Chyba komunikace s jádrem NOD32 - nějaký vir?

Zpráva

Ribees · #1 Příspěvek od **Ribees** » 25 bře 2009 08:18

Zdravím Vás, mám tu urgentní problém s NOD32. Včera mi to během dne napsalo několik varování o viru a dnes ráno po spuštění počítače se mi automaticky nespustil NOD32 - objevila se chybová hláška něco jako Chyba v komunikaci s jádrem. Zkusil jsem ho odinstalovat a nainstalovat znova, ale při instalaci mi to hodí následující chybu: Službu Eset Service (erkn) nelze spustit. Přesvědčte se, zda máte dostatečná oprávnění pro spuštění systémových služeb a nevím, jak dál. Zkusil jsem si instalovat HijackThis, ale po instalaci kliknu na spuštění a nic se neděje. Na PC jsem jako administrátor, zkusil jsem online kontrolu ze stránek ESETu a nic to nenašlo.
Poradí mi prosím někdo rychle, co s tím?

#2 Příspěvek od **eda** » 25 bře 2009 08:46

Zdravím!
Zkuste stáhnou a spustit ComboFix:

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Ribees · #3 Příspěvek od **Ribees** » 25 bře 2009 08:47

Posílám výpis z Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1894
Windows 5.1.2600 Service Pack 3

25.3.2009 8:43:44
mbam-log-2009-03-25 (08-43-39).txt

Typ skenu: Rychlý sken
Objektu skenováno: 80596
Uplynulý cas: 3 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 54
Infikované hodnoty registru: 2
Infikované položky dat registru: 4
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\papinit_dlls (Spyware.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\qlpinit_dlls (Spyware.Agent.H) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\ (Trojan.Downloader) -> No action taken.

Ribees · #4 Příspěvek od **Ribees** » 25 bře 2009 09:11

Eda: Posílám výpis dle požadavku z Combofixu:

ComboFix 09-03-23.01 - filip.ambroz 2009-03-25 8:59:59.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.420 [GMT 1:00]
Spuštěný z: c:\documents and settings\filip.ambroz\Dokumenty\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\advpacku.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_C-DILLACDAC11BAPROTECTEDSTORAGE
-------\Service_C-DillaCdaC11BAProtectedStorage

