log z ComboFix - kontrola

Zpráva

Rossi46 · #1 Příspěvek od **Rossi46** » 03 úno 2011 14:44

Dobry den, prosim zadam o kontrolu logu z ComboFix.
Projel sem disk Nodem ktery smazal dost trojanu ale nechal tam "c:\windows\system32\userinit.exe" Win32/Injector.EMK

Pote sem pustil ComboFix a ten snad uz tu havet smazal.
Mrknete prosim na log jestli tam neni jeste neco spatneho. Diky

ComboFix 11-01-31.02 - Jirka 03.02.2011 14:22:27.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.530 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\!venca\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jirka\community.exe
c:\documents and settings\Jirka\dexe.exe
c:\documents and settings\Jirka\know_file.exe
c:\documents and settings\Jirka\secupdat.dat
c:\documents and settings\Jirka\starter.exe
c:\documents and settings\Jirka\stay_wait.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\ndl.dl
c:\windows\system32\driVERs\mfwet.sys
c:\windows\system32\secupdat.dat
c:\windows\wibrf.jpg
c:\windows\wiybr.png
F:\AUTORUN.INF

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS
-------\Service_cdfss
-------\Legacy_mfwet
-------\Service_mfwet

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-03 do 2011-02-03 )))))))))))))))))))))))))))))))
.

2012-06-11 15:33 . 2007-01-05 17:34 -------- d-----w- c:\windows\OvtCam
2012-06-11 15:33 . 2005-09-30 08:56 18972 ------w- c:\windows\system32\ov530ext.ax
2012-06-11 15:33 . 2005-09-30 08:42 40960 ------w- c:\windows\system32\ov530ext.dll
2012-06-11 15:33 . 2005-03-15 16:04 161792 ------w- c:\windows\system32\drivers\ov530vid.sys
2012-06-11 15:33 . 2004-11-08 23:37 25177 ------w- c:\windows\system32\drivers\ov530cmd.sys
2012-06-11 15:33 . 2004-08-05 16:34 61440 ------w- c:\windows\ov530dib.dll
2012-06-11 15:33 . 2004-07-20 00:50 16440 ------w- c:\windows\system32\ov530usd.dll
2012-06-11 15:31 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-11 15:31 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-09 19:12 . 2010-12-12 13:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-09 19:07 . 2012-06-09 19:07 -------- d-----w- c:\program files\THQ
2011-02-03 13:05 . 2011-02-03 13:06 -------- d-----w- c:\program files\Ultimate Process Manager
2011-02-03 11:17 . 2011-02-03 11:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-03 10:42 . 2011-02-03 10:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-27 19:07 . 2004-08-17 13:49 24576 ----a-w- c:\windows\system32\stu2.exe
2011-01-23 14:44 . 2011-01-23 14:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-23 14:44 . 2011-02-03 10:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 11:27 . 2004-08-17 13:49 1033728 ----a-w- c:\windows\explorer.exe
2010-12-05 16:22 . 2009-12-13 20:31 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-10-10 282624]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - f:\games\Xfire\Xfire.exe [2005-1-26 1074176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2010-10-18 125952]
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dbeng6.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Jirka\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [12.1.2006 11:56 102528]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.5.2006 11:11 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 19:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 17:50 102272]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [21.4.2009 17:57 176256]
S0 rykrj;rykrj; [x]
S0 tcwhwlcn;tcwhwlcn;c:\windows\system32\drivers\ltnnvajp.sys --> c:\windows\system32\drivers\ltnnvajp.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.10.2010 20:23 136176]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [29.11.2005 10:16 241731]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 ATWPKT;ATWPKT;c:\windows\system32\drivers\atwpkt.sys [24.11.2007 17:42 19140]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [3.8.2009 12:34 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [3.8.2009 12:34 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [3.8.2009 12:34 38784]
S3 ceskecfh;ceskecfh;\??\c:\windows\System32\Drivers\ceskecfh.sys --> c:\windows\System32\Drivers\ceskecfh.sys [?]
S3 cjqxxerl;cjqxxerl;\??\c:\windows\System32\Drivers\cjqxxerl.sys --> c:\windows\System32\Drivers\cjqxxerl.sys [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\Jirka\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Jirka\LOCALS~1\Temp\idrmkl.sys [?]
S3 lgkdlfil;lgkdlfil;\??\c:\windows\System32\Drivers\lgkdlfil.sys --> c:\windows\System32\Drivers\lgkdlfil.sys [?]
S3 mwutcjja;mwutcjja;\??\c:\windows\System32\Drivers\mwutcjja.sys --> c:\windows\System32\Drivers\mwutcjja.sys [?]
S3 nnhfsbjo;nnhfsbjo;\??\c:\windows\System32\Drivers\nnhfsbjo.sys --> c:\windows\System32\Drivers\nnhfsbjo.sys [?]
S3 ophrjwtw;ophrjwtw;\??\c:\windows\System32\Drivers\ophrjwtw.sys --> c:\windows\System32\Drivers\ophrjwtw.sys [?]
S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [11.6.2012 16:33 161792]
S3 uutnnfqh;uutnnfqh;\??\c:\windows\System32\Drivers\uutnnfqh.sys --> c:\windows\System32\Drivers\uutnnfqh.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21.5.2006 11:12 223128]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:23]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:23]

