-13 10:42 <DIR> d--hs---- D:\FOUND.009
2007-08-13 10:03 <DIR> d--hs---- D:\FOUND.008
2007-08-13 04:26 <DIR> d--hs---- D:\FOUND.007
2007-08-13 02:48 <DIR> d--hs---- D:\FOUND.006
2007-08-13 02:33 <DIR> d--hs---- D:\FOUND.005
2007-08-13 00:51 <DIR> d-------- D:\Remote Programs
2007-08-13 00:51 <DIR> d-------- D:\Program Files\Common Files\PocketSoft
2007-08-13 00:19 <DIR> d--hs---- D:\FOUND.004
2007-08-13 00:08 <DIR> d-------- D:\Program Files\RivaTuner v2.02
2007-08-12 23:20 <DIR> d-------- D:\Program Files\Common Files\InterVideo
2007-08-12 23:15 <DIR> d-------- D:\Program Files\Common Files\LightScribe
2007-08-06 16:46 <DIR> d-------- D:\Program Files\Wolfenstein - Enemy Territory
2007-08-03 22:54 89,360 -ra------ D:\WINDOWS\system32\VB5DB.DLL
2007-08-03 22:54 69,632 -ra------ D:\WINDOWS\system32\xmltok.dll
2007-08-03 22:54 36,864 -ra------ D:\WINDOWS\system32\xmlparse.dll
2007-08-03 22:54 26,096 -ra------ D:\WINDOWS\system32\xmlinst.exe
2007-08-03 22:54 <DIR> d-------- D:\Program Files\Ubi Soft
2007-08-03 22:53 185,344 --a------ D:\WINDOWS\patchw32.dll
2007-08-03 22:53 <DIR> d-------- D:\Program Files\ubi.com
2007-08-01 10:29 68 --a------ D:\WINDOWS\GPlrLanc.dat
2007-08-01 10:28 53,316 --------- D:\WINDOWS\ExentInfo.exe
2007-08-01 10:28 117,760 --a------ D:\WINDOWS\GPlrLanc.exe
2007-08-01 10:28 <DIR> d-------- D:\Program Files\T-Station Herny Klient
2007-07-29 19:35 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-07-28 20:16 <DIR> d-------- D:\Program Files\ICQLite
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-25 11:14 9344 --a------ D:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-25 11:14 8320 --a------ D:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-13 00:50 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\ubi.com
2007-07-18 16:15 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Apple Computer
2007-07-18 16:10 --------- d-------- D:\Program Files\QuickTime
2007-07-18 16:09 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Apple Computer
2007-07-18 16:00 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Teleca
2007-07-18 16:00 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Sony Ericsson
2007-07-18 15:52 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Sony Ericsson
2007-07-18 15:51 --------- d-------- D:\Program Files\Sony Ericsson
2007-07-18 15:51 --------- d-------- D:\Program Files\Common Files\Teleca Shared
2007-07-18 15:51 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Teleca
2007-07-15 13:37 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Schmap
2007-06-29 22:27 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Printer Info Cache
2007-06-29 22:27 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Image Zone Express
2007-06-29 22:18 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\WEBREG
2007-06-29 22:11 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\HP
2007-06-29 22:10 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Hewlett-Packard
2007-06-29 21:57 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\HP
2007-06-29 21:56 --------- d-------- D:\Program Files\Common Files\HP
2007-06-29 21:56 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\HPSSUPPLY
2007-06-29 21:55 --------- d-------- D:\Program Files\Hewlett-Packard
2007-06-29 21:54 --------- d-------- D:\Program Files\Common Files\Hewlett-Packard
2007-06-29 21:51 --------- d-------- D:\Program Files\HP
2007-06-28 16:34 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\AntiVir PersonalEdition Classic
2007-06-28 13:15 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\AntiVir PersonalEdition Classic(2)
2007-06-28 11:32 --------- d-------- D:\DOCUME~1\xxxxx\DATAAP~1\Eset
2007-06-28 06:53 --------- d-------- D:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Eset
2007-06-11 09:55 2864 --a------ D:\WINDOWS\system32\winsock.dll
2007-06-11 09:55 2864 --a------ D:\WINDOWS\system32\dllcache\winsock.dll
2007-05-31 08:45 524288 --a------ D:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ D:\WINDOWS\system32\DivX.dll
2007-05-25 11:59 43520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2007-01-01 02:46 1194 --a------ D:\Program Files\NettGain Client setup.log
2006-11-15 17:30 2177 --a------ D:\Program Files\SMART.txt
2006-11-15 16:15 133 --a------ D:\Program Files\mail.ini
2006-10-06 22:24 467033 --a------ D:\Program Files\registry-defrag.exe
