tu je ten log:
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.
2008-01-09 10:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 08:39 . 2008-01-09 09:44 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-09 08:31 . 2008-01-09 08:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-09 08:31 . 2008-01-09 08:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-09 08:31 . 2008-01-09 08:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-20 09:36 . 2007-12-20 09:36 2,726 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-19 11:57 . 2007-12-19 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-19 11:57 . 2007-12-19 11:57 17 --a------ C:\WINDOWS\system32\'
2007-12-19 11:56 . 2004-06-26 13:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2007-12-19 11:55 . 2005-06-10 22:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
2007-12-19 11:55 . 2004-06-26 13:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
2007-12-19 11:55 . 2004-06-26 13:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
2007-12-18 15:20 . 2007-12-18 15:20 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-18 15:20 . 2007-12-18 15:20 <DIR> d-------- C:\Program Files\CCleaner
2007-12-18 10:06 . 2007-12-18 10:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 14:53 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-17 14:53 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-17 14:53 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-17 14:53 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-12-17 14:52 . 2008-01-09 11:15 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-17 14:52 . 2007-12-17 14:52 <DIR> d-------- C:\Documents and Settings\intel\Application Data\Simply Super Software
2007-12-17 14:52 . 2007-12-17 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-12 08:09 . 2007-12-12 08:09 1,510 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 10:15 --------- d-----w C:\Documents and Settings\intel\Application Data\OpenOffice.org2
2007-12-20 08:35 167,600 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-19 15:23 --------- d-----w C:\Documents and Settings\intel\Application Data\uTorrent
2007-12-19 10:55 --------- d-----w C:\Program Files\UltraVnc
2007-12-19 10:10 --------- d-----w C:\Documents and Settings\intel\Application Data\The Bat!
2007-12-18 06:57 89,990 --sha-w C:\WINDOWS\system32\ijjlm.ini.ren
2007-12-18 06:46 89,966 ----a-w C:\WINDOWS\system32\ijjlm.bak2.ren
2007-12-14 07:03 63,418 ----a-w C:\WINDOWS\system32\ijjlm.bak1.ren
2007-12-11 08:00 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-11 08:00 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-05 09:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 07:15 73,280 ----a-w C:\WINDOWS\system32\lvquffgo.dll
2007-11-28 06:49 --------- d-----w C:\Program Files\Winamp
2007-11-27 09:50 --------- d-----w C:\Documents and Settings\intel\Application Data\Skype
2007-11-26 13:28 --------- d-----w C:\Documents and Settings\intel\Application Data\Winamp
2007-11-26 13:27 --------- d-----w C:\Program Files\Winamp Toolbar
2007-11-26 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-11-26 11:40 --------- d-----w C:\Program Files\ElcomSoft
2007-11-26 11:40 --------- d-----w C:\Documents and Settings\intel\Application Data\Leadertech
2007-11-26 11:35 --------- d-----w C:\Program Files\Canon
2007-11-20 14:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\LangSoft
2007-11-20 09:28 --------- d-----w C:\Program Files\Investintech.com Inc
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 07:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2007-11-09 13:52 --------- d-----w C:\Documents and Settings\intel\Application Data\TrojanHunter
2007-11-09 12:08 --------- d-----w C:\Documents and Settings\intel\Application Data\ESET
2007-11-09 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40b6ba15-e2a0-46e9-9d3c-2c0dcf0c7a8e}]
C:\WINDOWS\system32\xykmpwfd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 07:30 68856]
"OEXPRESS"="C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE" [2007-10-05 11:26 26624]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 04:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 04:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 04:10 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 06:28 14202368 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-28 02:13 735824]
"80ddc7e6"="C:\WINDOWS\system32\winedtaf.dll" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-09 08:31 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360]
C:\Documents and Settings\intel\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-03-22 02:53:44]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 15:44]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-02-28 13:00]
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea599ec-4708-11dc-9511-001558538fca}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6b56b5-f3ba-11db-94ba-001558538fca}]
\Shell\AutoRun\command - F:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fbe7ba8-0cfc-11dc-94d5-001558538fca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-09 11:15:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Documents and Settings\All Users\Application Data\LangSoft\TrnOEH.dll
-> C:\Program Files\WinRAR\rarext.dll
-> C:\Program Files\Eset\nodshex.dll
.
Completion time: 2008-01-09 11:17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 10:17:31
.
2008-01-09 06:58:46 --- E O F ---
p.s. po tom predoslom fixe sa mi neaktualizuje nod32 a nepomohlo ani ked som ho preinstaloval
Choď na stránku: