dalsi obet security tool

[Darkman.1]

Potreboval bych pomoc s odstranenim tohoto viru. Spustil jsem si combofix podle navodu co jsem nasel na tomto webu a prikladam k tomu log co mi combofix vyhodil. predem diky za radu



ComboFix 10-02-25.02 - Jarko 26.02.2010 13:34:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2038.810 [GMT 1:00]
Spuštěný z: c:\users\Jarko\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 090226-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2865474844-529535846-1203591237-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Fast Browser Search\ie3sh.exe
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWB3SH.dll
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\users\Jarko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
c:\users\Jarko\Desktop\Security Tool.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 12:46 . 2010-02-26 12:47 -------- d-----w- c:\users\Jarko\AppData\Local\temp
2010-02-26 12:46 . 2010-02-26 12:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 03:38 . 2010-02-26 03:39 3873109 ----a-r- c:\users\Jarko\ComboFix.exe
2010-02-26 03:26 . 2010-02-26 03:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-02-26 03:26 . 2010-02-26 03:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-02-26 03:26 . 2010-02-26 03:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-02-26 03:26 . 2010-02-26 03:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-02-26 03:17 . 2010-02-26 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-26 03:17 . 2010-02-26 12:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-24 17:11 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 17:10 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 17:10 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 17:10 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 17:10 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:10 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 17:10 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 17:10 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 17:10 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 17:09 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:25 . 2010-02-26 03:13 -------- d-----w- c:\programdata\89837641
2010-02-10 16:32 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 16:32 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 16:31 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 16:31 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-04 09:20 . 2010-02-04 09:33 -------- d-----w- c:\program files\Tropico2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 12:38 . 2007-11-13 17:33 66038 ----a-w- c:\windows\system32\perfh005.dat
2010-02-26 12:38 . 2007-11-13 17:33 19406 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 12:26 . 2008-05-09 04:29 -------- d-----w- c:\users\Jarko\AppData\Roaming\skypePM
2010-02-26 12:07 . 2008-05-08 19:55 -------- d-----w- c:\users\Jarko\AppData\Roaming\Skype
2010-02-26 02:52 . 2008-05-08 15:02 100816 ----a-w- c:\users\Jarko\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 00:18 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 21:00 . 2009-02-01 14:36 -------- d-----w- c:\program files\PKR
2010-02-12 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 02:02 . 2009-01-05 21:44 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 17:57 . 2007-11-13 10:02 -------- d-----w- c:\program files\Google
2010-02-08 17:28 . 2009-02-08 14:36 -------- d-----w- c:\program files\Uplink
2010-02-04 09:20 . 2007-11-13 09:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 09:20 . 2007-11-13 09:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-22 15:05 . 2009-01-27 14:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-28 12:35 . 2010-02-10 16:30 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 16:30 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 16:30 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 16:30 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 16:30 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 16:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 16:30 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 16:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 16:30 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 16:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 13:05 . 2010-01-22 14:52 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 14:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 14:52 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-08 20:52 . 2010-02-10 16:30 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-04 16:12 . 2010-02-10 16:30 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 16:30 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-02-01 17:20 . 2007-11-13 09:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-02-01 17:20 . 2007-11-13 09:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-01 17:20 . 2007-11-13 09:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-02-01 17:20 . 2007-11-13 09:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-02-01 17:20 . 2007-11-13 09:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-11-13 17:49 . 2007-11-13 17:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Mobile Partner"="c:\program files\3 Internet\3 Internet.exe" [2009-07-22 110592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8.5.2008 20:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8.5.2008 20:54 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8.5.2008 20:54 53328]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [4.3.2009 20:30 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jarko\AppData\Roaming\Mozilla\Firefox\Profiles\pngopmqa.default\
FF - component: c:\progra~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/updat ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/looku ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-NeroMultiInstaller!UninstallKey - c:\program files\Common Files\Ahead\Uninstall\SetupX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 13:47
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-26 13:51:33
ComboFix-quarantined-files.txt 2010-02-26 12:51

Před spuštěním: 3 987 079 168
Po spuštění: 5 532 065 792

- - End Of File - - 41634C01ADB3261FD53FE5E5C7225885

[Rudy]

Pod "Ostatní výmazy" najdete smazané infikované položky. Zbytek logu vypadá čistý.