prosba o pomoc - ROOTKIT

[motji]

u chkdsk dejte možnost (Y), po restartu pc se provede kontrola disku.

Sp zkuste stahnout v rámci aktualizací, jestli Vám je nabízí.

[lusi86]

ZA mi zachytil tieto pokusy dostat sa na internet od suborov, ktore nepoznam, oba su i v procesoch, ktore zobrazuje windows task manager:

ACS.exe
IP 127.0.0.1 Port9877

a

ALU.exe
IP 193.87.98.3

a ked sa pokusam restartovat PC, tak mi nahodi, ze program EventWnd sa ukoncuje, potom naskoci not responding a potom este velmi dlho trva, kym sa PC vypne.

V ostatnych veciach PC funguje dobre. Stiahla som si novu verziu Avastu 5.0.

Teraz idem dat defragmentovat pc

[motji]

EventWnd - tohle by mělo souviset s Zone alarmem, zkuste ho vypnout, nebo odinstalovat, jestli se to bude znovu objevovat. Je možné, že že Vašemu systému prostě ZA nesedl.

ACS.exe je od Atheros Wireless LAN, pokud používáte, myslím že můžete povolit

ALU.exe - asus live update - můžete povolit

[lusi86]

a namiesto ZA si mam co nainstalovat ako firewall?

priatel sa u mna na internate prihlasil na nasu skolsku wi-fi siet a avast mu zacal vyhadzovat virusy... nie rootkita, ako mne, ale trojana a malware. takisto mu ich vyhadzuje, pripajam jeho log z rsitu, ci nahodou tie virusy nerozsiruje ta nasa wi-fi siet.

Logfile of random's system information tool 1.06 (written by random/random)
Run by rado at 2010-04-15 21:53:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (17%) free of 100 GB
Total RAM: 1789 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-28 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2008-11-20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-20 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-13 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2008-11-20 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-20 720896]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2008-11-20 245760]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-13 806912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-05-14 61440]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-16 488752]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-05-12 318488]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-05-24 197904]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-06-04 177456]
"AccelerometerSysTrayApplet"=c:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-09 82224]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"MobilityManager"=C:\Program Files\Mobility Manager\MobilityManager []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-31 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-31 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\bndmss.exe"="C:\WINDOWS\system32\bndmss.exe:*:Enabled:BNDMSS"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Documents and Settings\rado\skp66.exe"="C:\Documents and Settings\rado\skp66.exeskp66.exe:*:Enabled:BNDMSS"
"skp66.exe"="skp66.exe:*:Enabled:BNDMSS"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe"="C:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe:*:Enabled:FIFA 08"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\EA Games\Battlefield 2\BF2.exe"="C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\wmicvrts.exe"="C:\WINDOWS\system32\wmicvrts.exe:*:Enabled:DHCP Router"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\WINDOWS\system32\wmicvrts.exe"="C:\WINDOWS\system32\wmicvrts.exe:*:Enabled:DHCP Router"

======List of files/folders created in the last 1 months======

2010-04-15 21:53:55 ----D---- C:\Program Files\trend micro
2010-04-15 21:53:54 ----D---- C:\rsit
2010-04-15 17:14:29 ----RSH---- C:\WINDOWS\system32\wmicvrts.exe
2010-04-09 10:18:01 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-05 19:13:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-05 19:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

