Nezničitelnej Worm

[EvilZone]

Ahoj mám podeření na nakou skrytou mrchu viz, combo ( boužel se mě nepodařilo přijít kde je "zdroj" ) Přišel sem z prace a pořád padal net... nasledoval restart wifi . Pak istalace ZA výpadky už nebyli takové časté ... po 7,5 minutě spadne na 10 sec net a takhle pořád dokola . UPM neřeklo naprosto nic , rsit take ne ( proletel sem log možná tam něco bylo ) a sory za edits .

ComboFix 10-09-29.01 - HackHell 29.09.2010 23:20:31.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2838 [GMT 2:00]
Spuštěný z: c:\documents and settings\HackHell\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HackHell\Data aplikací\BITS
c:\documents and settings\HackHell\Data aplikací\BITS\BITS.ini
c:\documents and settings\HackHell\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\HackHell\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\windows\libem.INI
c:\windows\regedit.com
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\secustat.dat
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 21:13 . 2010-09-29 21:13 -------- d-----w- c:\windows\LastGood
2010-09-29 21:10 . 2010-09-29 21:10 388096 ----a-r- c:\documents and settings\HackHell\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 20:57 . 2010-09-29 20:57 3895888 ----a-w- c:\windows\REGBK03.ZIP
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\rundll16.exe
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\logo1_.exe
2010-09-20 01:06 . 2010-09-20 01:06 -------- d-----w- c:\program files\Avira
2010-09-20 01:06 . 2010-03-01 08:06 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-20 01:06 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-20 01:06 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-20 01:06 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-20 00:20 . 2009-03-25 09:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 21:06 . 2010-06-03 14:49 -------- d-----w- c:\program files\Realtek
2010-09-29 19:58 . 2010-06-03 14:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-28 21:55 . 2010-06-30 16:44 -------- d-----w- c:\program files\Trillian
2010-09-23 00:42 . 2010-07-13 08:22 -------- d-----w- c:\program files\UPM
2010-09-21 13:03 . 2010-08-27 16:49 -------- d-----w- c:\program files\Clip2Net
2010-09-12 20:42 . 2010-06-26 01:07 -------- d-----w- c:\program files\CCleaner
2010-08-29 16:31 . 2010-06-03 16:04 -------- d-----w- c:\program files\Xfire
2010-08-20 15:06 . 2010-08-20 15:06 3907208 ----a-w- c:\windows\REGBK02.ZIP
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 00:59 . 2010-06-17 21:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-08-13 22:01 . 2010-06-18 18:46 -------- d-----w- c:\program files\AIMP2
2010-08-13 01:36 . 2010-08-13 01:36 2826192 ----a-w- c:\documents and settings\HackHell\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-08-07 19:22 . 2010-08-07 19:21 3920986 ----a-w- c:\windows\REGBK01.ZIP
2010-08-06 16:38 . 2010-08-06 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 20:30 . 2010-08-06 16:48 65536 ----a-w- c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-13 06:44 . 2010-07-13 06:44 3815533 ----a-w- c:\windows\REGBK00.ZIP
2010-07-13 02:53 . 2010-07-13 02:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-13 02:53 . 2010-07-13 02:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-13 02:53 . 2010-07-13 02:53 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-12 20:07 . 2010-06-03 16:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [20.9.2010 3:06 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.9.2010 3:06 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [20.9.2010 3:06 405672]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23.11.2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3.6.2010 18:00 14856]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3.6.2010 17:37 13225]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.6.2010 18:43 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Stahnou vse FlashGet3 - c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetUrl.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 23:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Celkový čas: 2010-09-29 23:24:01
ComboFix-quarantined-files.txt 2010-09-29 21:23

Před spuštěním: Volných bajtů: 156 399 845 376
Po spuštění: Volných bajtů: 156 973 969 408

- - End Of File - - DC23850BADC9222F2EF930644441CF9C


BTW : není FlashGet torent downloader ? neco takového sem měl v pc 5-6 let zpatky ( takže pár winu pozadu ) vubec netuším jak se neco takového dostalo do pc .

[stell]

Zdravim
Nie tento FlashGet-je smejd.
To co si oznacil cervenym, patri MWAV.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
DDS::
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Stahnou vse FlashGet3 - c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\HackHell\Data aplikací\FlashGetBHO\GetUrl.htm
FireFox::
FF - ProfilePath - c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[EvilZone]