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 07:19 . 2009-03-25 07:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 07:08 . 2009-03-25 08:21 <DIR> d-------- c:\program files\Ultimate Process Manager
2009-03-24 07:29 . 2009-03-24 07:29 32 --a-s---- c:\windows\system32\3304591185.dat
2009-03-09 06:37 . 2008-04-14 07:52 6,144 --a------ c:\windows\system32\SET606.tmp
2009-03-09 06:37 . 2008-04-14 07:52 5,120 --a------ c:\windows\system32\SET605.tmp
2009-03-07 03:00 . 2009-03-07 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-06 13:26 . 2009-03-06 13:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Winferno
2009-03-06 13:22 . 2009-03-06 13:30 106,310 --a------ C:\lma_log.html
2009-03-06 13:22 . 2009-03-06 13:29 243 --a------ C:\log.html
2009-03-06 13:21 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Freeze.com
2009-03-06 13:21 . 2005-09-14 12:46 475,136 --------- c:\windows\Living Marine Aquarium 2.scr
2009-03-06 13:19 . 2009-03-24 14:31 <DIR> d-------- c:\windows\system32\RS6_screensaver_16_9 dir
2009-03-06 13:18 . 1994-12-31 00:00 1,795,072 --a------ c:\windows\system32\GECKO.SCR
2009-03-02 12:05 . 2009-03-17 00:02 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\skypePM
2009-03-02 12:05 . 2009-03-02 12:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-02 12:04 . 2009-03-02 12:04 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 06:04 --------- d-----w c:\program files\ESET
2009-03-24 13:31 --------- d-----w c:\program files\Trillian
2009-03-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 11:37 --------- d-----w c:\program files\KD
2009-03-18 11:37 --------- d-----w c:\program files\Common Files\BricsCad
2009-03-17 05:00 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Skype
2009-03-16 09:24 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Canon
2009-03-11 04:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-02 11:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-02 11:04 --------- d-----r c:\program files\Skype
2009-02-03 10:01 --------- d-----w c:\program files\QIP Infium
2009-02-02 12:22 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\QIP
2009-02-02 12:20 --------- d-----w c:\program files\WIP Miranda IM 1.7
2008-08-21 12:04 9 ----a-w c:\documents and settings\filip.ambroz\Data aplikací\mdb.bin
2007-10-24 06:49 8,192 --sha-w c:\windows\o2cLicStore.bin
2008-07-19 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
2008-12-15 06:00 2,883,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-19 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-03-07 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-02-12 24786]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-04-16 69120]
S0 DMX3191;DMX3191;c:\windows\system32\DRIVERS\DMX3191.sys --> c:\windows\system32\DRIVERS\DMX3191.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-02-12 45534]
S3 ScannerService;SCSI Scanner Service;c:\windows\system32\drivers\m_sscan.sys --> c:\windows\system32\drivers\m_sscan.sys [?]
S4 Qca_sci;Qca_sci; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-DataboxFFServer - c:\progra~1\DATABOX\CONTAC~1.0\Server\FFSrv95.exe