======List of files/folders modified in the last 1 months======

2010-04-15 21:53:55 ----RD---- C:\Program Files
2010-04-15 21:43:30 ----D---- C:\WINDOWS\Temp
2010-04-15 19:30:36 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-04-15 17:14:53 ----D---- C:\temp
2010-04-15 17:14:44 ----D---- C:\WINDOWS\system32
2010-04-15 17:14:36 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:12:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 12:26:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-10 17:51:19 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #4.txt
2010-04-09 10:18:05 ----SHD---- C:\WINDOWS\Installer
2010-04-09 10:18:05 ----HD---- C:\Config.Msi
2010-04-05 19:13:44 ----D---- C:\WINDOWS\system32\drivers
2010-04-05 19:13:34 ----D---- C:\WINDOWS\WinSxS
2010-04-05 19:13:12 ----D---- C:\Program Files\Alwil Software
2010-04-05 19:05:05 ----D---- C:\INSTALACKY
2010-04-01 20:01:51 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt
2010-04-01 15:12:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-29 20:07:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-27 18:18:52 ----D---- C:\Documents and Settings\rado\Application Data\HPAppData
2010-03-27 18:14:40 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-17 33792]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-31 3230720]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-05-14 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-05-14 879624]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-29 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-11 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-27 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-31 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-02-27 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-04 296320]
S3 azoe91cy;azoe91cy; C:\WINDOWS\system32\drivers\azoe91cy.sys []
S3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-11-20 1287552]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-14 539512]
S3 BTCFilterService;USB Networking Driver Filter Service; C:\WINDOWS\system32\DRIVERS\motfilt.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-05-14 156392]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-05-14 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-05-14 74688]
S3 catchme;catchme; \??\C:\DOCUME~1\rado\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-03-11 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-03-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-03-11 21568]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-12-06 6400]
S3 Motousbnet;Motorola USB Networking Driver Service; C:\WINDOWS\system32\DRIVERS\Motousbnet.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-06-21 56448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-31 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-31 561152]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-13 264800]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-31 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-31 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-31 14336]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-02 165192]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate1ca1200f4422e23;Služba Google Update (gupdate1ca1200f4422e23); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-31 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-31 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-11 118272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[lusi86]

stahujem si PC tools firewall, ten ste mi predtym odporucali namiesto ZA

[motji]

Pctools zkuste, kdysi jsem ho používala a vyhovoval mi a je podobný ZA .

Můžu vědět, v jakých souborech mu viry vyhazuje? Také si myslím, že máte tu sít tam zavirovanou

[lusi86]

vo Windows/Temp, ten sme vymazali, co slo a dalej v C:/Documents and Settings/Network Service

[motji]

Zkuste tam dát raději combofix, a pokud se bude ještě na tu sít připojovat, tak doinstalujte firewall

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[aanime]

Dobrý den, předevčírem jsem při skenu NODem objevil 10 x win32/Rootkit.Kryptik.AF výhradně v systémovém adresáři ovladačů. Od včerejška se jejich počet zvětšil přes stovku. PC se zapíná pomaleji a vyhazuje okno s volbou poslední známé konfigurace,jiné změny jsem nezaznamenal. Díky za pomocné rady Přikládám log z ComboFixu

Kód: Vybrat vše

ComboFix 10-04-15.02 - Lukáš 16.04.2010  11:50:48.2.2 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.3067.2449 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

(((((((((((((((((((((((((   Soubory vytvořené od 2010-03-16 do 2010-04-16  )))))))))))))))))))))))))))))))
.