2006-07-14 08:18 427584 --a------ D:\Program Files\Regmon.exe
2006-07-10 13:22 398912 --a------ D:\Program Files\autoruns.exe
2006-06-26 21:10 382464 --a------ D:\Program Files\HDDScan.exe
2006-05-27 16:27 2901464 --a------ D:\Program Files\mkvtoolnix-unicode-1.6.5-setup.exe
2006-05-27 16:26 1044480 --a------ D:\Program Files\AVIMux_GUI.exe
2006-05-27 14:35 929280 --a------ D:\Program Files\VirtualDubMod.exe
2006-05-27 12:08 35970241 --a------ D:\Program Files\klmcodec152.exe
2006-05-23 03:09 2855080 --a------ D:\Program Files\aawsepersonal.exe
2006-05-14 12:18 836783 --a------ D:\Program Files\7z442.exe
2006-02-13 21:29 17027947 --a------ D:\Program Files\The FilmMachine 1.5.0.173 beta.exe
2006-01-27 14:47 278695200 --a------ D:\Program Files\TmNationsESWC_Setup.exe
2006-01-12 19:08 533131 --a------ D:\Program Files\glview223.exe
2006-01-12 11:19 1425253 --a------ D:\Program Files\rmma361bin.exe
2005-12-23 12:15 905216 --a------ D:\Program Files\iview398.exe
2005-12-11 17:55 2173479 --a------ D:\Program Files\pcw2006_v1661.exe
2005-10-20 22:45 638789 --a------ D:\Program Files\hdtune_251.exe
2005-07-14 11:12 345600 --a------ D:\Program Files\SafeXP.exe
2004-10-16 22:03 1291643 --a------ D:\Program Files\winxp_simulator.exe
2005-10-13 19:27:00 422,400 --sha-r D:\WINDOWS\x2.64.exe
2005-05-13 15:12:00 217,073 --sha-r D:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r D:\WINDOWS\MOTA113.exe
2005-10-07 17:14:52 308,224 --sha-r D:\WINDOWS\system32\avisynth.dll
2005-06-26 13:32:28 616,448 --sha-r D:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r D:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r D:\WINDOWS\system32\i420vfw.dll
2005-02-28 11:16:22 240,128 --sha-r D:\WINDOWS\system32\x.264.exe
2005-07-14 10:31:20 27,648 --sha-r D:\WINDOWS\system32\AVSredirect.dll
2006-04-27 08:24:24 2,945,024 --sha-r D:\WINDOWS\system32\Smab.dll
2004-01-24 22:00:00 70,656 --sha-r D:\WINDOWS\system32\yv12vfw.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20]
"SoundMax"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 14:40]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52]
"avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"Ashampoo FireWall"="D:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-02-07 15:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoRun"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoThemesTab"=0 (0x0)
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)
R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 avgio;avgio;\??\D:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;D:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;D:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;"D:\Program Files\AntiVir PersonalEdition Classic\sched.exe"
R2 Dnscache;Klient DNS;D:\WINDOWS\system32\svchost.exe -k NetworkService
R2 X4HSX32;X4HSX32;\??\D:\Program Files\T-Station Herny Klient\X4HSX32.Sys
R3 avgntflt;avgntflt;\??\D:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 PSched;Plánovač paketů technologie QoS;D:\WINDOWS\system32\DRIVERS\psched.sys
S3 ASFWHide;ASFWHide;\??\D:\DOCUME~1\xxxxx\LOCALS~1\Temp\ASFWHide
S3 DCamUSBDXGTech;Trust 350FS PowerC@m Flash (Video Camera);D:\WINDOWS\system32\Drivers\GT891x1.SYS
S3 FlyPCI;FlyPCI;\??\D:\WINDOWS\system32\drivers\FlyPCI.sys
S3 GT890x;Trust 350FS PowerC@m Flash (Still Camera);D:\WINDOWS\system32\Drivers\GT890x.SYS
S3 MSIRCOMM;Microsoft IR Communications Driver;D:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 pmxscan;USB ScanModule V5.1 Driver;D:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;D:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 w200bus;Sony Ericsson W200 driver (WDM);D:\WINDOWS\system32\DRIVERS\w200bus.sys
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w200mdfl.sys
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w200mdm.sys
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\w200mgmt.sys
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\w200obex.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae8d3dc-b141-11db-94bd-f18bbb34a9d3}]
Auto\command- L:\bittorrent.exe e
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-25 13:27:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirScheduler]
"ImagePath"=""D:\Program Files\AntiVir PersonalEdition Classic\sched.exe""
Completion time: 2007-08-25 13:27:51
D:\ComboFix-quarantined-files.txt ... 2007-08-25 13:27
--- E O F ---
:\Program Files\glview223.exe