HKCU-Run-filip - c:\documents and settings\filip.ambroz\filip.ambroz.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-RunOnce-FFTI - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKLM-Run-pdfSaver3 - (no file)
Notify-AtiExtEvent - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: ica.cz\b
TCP: {53476395-E95D-4BD1-8F35-B981865FC05B} = 192.168.1.1,194.228.2.61
TCP: {BF9C4C7C-8E30-4CFB-8430-F53B49034026} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: KB KTpro Pack - hxxps://www.mojebanka.cz/jars/kt_pro_v1101.cab
DPF: KB SH Pack - hxxps://www.mojebanka.cz/jars/sh_pack.cab
DPF: MIB Pack - hxxps://www.mojebanka.cz/jars/mib_pack_v1400.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5B461C2E-763A-4F47-9809-55827667E821} - hxxp://193.165.214.165/scripts/MGBCCOM9.cab
DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://software.actify.com/SpinFire/SFViewerWeb.cab
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} - hxxp://www.album.cz/moje-alba/FotoStarPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 09:04:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,23,9f,14,92,16,
9d,ea,3a,e2,63,26,f1,3f,c8,ff,68,fd,57,16,1b,33,cf,4a,a0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b4,71,5d,d9,45,
0b,ab,bb,6a,9c,d6,61,af,45,84,18,ee,79,62,2e,91,d9,8a,79,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,43,7a,04,7d,a4,
94,6e,f9,ff,7c,85,e0,43,d4,0e,fe,e5,54,cd,4b,84,c6,27,57,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,27,f7,d0,fa,fc,
5b,82,53,86,8c,21,01,be,91,eb,e7,7a,1f,29,06,43,b0,bf,ec,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a2,d6,31,8a,a7,
e7,f8,42,f5,1d,4d,73,a8,13,5c,05,b7,c9,9b,69,63,03,bf,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,db,d0,4c,fe,9d,
9d,7b,f9,df,20,58,62,78,6b,cf,c8,3d,b7,89,b4,9f,48,2c,52,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9d,fa,6b,1c,50,
47,83,b6,fb,a7,78,e6,12,2f,9a,ea,77,3f,de,27,6a,ca,8a,2c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,12,1e,1d,29,da,
de,ad,56,01,3a,48,fc,e8,04,4a,f1,7d,d4,9c,c1,51,b9,ef,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,88,1c,67,e2,42,
bc,12,1c,f6,0f,4e,58,98,5b,89,c9,a8,51,b5,c8,21,50,c4,c3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,fe,bb,f7,aa,27,
85,9f,82,3d,ce,ea,26,2d,45,aa,78,6c,d3,07,1e,83,83,04,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c3,bb,0b,9c,9f,
d8,cd,73,2a,b7,cc,b5,b9,7f,41,e7,cf,cf,99,26,b4,8f,2e,cb,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ba,86,c6,b6,45,
cb,da,ca,6c,43,2d,1e,aa,22,2f,9c,1e,c8,71,6a,2a,b0,7b,79,6c,43,2d,1e,aa,22,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\lexbces.exE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2009-03-25 9:07:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-25 08:07:23

Před spuštěním: Volných bajtů: 19 442 208 768
Po spuštění: Volných bajtů: 19,410,489,344

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

336 --- E O F --- 2009-03-13 02:02:20

#5 Příspěvek od **eda** » 25 bře 2009 09:37

Nechejte MBAM všechno smazat a potom vložte nový MBAM + ComboFix.