2010-04-16 09:18 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-15 16:23 . 2008-04-13 22:10	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-15 16:23 . 2008-04-13 22:10	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-04-14 21:48 . 2010-04-14 21:48	--------	d-----w-	c:\program files\Total Uninstall 5
2010-04-13 15:54 . 2008-04-13 22:11	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-04-13 15:54 . 2008-04-13 22:11	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-04-13 15:54 . 2008-04-13 22:11	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-13 15:54 . 2008-04-13 22:11	8192	----a-w-	c:\windows\system32\drivers\Changer.sys
2010-04-02 07:59 . 2010-04-02 07:59	--------	d-sh--w-	c:\documents and settings\LocalService\PrivacIE
2010-04-02 07:59 . 2010-04-02 07:59	--------	d-----r-	c:\documents and settings\LocalService\Oblíbené položky
2010-03-30 21:04 . 2010-03-30 21:04	--------	d-----w-	c:\program files\Common Files\Java
2010-03-30 18:17 . 2007-04-01 07:00	2842624	----a-w-	c:\temp\btwicons.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 09:55 . 2010-02-11 14:57	802304	----a-w-	c:\windows\system32\drivers\ttmvmbdi.sys
2010-04-16 09:18 . 2009-04-14 23:48	--------	d-----w-	c:\program files\Java
2010-04-16 09:17 . 2001-10-25 12:00	95892	----a-w-	c:\windows\system32\perfc005.dat
2010-04-16 09:17 . 2001-10-25 12:00	475970	----a-w-	c:\windows\system32\perfh005.dat
2010-04-14 21:50 . 2009-04-14 18:14	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-14 21:43 . 2009-04-14 17:56	--------	d-----w-	c:\program files\Windows Media Connect 2
2010-04-14 19:20 . 2009-04-14 22:41	--------	d-----w-	c:\program files\PowerArchiver
2010-03-23 22:09 . 2009-04-15 08:28	--------	d-----w-	c:\program files\Translator 2005
2010-03-10 06:17 . 2008-04-14 06:52	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-08 22:08 . 2010-03-08 22:03	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-03-08 22:02 . 2010-03-08 22:02	--------	d-----w-	c:\program files\Microsoft Device Emulator
2010-03-08 22:02 . 2010-03-08 22:02	--------	d-----w-	c:\program files\Microsoft SQL Server 2005 Mobile Edition
2010-03-08 21:57 . 2010-03-08 21:49	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-03-08 21:57 . 2010-03-08 21:51	--------	d-----w-	c:\program files\HTML Help Workshop
2010-03-08 21:55 . 2010-03-08 21:51	--------	d-----w-	c:\program files\Common Files\Merge Modules
2010-03-08 21:51 . 2010-03-08 21:51	--------	d-----w-	c:\program files\Common Files\Business Objects
2010-03-08 21:51 . 2010-03-08 21:51	--------	d-----w-	c:\program files\CE Remote Tools
2010-02-25 06:18 . 2008-05-08 07:16	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 20:15 . 2010-02-17 20:15	--------	d-----w-	c:\program files\Audacity 1.3. 9 Beta (Unicode)
2010-02-17 14:35 . 2010-02-17 14:35	--------	d-----w-	c:\program files\Common Files\Digidesign
2010-02-17 14:35 . 2010-02-17 14:35	--------	d-----w-	c:\program files\Audiffex
2010-02-17 14:34 . 2009-09-12 21:30	--------	d-----w-	c:\program files\Vstplugins
2010-02-16 19:08 . 2008-04-14 08:06	2026496	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2008-04-14 06:06	2148352	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 2008-04-14 06:51	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 22:30	226880	----a-w-	c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-05-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2010-04-16_01.51.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 09:46 . 2010-04-16 09:46	16384              c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2001-10-25 12:00 . 2010-04-16 09:17	85288              c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2010-04-10 09:43	85288              c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-04-16 09:17	479398              c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-04-10 09:43	479398              c:\windows\system32\perfh009.dat
+ 2010-04-16 09:18 . 2010-04-12 15:29	153376              c:\windows\system32\javaws.exe
- 2010-03-30 21:04 . 2010-03-09 02:28	153376              c:\windows\system32\javaws.exe
+ 2010-04-16 09:18 . 2010-04-12 15:29	145184              c:\windows\system32\javaw.exe
- 2010-03-30 21:04 . 2010-03-09 02:28	145184              c:\windows\system32\javaw.exe
+ 2010-04-16 09:18 . 2010-04-12 15:29	145184              c:\windows\system32\java.exe
- 2010-03-30 21:04 . 2010-03-09 02:28	145184              c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Bezpečnost" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\F:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20	689488	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-09 22:36	870920	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50	155648	----a-r-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-02-22 09:40	207504	----a-w-	c:\menší programy\pdf24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-04-17 17:14	98304	----a-w-	c:\přehrávače\QuickTimePlayer\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Bezpečnost,síť\\QIP\\qip.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Vietcong\\vietcong_1.6_NO_CD_crack.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1234:UDP"= 1234:UDP:ab
"9875:UDP"= 9875:UDP:ac

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [17.4.2009 20:07 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14.4.2009 21:24 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [14.4.2009 21:24 43736]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [17.4.2009 20:07 160640]
S2 gupdate1ca03409edf825e;Služba Google Update (gupdate1ca03409edf825e);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2009 0:32 133104]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\dfuusb.sys [8.11.2007 22:51 10880]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys [27.12.2009 13:08 18432]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 8:01 2799808]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - ttmvmbdi
.
Obsah adresáře 'Naplánované úlohy'