ComboFix 10-09-29.04 - HackHell 30.09.2010 12:41:30.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2946 [GMT 2:00]
Spuštěný z: c:\documents and settings\HackHell\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HackHell\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 10:40 . 2010-09-30 10:40 -------- d-----w- C:\32788R22FWJFW
2010-09-29 22:25 . 2010-06-23 11:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-09-29 22:25 . 2010-06-23 11:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-09-29 22:25 . 2010-09-29 22:25 -------- d-----w- c:\windows\system32\ZoneLabs
2010-09-29 22:25 . 2010-06-23 11:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-09-29 22:25 . 2010-09-29 22:25 -------- d-----w- c:\program files\Zone Labs
2010-09-29 21:10 . 2010-09-29 21:10 388096 ----a-r- c:\documents and settings\HackHell\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 20:57 . 2010-09-29 20:57 3895888 ----a-w- c:\windows\REGBK03.ZIP
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\rundll16.exe
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\logo1_.exe
2010-09-20 01:06 . 2010-09-20 01:06 -------- d-----w- c:\program files\Avira
2010-09-20 01:06 . 2010-03-01 08:06 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-20 01:06 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-20 01:06 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-20 01:06 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-20 00:20 . 2009-03-25 09:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 10:30 . 2010-06-03 14:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 22:25 . 2010-06-03 16:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-09-29 21:06 . 2010-06-03 14:49 -------- d-----w- c:\program files\Realtek
2010-09-28 21:55 . 2010-06-30 16:44 -------- d-----w- c:\program files\Trillian
2010-09-23 00:42 . 2010-07-13 08:22 -------- d-----w- c:\program files\UPM
2010-09-12 20:42 . 2010-06-26 01:07 -------- d-----w- c:\program files\CCleaner
2010-08-29 16:31 . 2010-06-03 16:04 -------- d-----w- c:\program files\Xfire
2010-08-20 15:06 . 2010-08-20 15:06 3907208 ----a-w- c:\windows\REGBK02.ZIP
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 00:59 . 2010-06-17 21:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-08-13 22:01 . 2010-06-18 18:46 -------- d-----w- c:\program files\AIMP2
2010-08-13 01:36 . 2010-08-13 01:36 2826192 ----a-w- c:\documents and settings\HackHell\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-08-07 19:22 . 2010-08-07 19:21 3920986 ----a-w- c:\windows\REGBK01.ZIP
2010-08-06 16:38 . 2010-08-06 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 20:30 . 2010-08-06 16:48 65536 ----a-w- c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-13 06:44 . 2010-07-13 06:44 3815533 ----a-w- c:\windows\REGBK00.ZIP
2010-07-13 02:53 . 2010-07-13 02:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-13 02:53 . 2010-07-13 02:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-13 02:53 . 2010-07-13 02:53 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-29_21.23.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-30 10:45 . 2010-09-30 10:45 16384 c:\windows\temp\Perflib_Perfdata_37c.dat
+ 2010-09-29 22:25 . 2010-06-23 11:51 99328 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 70656 c:\windows\system32\ZoneLabs\zatray.exe
+ 2010-09-29 22:25 . 2010-06-23 11:51 21504 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 14336 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 46592 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 85504 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 37376 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 20992 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 10240 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 11264 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 14336 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 12288 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 11264 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 29184 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 13312 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 35840 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 38912 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 75776 c:\windows\system32\ZoneLabs\camupd.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 43008 c:\windows\system32\vswmi.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 58368 c:\windows\system32\vsregexp.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 141824 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 173056 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2010-09-29 22:24 . 2010-06-23 11:51 211456 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2010-09-29 22:25 . 2007-10-11 14:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 434688 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 135680 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2010-09-29 22:25 . 2009-07-13 21:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 126976 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 279040 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 225792 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 368640 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 184832 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 375296 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-09-29 22:24 . 2010-02-08 06:41 595432 c:\windows\system32\ZoneLabs\icslta.dll
+ 2010-09-29 22:25 . 2010-05-04 12:04 284136 c:\windows\system32\ZoneLabs\ffapi.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 169984 c:\windows\system32\ZoneLabs\fbl.dll
+ 2010-09-29 22:25 . 2008-03-17 14:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 110080 c:\windows\system32\vsxml.dll
+ 2010-09-29 22:24 . 2010-06-23 11:51 713728 c:\windows\system32\vsutil.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 302592 c:\windows\system32\vspubapi.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 108032 c:\windows\system32\vsmonapi.dll
+ 2010-09-29 22:24 . 2010-06-23 11:51 228864 c:\windows\system32\vsinit.dll
+ 2010-09-29 22:25 . 2010-05-13 08:02 532224 c:\windows\system32\vsdatant.sys
+ 2010-09-29 22:24 . 2010-06-23 11:51 112128 c:\windows\system32\vsdata.dll
+ 2010-09-29 22:25 . 2010-06-23 11:51 1790464 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2010-09-29 22:25 . 2010-06-23 11:52 2435592 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2010-09-29 22:25 . 2010-06-23 11:51 1536512 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [20.9.2010 3:06 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.9.2010 3:06 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [20.9.2010 3:06 405672]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23.11.2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3.6.2010 18:00 14856]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3.6.2010 17:37 13225]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.6.2010 18:43 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = http://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Avira\AntiVir Desktop\checkt.exe
.
**************************************************************************
.
Celkový čas: 2010-09-30 12:46:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-30 10:46
ComboFix2.txt 2010-09-29 21:24

Před spuštěním: Volných bajtů: 156 731 072 512
Po spuštění: Volných bajtů: 156 735 127 552

- - End Of File - - 379703911A48F179A7A45B009A159542

Internet stale zlobí ... možná bude chyba jinde ještě něco skusím .