Ribees · #6 Příspěvek od **Ribees** » 25 bře 2009 09:48

Eda: posílám nový MBAM, po jeho dokončení jsem dal vše vymazat:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1894
Windows 5.1.2600 Service Pack 3

2009-03-25 09:47:28
mbam-log-2009-03-25 (09-47-28).txt

Typ skenu: Rychlý sken
Objektu skenováno: 80718
Uplynulý cas: 5 minute(s), 21 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 11
Infikované hodnoty registru: 0
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Ribees · #7 Příspěvek od **Ribees** » 25 bře 2009 10:00

Eda: a ještě nový log z Combofixu:

ComboFix 09-03-23.01 - filip.ambroz 2009-03-25 9:53:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.648 [GMT 1:00]
Spuštěný z: c:\documents and settings\filip.ambroz\Dokumenty\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 09:32 . 2009-03-25 09:39 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\ICQ
2009-03-25 09:31 . 2009-03-25 09:39 <DIR> d-------- c:\program files\ICQ6.5
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 07:19 . 2009-03-25 07:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 07:08 . 2009-03-25 08:21 <DIR> d-------- c:\program files\Ultimate Process Manager
2009-03-24 07:29 . 2009-03-24 07:29 32 --a-s---- c:\windows\system32\3304591185.dat
2009-03-09 06:37 . 2008-04-14 07:52 6,144 --a------ c:\windows\system32\SET606.tmp
2009-03-09 06:37 . 2008-04-14 07:52 5,120 --a------ c:\windows\system32\SET605.tmp
2009-03-07 03:00 . 2009-03-07 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-06 13:26 . 2009-03-06 13:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Winferno
2009-03-06 13:22 . 2009-03-06 13:30 106,310 --a------ C:\lma_log.html
2009-03-06 13:22 . 2009-03-06 13:29 243 --a------ C:\log.html
2009-03-06 13:21 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Freeze.com
2009-03-02 12:05 . 2009-03-17 00:02 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\skypePM
2009-03-02 12:05 . 2009-03-02 12:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-02 12:04 . 2009-03-02 12:04 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 06:04 --------- d-----w c:\program files\ESET
2009-03-24 13:31 --------- d-----w c:\program files\Trillian
2009-03-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 11:37 --------- d-----w c:\program files\KD
2009-03-18 11:37 --------- d-----w c:\program files\Common Files\BricsCad
2009-03-17 05:00 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Skype
2009-03-16 09:24 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Canon
2009-03-11 04:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-02 11:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-02 11:04 --------- d-----r c:\program files\Skype
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 10:01 --------- d-----w c:\program files\QIP Infium
2009-02-02 12:22 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\QIP
2009-02-02 12:20 --------- d-----w c:\program files\WIP Miranda IM 1.7
2008-08-21 12:04 9 ----a-w c:\documents and settings\filip.ambroz\Data aplikací\mdb.bin
2007-10-24 06:49 8,192 --sha-w c:\windows\o2cLicStore.bin
2008-07-19 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
2008-12-15 06:00 2,883,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_ 9.06.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 08:17:20 10,134 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\callmsi.exe
+ 2009-03-25 08:17:20 136,448 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\egui.exe
+ 2008-08-18 12:18:26 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-08-18 12:19:26 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-08-18 12:27:42 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
- 2009-03-25 07:05:59 84,122 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-25 08:56:06 84,122 ----a-w c:\windows\system32\perfc005.dat