2010-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-12 22:28]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 22:31]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 22:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator 2005\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator 2005\WEBIE.DLL
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\eh7m0i36.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\bezpeźnost,sˇś\firefox\greprefs\all.js - pref("html5.enable", false);
c:\bezpeźnost,sˇś\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\bezpeźnost,sˇś\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\bezpeźnost,sˇś\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\bezpeźnost,sˇś\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\bezpeźnost,sˇś\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\ttmvmbdi]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1085031214-842925246-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,26,de,95,4a,9b,6f,9f,f2,de,b2,98,e1,fa,62,ca,c4,e3,98,e6,67,9b,2d,
   69,1b,00,36,51,94,73,89,07,39,ce,5d,a1,46,57,c7,93,b4,71,05,f3,4d,ac,f7,90,\
"??"=hex:29,09,d2,a8,43,0c,17,31,e4,b9,9b,46,02,82,18,87
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(16712)
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2010-04-16  11:57:14
ComboFix-quarantined-files.txt  2010-04-16 09:57
ComboFix2.txt  2010-04-16 01:57

Před spuštěním: Volných bajtů: 22 522 753 024
Po spuštění: Volných bajtů: 22 489 739 264

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,4,5,6,7,8
- - End Of File - - F3991BE37F7AB5179B57071D8CA2F978

[motji]

aanime
Hezké odpoledne, vítejte na foru .
Poprosím Vás, aby jste si založil nový topic (klidně můžete napsat pro Motji, ráda se na to podívám ) a vložil tam log. tady by se to pletlo s ostatními logy . Ještě tam něco vidím, je potřeba něco domazat .
Děkuji za pochopení

[lusi86]

priatelovi sa pri kontrole combofixom vypol pc-dosla baterka a potom mu tam nahadzovalo, ze windows sa spustil po zavaznej chybe systemu alebo nieco tak a combofix nesiel spustit. nechala som mu to radsej tak, povedal, ze sa na to pozrie sam.

mne avast nasiel takisto v Network Service Malware, ale uz je zmazany. Inak to ako vyzera? Uz je moj pc odvireny, ci tam mam este nejake potvory? Okrem SP3 som vsetko spravila, ten by som mala mat dnes alebo zajtra, ale pocula som nan negativne ohlasy, vraj nespolupracuje dobre s kazdym systemom. Vidim to tak, ze na internate internet budem pouzivat len v nutnych pripadoch, ked je ta siet takto zavirena, kym s tym nieco nespravia...

[motji]

Poproste přítele, at se podívá, jestli se mu v počítači vytvořila na disku C složka qoobox. Pokud ano, zabalte ji do raru a pošlete na www.leteckaposta.cz, link mi vložte do sz. Podívám se, zda něco smazal. Přiložte sem i log ze Rsitu z jeho pc. Problém byl, že se během běhu combofixu vybila ta baterka, to je docela průšvih. Ale snad to bude dobré.


Prominte, tohle jsem nepochopila - avast nasiel takisto v Network Service Malware. Kde ho našel? Můžete mi dát log z Avastu? Napsat jaké malware to bylo?

Podle mě už vypadá počítač čistě, můžete pro jistotu za týden vložit log ze Rsitu. Pokud by byly nějaké problémy, ozvěte se hned. Měla jste ten počítač hodně zavirovaný.
Firewall by Vás měl ochránit. Měla by jste správci sítě nahlásit, že sít je zavirovaná, ale pokud mají u Vás na internátě zavirované počítače, tak se toho asi hned tak nezbaví .

[davidrohusch]

Asi sem lama ale co je ten ROOTKIT

[motji]

Asi sem lama ale co je ten ROOTKIT

Jednoduše řečeno, Rootkit je program, který se snaží zamaskovat vlastní přítomnost v PC (přítomnost souborů, změn v registru Windows...), popř. přítomnost jiných aplikací v PC.

http://www.rootkit.cz/go.php
http://www.rootkit.cz/go.php?p=rootkit&t=clanek&id=5

[riffman]

Asi sem lama ale co je ten ROOTKIT

viz SPECIALNI ODKAZ v mem podpisu