2011-02-03 c:\windows\Tasks\User_Feed_Synchronization-{B3AF53D2-76D4-4C5E-A210-2800E1467E69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-userini - c:\windows\system32\userini.exe
HKLM-Run-adobe_pdf - c:\documents and settings\jirka\dexe.exe
HKLM-Run-userini - c:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe
AddRemove-RoadRash - c:\electronicarts\RoadRash\DeIsL2.isu
AddRemove-CrazyFrog2 - e:\jiricek\Nová složka (2)\CrazyFrog2\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 14:28
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:8c,94,59,f6,0e,95,34,01,d1,50,27,b6,e6,11,5c,ad,90,59,9a,b9,a8,
1b,d0,b0,fe,22,1f,ad,52,49,43,f3,c5,0b,00,e3,3e,1a,db,58,e2,81,be,82,18,af,\
"rkeysecu"=hex:ee,a4,03,d2,52,f7,ca,7b,9e,85,0f,23,80,91,15,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3924)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
f:\games\Xfire\xfire_conure_11237.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\opel inst\BHROOT\BIN\NT611SVC.EXE
c:\opel inst\BHROOT\BIN\monitor.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\opel inst\BHROOT\BIN\PORTMAP.EXE
c:\bhroot\BIN\DBMANG.EXE
c:\windows\Mixer.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-02-03 14:36:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-03 13:36

Před spuštěním: Volných bajtů: 11 375 607 808
Po spuštění: Volných bajtů: 11 356 180 480

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BA2CA1AC09A44D48FB3E20545E119E17

#2 Příspěvek od **vyosek** » 03 úno 2011 15:02

Zdravim a pekne odpoledne preji

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#3 Příspěvek od **vyosek** » 03 úno 2011 15:10

Prectete si prosim PMku a odpovezte mi na ni

#4 Příspěvek od **vyosek** » 03 úno 2011 15:22

Nelegalni ESS vyresen po PMkach

Jen doufam ze ten infektor neni z rodiny virutu, jinak Vas ceka reinstal - sance na vyleceni jsou male

Virut je polymorfní souborový virus,který napadá exe soubory atd, takže je téměř min. šance na vyléčení.Připojuje se k IRC síti.Je možné jej na dálku ovladát.Virut hledá spustitelné soubory exe,src.Spustitelné soubory virut infikuje připojením svého kódu k poslední sekci. Hostitelský soubor modifikuje tak, že před během původního kódu se spusti virus.Dokáže se aktualizovat anebo spustit libovolný soubor.

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
rykrj
tcwhwlcn
ceskecfh
cjqxxerl
idrmkl
lgkdlfil
mwutcjja
nnhfsbjo
ophrjwtw
uutnnfqh

File::
c:\windows\system32\drivers\ltnnvajp.sys 
c:\windows\System32\Drivers\ceskecfh.sys 
c:\windows\System32\Drivers\cjqxxerl.sys 
c:\docume~1\Jirka\LOCALS~1\Temp\idrmkl.sys 
c:\windows\System32\Drivers\lgkdlfil.sys 
c:\windows\System32\Drivers\mwutcjja.sys 
c:\windows\System32\Drivers\nnhfsbjo.sys 
c:\windows\System32\Drivers\ophrjwtw.sys 
c:\windows\System32\Drivers\uutnnfqh.sys 
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{B3AF53D2-76D4-4C5E-A210-2800E1467E69}.job