- 2009-03-25 07:05:59 72,428 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-25 08:56:07 72,428 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-25 07:05:59 425,582 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-25 08:56:07 425,582 ----a-w c:\windows\system32\perfh005.dat
- 2009-03-25 07:05:59 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 08:56:07 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 08:51:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_718.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-19 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-03-07 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-02-12 24786]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-04-16 69120]
S0 DMX3191;DMX3191;c:\windows\system32\DRIVERS\DMX3191.sys --> c:\windows\system32\DRIVERS\DMX3191.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-02-12 45534]
S3 ScannerService;SCSI Scanner Service;c:\windows\system32\drivers\m_sscan.sys --> c:\windows\system32\drivers\m_sscan.sys [?]
S4 Qca_sci;Qca_sci; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: ica.cz\b
TCP: {53476395-E95D-4BD1-8F35-B981865FC05B} = 192.168.1.1,194.228.2.61
TCP: {BF9C4C7C-8E30-4CFB-8430-F53B49034026} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: KB KTpro Pack - hxxps://www.mojebanka.cz/jars/kt_pro_v1101.cab
DPF: KB SH Pack - hxxps://www.mojebanka.cz/jars/sh_pack.cab
DPF: MIB Pack - hxxps://www.mojebanka.cz/jars/mib_pack_v1400.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5B461C2E-763A-4F47-9809-55827667E821} - hxxp://193.165.214.165/scripts/MGBCCOM9.cab
DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://software.actify.com/SpinFire/SFViewerWeb.cab
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} - hxxp://www.album.cz/moje-alba/FotoStarPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 09:56:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,23,9f,14,92,16,
9d,ea,3a,e2,63,26,f1,3f,c8,ff,68,fd,57,16,1b,33,cf,4a,a0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b4,71,5d,d9,45,
0b,ab,bb,6a,9c,d6,61,af,45,84,18,ee,79,62,2e,91,d9,8a,79,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,43,7a,04,7d,a4,
94,6e,f9,ff,7c,85,e0,43,d4,0e,fe,e5,54,cd,4b,84,c6,27,57,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,27,f7,d0,fa,fc,
5b,82,53,86,8c,21,01,be,91,eb,e7,7a,1f,29,06,43,b0,bf,ec,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a2,d6,31,8a,a7,
e7,f8,42,f5,1d,4d,73,a8,13,5c,05,b7,c9,9b,69,63,03,bf,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,db,d0,4c,fe,9d,
9d,7b,f9,df,20,58,62,78,6b,cf,c8,3d,b7,89,b4,9f,48,2c,52,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9d,fa,6b,1c,50,
47,83,b6,fb,a7,78,e6,12,2f,9a,ea,77,3f,de,27,6a,ca,8a,2c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,12,1e,1d,29,da,
de,ad,56,01,3a,48,fc,e8,04,4a,f1,7d,d4,9c,c1,51,b9,ef,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,88,1c,67,e2,42,
bc,12,1c,f6,0f,4e,58,98,5b,89,c9,a8,51,b5,c8,21,50,c4,c3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,fe,bb,f7,aa,27,
85,9f,82,3d,ce,ea,26,2d,45,aa,78,6c,d3,07,1e,83,83,04,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c3,bb,0b,9c,9f,
d8,cd,73,2a,b7,cc,b5,b9,7f,41,e7,cf,cf,99,26,b4,8f,2e,cb,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ba,86,c6,b6,45,
cb,da,ca,6c,43,2d,1e,aa,22,2f,9c,1e,c8,71,6a,2a,b0,7b,79,6c,43,2d,1e,aa,22,\
.
Celkový čas: 2009-03-25 9:58:32
ComboFix-quarantined-files.txt 2009-03-25 08:58:30
ComboFix2.txt 2009-03-25 08:07:26

Před spuštěním: Volných bajtů: 19,268,128,768
Po spuštění: Volných bajtů: 19,260,264,448

299 --- E O F --- 2009-03-13 02:02:20

#8 Příspěvek od **eda** » 25 bře 2009 10:13

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

File::
c:\windows\system32\3304591185.dat
c:\windows\system32\SET606.tmp
c:\windows\system32\SET605.tmp

Driver::
Qca_sci

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

Ribees · #9 Příspěvek od **Ribees** » 25 bře 2009 10:41

Eda: provedl jsem dle návodu, tak další výpis z Combofixu:

