Zdravim podarilo sa tu je log z ComboFix-u
ComboFix 07-07-30.2 - "Owner" 2007-08-01 8:48:36.1 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.Pravda
* Created a new restore point
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\hgghiii.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))
2007-07-31 20:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 17:24 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-07-31 10:34 <DIR> d-------- C:\VundoFix Backups
2007-07-29 14:52 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-28 18:27 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-28 18:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-28 18:27 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-28 18:27 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-28 18:27 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-28 18:27 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-28 18:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-28 17:08 <DIR> d-------- C:\{800186A2-0000-0000-9AC9-21CB6E258ECA}
2007-07-28 13:40 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-26 20:11 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-07-26 14:38 <DIR> d-------- C:\Program Files\ABC Amber Audio Converter
2007-07-24 11:01 <DIR> d-------- C:\Program Files\ElcomSoft
2007-07-23 13:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\MyPhoneExplorer
2007-07-23 13:27 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2007-07-23 12:12 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-07-23 11:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-23 10:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sony Ericsson
2007-07-19 16:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-16 15:47 <DIR> d-------- C:\Program Files\WT RegCleaner XP
2007-07-14 14:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-12 19:20 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2007-07-07 17:31 <DIR> d-------- C:\Deckard
2007-07-05 15:35 90,112 --------- C:\WINDOWS\SDUnInst.exe
2007-07-04 14:02 <DIR> d-------- C:\Program Files\CCleaner
2007-07-03 16:24 <DIR> d-------- C:\!KillBox
2007-07-01 18:12 <DIR> d-------- C:\Program Files\Accent EXCEL Password Recovery
2007-07-01 16:03 <DIR> d-------- C:\Program Files\SuperDVD Video Editor
2007-07-01 15:08 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ulead Systems
2007-07-01 15:01 <DIR> d-------- C:\Program Files\Windows Media Components
2007-07-01 14:56 <DIR> d-------- C:\Program Files\Ulead Systems
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 15:13 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-28 11:16 150 --a------ C:\Program Files\csmlnoia.txt
2007-07-27 20:37 --------- d-------- C:\Program Files\MediaCoder
2007-07-16 20:08 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-15 15:37 3990 --a------ C:\WINDOWS\mozver.dat
2007-07-05 14:43 --------- d-------- C:\Program Files\Notepad++
2007-07-05 14:42 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\ZipGenius
2007-07-03 17:15 --------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-06-26 16:56 --------- d-------- C:\Program Files\Winamp
2007-06-25 21:23 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-06-19 19:31 --------- d-------- C:\Program Files\Passware
2007-06-08 17:14 --------- d-------- C:\Program Files\EA GAMES
2007-06-02 19:26 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-06-01 13:21 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\dvdcss
2007-05-16 17:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-19 19:13 81920 --a------ C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2006-12-19 19:13 47360 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-02-10 22:08:54 8 --sh--r C:\WINDOWS\system32\8063DA836E.sys
2007-02-11 10:40:21 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC1ABD05-EBB8-4450-AAD9-A924CAE49633}]
C:\WINDOWS\system32\jkhfg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-08-02 16:35 C:\WINDOWS\system32\nwiz.exe]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 17:01]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-28 20:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 12:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"WEBTRAN"="" []
"OEXPRESS"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18]
Enable Labtec Wireless Desktop.lnk - C:\Program Files\Labtec Wireless Desktop\MagicKey.exe [2006-12-24 10:17:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\system32\drivers\btserial.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys
R3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
R3 BTHMODEM;Bluetooth Serial Communications Driver;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
R3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
R3 HidBth;Microsoft Bluetooth HID Miniport;C:\WINDOWS\system32\DRIVERS\hidbth.sys
R3 pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\pcouffin.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S0 ^ijnglhs;^ijnglhs;C:\WINDOWS\system32\drivers\mbvhdped.sys
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys
S3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 FileObjInfo;STFileDriver;\??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 TTDTWP;TTDTWP;C:\DOCUME~1\Owner\LOCALS~1\Temp\TTDTWP.exe
S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Contents of the 'Scheduled Tasks' folder
2007-07-15 13:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-01 08:56:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\^ijnglhs]
"ImagePath"="system32\drivers\mbvhdped.sys"
Completion time: 2007-08-01 8:59:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 08:58
--- E O F ---
Ozaj ComboFix mi vyhodil este jeden Log ComboFix-quarantined-files Tu je
Kód: Vybrat vše
2007-07-27 19:21 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hgghiii.dll.vir
2007-07-31 10:44 228960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gebyv.dll.vir
2007-07-31 10:44 6466 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vybeg.bak1.vir
2007-08-01 08:52 104 --a------ C:\Qoobox\Quarantine\catchme.log
2007-08-01 08:52 8286 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vybeg.ini.vir
Věpis CESTY prieźinka
S‚riov‚ źˇslo zv„zku je 0401-416D
C:\QOOBOX
\---Quarantine
| catchme.log
|
+---C
| \---WINDOWS
| \---system32
| gebyv.dll.vir
| hgghiii.dll.vir
| vybeg.bak1.vir
| vybeg.ini.vir
|
\---Registry_backups
Inak ked som sa pripojil a spustil Mozillu, tak mi Kerio uz nevyhodil tu tabulku Pokus o prúnik typu Injekce kódu, to znamena ze uz mam Cisty Comp?