Folder::
c:\program files\SweetIM
c:\program files\ESET\MiNODLogin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"QuickTime Task"=-
"SweetIM"=-
"SunJavaUpdateSched"=-
"NeroFilterCheck"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Firefox::
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

RegLock::
[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

DDS::
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Rossi46 · #5 Příspěvek od **Rossi46** » 03 úno 2011 16:09

log:

ComboFix 11-01-31.02 - Jirka 03.02.2011 15:53:55.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.667 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\Jirka\LOCALS~1\Temp\idrmkl.sys"
"c:\windows\System32\Drivers\ceskecfh.sys"
"c:\windows\System32\Drivers\cjqxxerl.sys"
"c:\windows\System32\Drivers\lgkdlfil.sys"
"c:\windows\system32\drivers\ltnnvajp.sys"
"c:\windows\System32\Drivers\mwutcjja.sys"
"c:\windows\System32\Drivers\nnhfsbjo.sys"
"c:\windows\System32\Drivers\ophrjwtw.sys"
"c:\windows\System32\Drivers\uutnnfqh.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{B3AF53D2-76D4-4C5E-A210-2800E1467E69}.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{B3AF53D2-76D4-4C5E-A210-2800E1467E69}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDRMKL
-------\Legacy_RYKRJ
-------\Legacy_TCWHWLCN
-------\Service_ceskecfh
-------\Service_cjqxxerl
-------\Service_idrmkl
-------\Service_lgkdlfil
-------\Service_mwutcjja
-------\Service_nnhfsbjo
-------\Service_ophrjwtw
-------\Service_rykrj
-------\Service_tcwhwlcn
-------\Service_uutnnfqh

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-03 do 2011-02-03 )))))))))))))))))))))))))))))))
.

2012-06-11 15:33 . 2007-01-05 17:34 -------- d-----w- c:\windows\OvtCam
2012-06-11 15:33 . 2005-09-30 08:56 18972 ------w- c:\windows\system32\ov530ext.ax
2012-06-11 15:33 . 2005-09-30 08:42 40960 ------w- c:\windows\system32\ov530ext.dll
2012-06-11 15:33 . 2005-03-15 16:04 161792 ------w- c:\windows\system32\drivers\ov530vid.sys
2012-06-11 15:33 . 2004-11-08 23:37 25177 ------w- c:\windows\system32\drivers\ov530cmd.sys
2012-06-11 15:33 . 2004-08-05 16:34 61440 ------w- c:\windows\ov530dib.dll
2012-06-11 15:33 . 2004-07-20 00:50 16440 ------w- c:\windows\system32\ov530usd.dll
2012-06-11 15:31 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-11 15:31 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-09 19:12 . 2010-12-12 13:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-09 19:07 . 2012-06-09 19:07 -------- d-----w- c:\program files\THQ
2011-02-03 14:39 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-03 14:39 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 14:39 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-03 14:39 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-03 14:39 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-03 14:39 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-03 14:39 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-03 14:38 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-03 14:38 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-03 14:38 . 2011-02-03 14:38 -------- d-----w- c:\program files\Alwil Software
2011-02-03 14:38 . 2011-02-03 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-03 13:05 . 2011-02-03 13:06 -------- d-----w- c:\program files\Ultimate Process Manager
2011-02-03 11:17 . 2011-02-03 11:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-03 10:42 . 2011-02-03 10:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-27 19:07 . 2004-08-17 13:49 24576 ----a-w- c:\windows\system32\stu2.exe
2011-01-23 14:44 . 2011-01-23 14:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-23 14:44 . 2011-02-03 10:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 11:27 . 2004-08-17 13:49 1033728 ----a-w- c:\windows\explorer.exe
2010-12-05 16:22 . 2009-12-13 20:31 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - f:\games\Xfire\Xfire.exe [2005-1-26 1074176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dbeng6.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Jirka\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [12.1.2006 11:56 102528]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.5.2006 11:11 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.2.2011 15:39 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.2.2011 15:39 17744]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [25.2.2003 19:43 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [27.2.2003 17:50 102272]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [21.4.2009 17:57 176256]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.10.2010 20:23 136176]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [29.11.2005 10:16 241731]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 ATWPKT;ATWPKT;c:\windows\system32\drivers\atwpkt.sys [24.11.2007 17:42 19140]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [3.8.2009 12:34 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [3.8.2009 12:34 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [3.8.2009 12:34 38784]
S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [11.6.2012 16:33 161792]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [21.5.2006 11:12 223128]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 16:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:8c,94,59,f6,0e,95,34,01,d1,50,27,b6,e6,11,5c,ad,90,59,9a,b9,a8,
1b,d0,b0,fe,22,1f,ad,52,49,43,f3,c5,0b,00,e3,3e,1a,db,58,e2,81,be,82,18,af,\
"rkeysecu"=hex:ee,a4,03,d2,52,f7,ca,7b,9e,85,0f,23,80,91,15,d1
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\opel inst\BHROOT\BIN\NT611SVC.EXE
c:\opel inst\BHROOT\BIN\monitor.exe
c:\windows\system32\crypserv.exe
c:\windows\Mixer.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\opel inst\BHROOT\BIN\PORTMAP.EXE
c:\bhroot\BIN\DBMANG.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-03 16:08:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-03 15:08
ComboFix2.txt 2011-02-03 13:36