ComboFix 09-03-23.01 - filip.ambroz 2009-03-25 10:30:11.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.513 [GMT 1:00]
Spuštěný z: c:\documents and settings\filip.ambroz\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\filip.ambroz\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\3304591185.dat
c:\windows\system32\SET605.tmp
c:\windows\system32\SET606.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\3304591185.dat
c:\windows\system32\SET605.tmp
c:\windows\system32\SET606.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Qca_sci

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 09:32 . 2009-03-25 09:39 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\ICQ
2009-03-25 09:31 . 2009-03-25 09:39 <DIR> d-------- c:\program files\ICQ6.5
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 07:08 . 2009-03-25 08:21 <DIR> d-------- c:\program files\Ultimate Process Manager
2009-03-07 03:00 . 2009-03-07 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-06 13:26 . 2009-03-06 13:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Winferno
2009-03-06 13:22 . 2009-03-06 13:30 106,310 --a------ C:\lma_log.html
2009-03-06 13:22 . 2009-03-06 13:29 243 --a------ C:\log.html
2009-03-06 13:21 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Freeze.com
2009-03-02 12:05 . 2009-03-17 00:02 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\skypePM
2009-03-02 12:05 . 2009-03-02 12:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-02 12:04 . 2009-03-02 12:04 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 06:04 --------- d-----w c:\program files\ESET
2009-03-24 13:31 --------- d-----w c:\program files\Trillian
2009-03-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 11:37 --------- d-----w c:\program files\KD
2009-03-18 11:37 --------- d-----w c:\program files\Common Files\BricsCad
2009-03-17 05:00 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Skype
2009-03-16 09:24 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Canon
2009-03-11 04:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-02 11:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-02 11:04 --------- d-----r c:\program files\Skype
2009-02-02 12:22 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\QIP
2008-08-21 12:04 9 ----a-w c:\documents and settings\filip.ambroz\Data aplikací\mdb.bin
2007-10-24 06:49 8,192 --sha-w c:\windows\o2cLicStore.bin
2008-07-19 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
2008-12-15 06:00 2,883,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_ 9.06.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 08:17:20 10,134 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\callmsi.exe
+ 2009-03-25 08:17:20 136,448 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\egui.exe
+ 2008-08-18 12:18:26 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-08-18 12:19:26 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-08-18 12:27:42 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
- 2009-03-25 07:05:59 84,122 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-25 08:56:06 84,122 ----a-w c:\windows\system32\perfc005.dat
- 2009-03-25 07:05:59 72,428 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-25 08:56:07 72,428 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-25 07:05:59 425,582 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-25 08:56:07 425,582 ----a-w c:\windows\system32\perfh005.dat
- 2009-03-25 07:05:59 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 08:56:07 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 09:34:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-19 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-03-07 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-02-12 24786]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-04-16 69120]
S0 DMX3191;DMX3191;c:\windows\system32\DRIVERS\DMX3191.sys --> c:\windows\system32\DRIVERS\DMX3191.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-02-12 45534]
S3 ScannerService;SCSI Scanner Service;c:\windows\system32\drivers\m_sscan.sys --> c:\windows\system32\drivers\m_sscan.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: ica.cz\b
TCP: {53476395-E95D-4BD1-8F35-B981865FC05B} = 192.168.1.1,194.228.2.61
TCP: {BF9C4C7C-8E30-4CFB-8430-F53B49034026} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: KB KTpro Pack - hxxps://www.mojebanka.cz/jars/kt_pro_v1101.cab
DPF: KB SH Pack - hxxps://www.mojebanka.cz/jars/sh_pack.cab
DPF: MIB Pack - hxxps://www.mojebanka.cz/jars/mib_pack_v1400.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5B461C2E-763A-4F47-9809-55827667E821} - hxxp://193.165.214.165/scripts/MGBCCOM9.cab
DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://software.actify.com/SpinFire/SFViewerWeb.cab
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} - hxxp://www.album.cz/moje-alba/FotoStarPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 10:35:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,23,9f,14,92,16,
9d,ea,3a,e2,63,26,f1,3f,c8,ff,68,fd,57,16,1b,33,cf,4a,a0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b4,71,5d,d9,45,
0b,ab,bb,6a,9c,d6,61,af,45,84,18,ee,79,62,2e,91,d9,8a,79,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,43,7a,04,7d,a4,
94,6e,f9,ff,7c,85,e0,43,d4,0e,fe,e5,54,cd,4b,84,c6,27,57,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,27,f7,d0,fa,fc,
5b,82,53,86,8c,21,01,be,91,eb,e7,7a,1f,29,06,43,b0,bf,ec,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a2,d6,31,8a,a7,
e7,f8,42,f5,1d,4d,73,a8,13,5c,05,b7,c9,9b,69,63,03,bf,a9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,db,d0,4c,fe,9d,
9d,7b,f9,df,20,58,62,78,6b,cf,c8,3d,b7,89,b4,9f,48,2c,52,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9d,fa,6b,1c,50,
47,83,b6,fb,a7,78,e6,12,2f,9a,ea,77,3f,de,27,6a,ca,8a,2c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,12,1e,1d,29,da,
de,ad,56,01,3a,48,fc,e8,04,4a,f1,7d,d4,9c,c1,51,b9,ef,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,88,1c,67,e2,42,
bc,12,1c,f6,0f,4e,58,98,5b,89,c9,a8,51,b5,c8,21,50,c4,c3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,fe,bb,f7,aa,27,
85,9f,82,3d,ce,ea,26,2d,45,aa,78,6c,d3,07,1e,83,83,04,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c3,bb,0b,9c,9f,
d8,cd,73,2a,b7,cc,b5,b9,7f,41,e7,cf,cf,99,26,b4,8f,2e,cb,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ba,86,c6,b6,45,
cb,da,ca,6c,43,2d,1e,aa,22,2f,9c,1e,c8,71,6a,2a,b0,7b,79,6c,43,2d,1e,aa,22,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\lexbces.exE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2009-03-25 10:38:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-25 09:38:18
ComboFix2.txt 2009-03-25 08:58:33
ComboFix3.txt 2009-03-25 08:07:26

Před spuštěním: Volných bajtů: 19,240,857,600
Po spuštění: Volných bajtů: 19,227,496,448

251 --- E O F --- 2009-03-13 02:02:20

#10 Příspěvek od **eda** » 25 bře 2009 10:56

Ještě jeden script:

Kód: Vybrat vše

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]

Zase vyběhne ComboFix. Sem s ním a nahlaste stav počítače.

Ribees · #11 Příspěvek od **Ribees** » 25 bře 2009 11:10

Eda: tak další pokus - výpis z Combofixu:

ComboFix 09-03-23.01 - filip.ambroz 2009-03-25 11:02:15.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.526 [GMT 1:00]
Spuštěný z: c:\documents and settings\filip.ambroz\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\filip.ambroz\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 09:32 . 2009-03-25 09:39 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\ICQ
2009-03-25 09:31 . 2009-03-25 09:39 <DIR> d-------- c:\program files\ICQ6.5
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 07:08 . 2009-03-25 08:21 <DIR> d-------- c:\program files\Ultimate Process Manager
2009-03-07 03:00 . 2009-03-07 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-06 13:26 . 2009-03-06 13:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Winferno
2009-03-06 13:22 . 2009-03-06 13:30 106,310 --a------ C:\lma_log.html
2009-03-06 13:22 . 2009-03-06 13:29 243 --a------ C:\log.html
2009-03-06 13:21 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Freeze.com
2009-03-02 12:05 . 2009-03-17 00:02 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\skypePM
2009-03-02 12:05 . 2009-03-02 12:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-02 12:04 . 2009-03-02 12:04 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 06:04 --------- d-----w c:\program files\ESET
2009-03-24 13:31 --------- d-----w c:\program files\Trillian
2009-03-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 11:37 --------- d-----w c:\program files\KD
2009-03-18 11:37 --------- d-----w c:\program files\Common Files\BricsCad
2009-03-17 05:00 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Skype
2009-03-16 09:24 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Canon
2009-03-11 04:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-02 11:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-02 11:04 --------- d-----r c:\program files\Skype
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 12:22 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\QIP
2008-08-21 12:04 9 ----a-w c:\documents and settings\filip.ambroz\Data aplikací\mdb.bin
2007-10-24 06:49 8,192 --sha-w c:\windows\o2cLicStore.bin
2008-07-19 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
2008-12-15 06:00 2,883,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_ 9.06.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 08:17:20 10,134 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\callmsi.exe
+ 2009-03-25 08:17:20 136,448 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\egui.exe
+ 2008-08-18 12:18:26 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-08-18 12:19:26 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-08-18 12:27:42 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
- 2009-03-25 07:05:59 84,122 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-25 09:38:27 84,122 ----a-w c:\windows\system32\perfc005.dat
- 2009-03-25 07:05:59 72,428 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-25 09:38:27 72,428 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-25 07:05:59 425,582 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-25 09:38:27 425,582 ----a-w c:\windows\system32\perfh005.dat
- 2009-03-25 07:05:59 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 09:38:27 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 09:34:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-19 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-03-07 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-02-12 24786]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-04-16 69120]
S0 DMX3191;DMX3191;c:\windows\system32\DRIVERS\DMX3191.sys --> c:\windows\system32\DRIVERS\DMX3191.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-02-12 45534]
S3 ScannerService;SCSI Scanner Service;c:\windows\system32\drivers\m_sscan.sys --> c:\windows\system32\drivers\m_sscan.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: ica.cz\b
TCP: {53476395-E95D-4BD1-8F35-B981865FC05B} = 192.168.1.1,194.228.2.61
TCP: {BF9C4C7C-8E30-4CFB-8430-F53B49034026} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: KB KTpro Pack - hxxps://www.mojebanka.cz/jars/kt_pro_v1101.cab
DPF: KB SH Pack - hxxps://www.mojebanka.cz/jars/sh_pack.cab
DPF: MIB Pack - hxxps://www.mojebanka.cz/jars/mib_pack_v1400.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5B461C2E-763A-4F47-9809-55827667E821} - hxxp://193.165.214.165/scripts/MGBCCOM9.cab
DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://software.actify.com/SpinFire/SFViewerWeb.cab
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} - hxxp://www.album.cz/moje-alba/FotoStarPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 11:04:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-25 11:05:34
ComboFix-quarantined-files.txt 2009-03-25 10:05:28
ComboFix2.txt 2009-03-25 09:38:22
ComboFix3.txt 2009-03-25 08:58:33
ComboFix4.txt 2009-03-25 08:07:26

Před spuštěním: Volných bajtů: 19,205,959,680
Po spuštění: Volných bajtů: 19,187,585,024

168 --- E O F --- 2009-03-13 02:02:20

#12 Příspěvek od **eda** » 25 bře 2009 11:22

A snad poslední cript:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb326f-e833-11db-aebd-0018f31207bc}]

Jinak by to mělo být už čistý. Jak se chová počítač?

Ribees · #13 Příspěvek od **Ribees** » 25 bře 2009 11:50

Počítač se chová již dobře, NOD32 šel nainstalovat už po první kontrole Combofixem. Posílám snad poslední výpis - je už vše OK?