Před spuštěním: Volných bajtů: 11 046 445 056
Po spuštění: Volných bajtů: 11 034 787 840

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DF1A0A558ACB7AB7BA16E90AAD63C39F

#6 Příspěvek od **vyosek** » 03 úno 2011 18:59

Jeste jeden skript pro CF - postup je stejny

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\stu2.exe

Firefox::
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

Reboot::

Rossi46 · #7 Příspěvek od **Rossi46** » 03 úno 2011 19:59

Tak PC v normalnim rezimu kdyz najede do win tak lepereceno zamrzne.. dolni lista start se blbe zobrazi a nejde spustit IE ... v nouzaku z ktereho pisu jde vse OK.

log:
ComboFix 11-01-31.02 - Jirka 03.02.2011 19:42:01.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.800 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\stu2.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\windows\system32\stu2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-03 do 2011-02-03 )))))))))))))))))))))))))))))))
.

2012-06-11 15:33 . 2007-01-05 17:34 -------- d-----w- c:\windows\OvtCam
2012-06-11 15:33 . 2005-09-30 08:56 18972 ------w- c:\windows\system32\ov530ext.ax
2012-06-11 15:33 . 2005-09-30 08:42 40960 ------w- c:\windows\system32\ov530ext.dll
2012-06-11 15:33 . 2005-03-15 16:04 161792 ------w- c:\windows\system32\drivers\ov530vid.sys
2012-06-11 15:33 . 2004-11-08 23:37 25177 ------w- c:\windows\system32\drivers\ov530cmd.sys
2012-06-11 15:33 . 2004-08-05 16:34 61440 ------w- c:\windows\ov530dib.dll
2012-06-11 15:33 . 2004-07-20 00:50 16440 ------w- c:\windows\system32\ov530usd.dll
2012-06-11 15:31 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-06-11 15:31 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-09 19:12 . 2010-12-12 13:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-09 19:07 . 2012-06-09 19:07 -------- d-----w- c:\program files\THQ
2011-02-03 14:39 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-03 14:39 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 14:39 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-03 14:39 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-03 14:39 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-03 14:39 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-03 14:39 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-03 14:38 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-03 14:38 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-03 14:38 . 2011-02-03 14:38 -------- d-----w- c:\program files\Alwil Software
2011-02-03 14:38 . 2011-02-03 14:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-03 13:05 . 2011-02-03 13:06 -------- d-----w- c:\program files\Ultimate Process Manager
2011-02-03 11:17 . 2011-02-03 11:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-03 10:42 . 2011-02-03 10:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-23 14:44 . 2011-01-23 14:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-23 14:44 . 2011-02-03 10:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 11:27 . 2004-08-17 13:49 1033728 ----a-w- c:\windows\explorer.exe
2010-12-05 16:22 . 2009-12-13 20:31 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.