ComboFix 09-03-23.01 - filip.ambroz 2009-03-25 11:42:41.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.613 [GMT 1:00]
Spuštěný z: c:\documents and settings\filip.ambroz\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\filip.ambroz\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 09:32 . 2009-03-25 09:39 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\ICQ
2009-03-25 09:31 . 2009-03-25 09:39 <DIR> d-------- c:\program files\ICQ6.5
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-03-25 08:38 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-25 08:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 07:08 . 2009-03-25 08:21 <DIR> d-------- c:\program files\Ultimate Process Manager
2009-03-07 03:00 . 2009-03-07 03:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-06 13:26 . 2009-03-06 13:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Winferno
2009-03-06 13:22 . 2009-03-06 13:30 106,310 --a------ C:\lma_log.html
2009-03-06 13:22 . 2009-03-06 13:29 243 --a------ C:\log.html
2009-03-06 13:21 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Freeze.com
2009-03-02 12:05 . 2009-03-17 00:02 <DIR> d-------- c:\documents and settings\filip.ambroz\Data aplikací\skypePM
2009-03-02 12:05 . 2009-03-02 12:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-02 12:04 . 2009-03-02 12:04 <DIR> d-------- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 06:04 --------- d-----w c:\program files\ESET
2009-03-24 13:31 --------- d-----w c:\program files\Trillian
2009-03-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 11:37 --------- d-----w c:\program files\KD
2009-03-18 11:37 --------- d-----w c:\program files\Common Files\BricsCad
2009-03-17 05:00 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Skype
2009-03-16 09:24 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\Canon
2009-03-11 04:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-02 11:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-02 11:04 --------- d-----r c:\program files\Skype
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 12:22 --------- d-----w c:\documents and settings\filip.ambroz\Data aplikací\QIP
2008-08-21 12:04 9 ----a-w c:\documents and settings\filip.ambroz\Data aplikací\mdb.bin
2007-10-24 06:49 8,192 --sha-w c:\windows\o2cLicStore.bin
2008-07-19 12:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
2008-12-15 06:00 2,883,788,832 --sha-w c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-25_ 9.06.39.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 08:17:20 10,134 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\callmsi.exe
+ 2009-03-25 08:17:20 136,448 ----a-r c:\windows\Installer\{42FC333C-6512-4C90-B282-FDD20BFB3B7D}\egui.exe
+ 2008-08-18 12:18:26 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-08-18 12:19:26 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-08-18 12:27:42 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys
- 2009-03-25 07:05:59 84,122 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-25 09:38:27 84,122 ----a-w c:\windows\system32\perfc005.dat
- 2009-03-25 07:05:59 72,428 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-25 09:38:27 72,428 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-25 07:05:59 425,582 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-25 09:38:27 425,582 ----a-w c:\windows\system32\perfh005.dat
- 2009-03-25 07:05:59 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 09:38:27 427,964 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-25 09:34:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-09-19 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-03-07 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2009-02-12 24786]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2003-04-16 69120]
S0 DMX3191;DMX3191;c:\windows\system32\DRIVERS\DMX3191.sys --> c:\windows\system32\DRIVERS\DMX3191.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2009-02-12 45534]
S3 ScannerService;SCSI Scanner Service;c:\windows\system32\drivers\m_sscan.sys --> c:\windows\system32\drivers\m_sscan.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: ica.cz\b
TCP: {53476395-E95D-4BD1-8F35-B981865FC05B} = 192.168.1.1,194.228.2.61
TCP: {BF9C4C7C-8E30-4CFB-8430-F53B49034026} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: KB KTpro Pack - hxxps://www.mojebanka.cz/jars/kt_pro_v1101.cab
DPF: KB SH Pack - hxxps://www.mojebanka.cz/jars/sh_pack.cab
DPF: MIB Pack - hxxps://www.mojebanka.cz/jars/mib_pack_v1400.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {5B461C2E-763A-4F47-9809-55827667E821} - hxxp://193.165.214.165/scripts/MGBCCOM9.cab
DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - hxxp://software.actify.com/SpinFire/SFViewerWeb.cab
DPF: {AAF5E778-A1B8-4331-A9A6-AC4E4E85783D} - hxxp://www.album.cz/moje-alba/FotoStarPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\filip.ambroz\Data aplikací\Mozilla\Firefox\Profiles\vpx9f79f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 11:43:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-25 11:45:08
ComboFix-quarantined-files.txt 2009-03-25 10:45:06
ComboFix2.txt 2009-03-25 10:05:35
ComboFix3.txt 2009-03-25 09:38:22
ComboFix4.txt 2009-03-25 08:58:33
ComboFix5.txt 2009-03-25 10:42:21

Před spuštěním: Volných bajtů: 19,168,276,480
Po spuštění: Volných bajtů: 19,152,826,368

164 --- E O F --- 2009-03-13 02:02:20

#14 Příspěvek od **eda** » 25 bře 2009 12:07

Je to O.K.
Odinstalujte ComboFix: Start-Spustit-combofix /u

A mělo by to být vše.

Ribees · #15 Příspěvek od **Ribees** » 25 bře 2009 12:12

eda píše:Je to O.K.
Odinstalujte ComboFix: Start-Spustit-combofix /u

A mělo by to být vše.

Hotovo, perfekt, moc díííky

VIRY.CZ

Chyba komunikace s jádrem NOD32 - nějaký vir?

Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?

Re: Chyba komunikace s jádrem NOD32 - nějaký vir?