------- Sigcheck -------

Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-10-10 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - f:\games\Xfire\Xfire.exe [2005-1-26 1074176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dbeng6.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Jirka\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2005-11-29 241731]
R2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-07-09 102400]
R3 ATWPKT;ATWPKT;c:\windows\system32\Drivers\ATWPKT.SYS [2002-03-20 19140]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]
R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [2006-05-21 223128]
S0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2006-01-12 102528]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-15 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
S3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\yukonx86.sys [2003-10-16 176256]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\wp4bids6.default\
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 19:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-515967899-573735546-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:8c,94,59,f6,0e,95,34,01,d1,50,27,b6,e6,11,5c,ad,90,59,9a,b9,a8,
1b,d0,b0,fe,22,1f,ad,52,49,43,f3,c5,0b,00,e3,3e,1a,db,58,e2,81,be,82,18,af,\
"rkeysecu"=hex:ee,a4,03,d2,52,f7,ca,7b,9e,85,0f,23,80,91,15,d1
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Celkový čas: 2011-02-03 19:54:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-03 18:54
ComboFix2.txt 2011-02-03 15:08
ComboFix3.txt 2011-02-03 13:36

Před spuštěním: Volných bajtů: 12 082 802 688
Po spuštění: Volných bajtů: 11 018 375 168

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 61B2C5159914170564C33237E677086D

#8 Příspěvek od **vyosek** » 03 úno 2011 20:15

Udelejte sken pomoci AVPToolu http://viry.cz/forum/viewtopic.php?f=29&t=58179

Rossi46 · #9 Příspěvek od **Rossi46** » 04 úno 2011 09:25

Dobre dopoledne.

Log:
Automatická kontrola: dokončeno před 14 min. (události: 8, objekty: 255469, čas: 01:01:44)
4.2.2011 8:08:39 Úloha byla spuštěna
4.2.2011 8:23:35 Zjištěno: not-a-virus:AdWare.Win32.MyWay.j C:\Program Files\AWS\WxBugSetup60b6.04.0.9m.EXE/WiseSFXDropper/WISE0016.BIN
4.2.2011 8:24:32 Odstraněno: not-a-virus:AdWare.Win32.MyWay.j C:\Program Files\AWS\WxBugSetup60b6.04.0.9m.EXE
4.2.2011 8:42:18 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Jirka\secupdat.dat.vir/PE-Crypt.XorPE
4.2.2011 8:42:21 Zjištěno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir/PE-Crypt.XorPE
4.2.2011 8:42:24 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir
4.2.2011 8:42:25 Odstraněno: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\Jirka\secupdat.dat.vir
4.2.2011 9:10:24 Úloha byla dokončena

#10 Příspěvek od **vyosek** » 04 úno 2011 09:44

Pekne dopoledne i Vam

tak vahani o virutu se jsme vyloucili, jak se chova PC

Rossi46 · #11 Příspěvek od **Rossi46** » 04 úno 2011 09:47

od te doby co tam je skvely Avast a smazal mi nejakou havet tak PC v beznym rezimu do WIN najede, ale avast se nenacte, IE nejde zapnout, teda zapne se ale nevidim ho na pozadi, jen ve spravci systemu. Total Commander nebo Tento Pocitac otevru v pohode..
Predtim nez avast neco smazal tak PC sel ve Win normalne tzv sel IE atd... V nouzaku vsak IE a vse ostatni jde OK

Co radite prosim dal?

#12 Příspěvek od **vyosek** » 04 úno 2011 10:09

Dejte sem screen karanteny Avastu at vidim co mazal

Rossi46 · #13 Příspěvek od **Rossi46** » 04 úno 2011 10:17

Omlouvam se za rozliseni ale je to v nouzaku.. Jeste neco mazalo pri bootovani PC se sam zapnul avast a neco mazal, to zrejme v logu neni..

#14 Příspěvek od **vyosek** » 04 úno 2011 10:21

Je to havet jen v bodech obnoveni, tam by mela byt neskodna

Smazte ji dle tohoto navodu http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Stahnete IE odsud http://www.microsoft.com/cze/windows/in ... fault.aspx a zkuste reinstalovat

Taktez Avast reinstalujte - proto jsem jej chtel instalovat misto toho ESS az po ukonceni leceni, jelikoz havet ho mohla poskodit

Rossi46 · #15 Příspěvek od **Rossi46** » 04 úno 2011 10:44

Dobra zprava, po re-instalaci Avastu uz jde vse OK ani IE sem nemusel preinstalovat.
Pisu uz z bezneho rezimu Win.

VIRY.CZ

log z ComboFix - kontrola

log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola

Re: log z ComboFix - kontrola