[stell]

Takto, mas tam 2x-Firewall-Zone Alarm daj prec
FW: Avira FireWx-.all *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

daj zobrazit skryte subory a zlozky a zmaz zlozku:
c:\documents and settings\HackHell\Data aplikací\FlashGetBHO
Precisti pc TFC:
Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

A potom odskusaj a napis.

[EvilZone]

Avira fw neobsahuje " Avira Antivirus Premium "



Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Premium
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[stell]

Antivirus/Firewall Check:
Avira AntiVir Premium

No nemalo by, ale aj combofix, aj security check, ti tam pise ze mas tam firewall.takze problemy kludne moze sposobovat Firewall.

[EvilZone]

Měl sem předtím zaplacenej celej balíček ( Avira Premium Security Suite ) ale to fw je stejně na nic zbytečně vyhozené peníze možná zustalo nake dll .

[stell]

Aha, takze tam zostalo,>> SecCenter<<

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
SecCenter::
{11638345-E4FC-4BEE-BB73-EC754659C5F6}

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[EvilZone]

ComboFix 10-09-29.04 - HackHell 30.09.2010 13:37:59.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2914 [GMT 2:00]
Spuštěný z: c:\documents and settings\HackHell\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HackHell\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-29 22:25 . 2010-06-23 11:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-09-29 22:25 . 2010-06-23 11:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-09-29 22:25 . 2010-09-29 22:25 -------- d-----w- c:\windows\system32\ZoneLabs
2010-09-29 22:25 . 2010-06-23 11:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-09-29 22:25 . 2010-09-29 22:25 -------- d-----w- c:\program files\Zone Labs
2010-09-29 21:10 . 2010-09-29 21:10 388096 ----a-r- c:\documents and settings\HackHell\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 20:57 . 2010-09-29 20:57 3895888 ----a-w- c:\windows\REGBK03.ZIP
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\rundll16.exe
2010-09-29 20:52 . 2010-09-29 20:52 -------- d---a-w- c:\windows\logo1_.exe
2010-09-20 01:06 . 2010-09-20 01:06 -------- d-----w- c:\program files\Avira
2010-09-20 01:06 . 2010-03-01 08:06 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-20 01:06 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-20 01:06 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-20 01:06 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-20 00:20 . 2009-03-25 09:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 10:30 . 2010-06-03 14:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 22:25 . 2010-06-03 16:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-09-29 21:06 . 2010-06-03 14:49 -------- d-----w- c:\program files\Realtek
2010-09-28 21:55 . 2010-06-30 16:44 -------- d-----w- c:\program files\Trillian
2010-09-23 00:42 . 2010-07-13 08:22 -------- d-----w- c:\program files\UPM
2010-09-12 20:42 . 2010-06-26 01:07 -------- d-----w- c:\program files\CCleaner
2010-08-29 16:31 . 2010-06-03 16:04 -------- d-----w- c:\program files\Xfire
2010-08-20 15:06 . 2010-08-20 15:06 3907208 ----a-w- c:\windows\REGBK02.ZIP
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 00:59 . 2010-06-17 21:08 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-08-13 22:01 . 2010-06-18 18:46 -------- d-----w- c:\program files\AIMP2
2010-08-13 01:36 . 2010-08-13 01:36 2826192 ----a-w- c:\documents and settings\HackHell\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-08-07 19:22 . 2010-08-07 19:21 3920986 ----a-w- c:\windows\REGBK01.ZIP
2010-08-06 16:38 . 2010-08-06 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 20:30 . 2010-08-06 16:48 65536 ----a-w- c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-13 06:44 . 2010-07-13 06:44 3815533 ----a-w- c:\windows\REGBK00.ZIP
2010-07-13 02:53 . 2010-07-13 02:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-13 02:53 . 2010-07-13 02:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-13 02:53 . 2010-07-13 02:53 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-09 19:00 . 2010-07-09 19:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-09-30_10.45.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-30 11:41 . 2010-09-30 11:41 16384 c:\windows\temp\Perflib_Perfdata_41c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [20.9.2010 3:06 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.9.2010 3:06 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [20.9.2010 3:06 405672]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23.11.2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3.6.2010 18:00 14856]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3.6.2010 17:37 13225]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.6.2010 18:43 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\HackHell\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 13:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(844)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
.
**************************************************************************
.
Celkový čas: 2010-09-30 13:44:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-30 11:44
ComboFix2.txt 2010-09-30 10:46
ComboFix3.txt 2010-09-29 21:24

Před spuštěním: Volných bajtů: 156 731 232 256
Po spuštění: Volných bajtů: 156 707 733 504

- - End Of File - - D0574B0D1163348F7F1A0A1B27902175

Tedka jdu na TFC . Ale pořád mám tušení že v pc je naka skrytá mrška , lagy se zmenšujou první byl vypadek 10 sec po naistalovaní ZA 3 sec a tedka na 1-2 sec přestane reagovat net .

[stell]

Ok, daj log z G-mer
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[EvilZone]

Pročištěno TFC . Ráno napíšu jestli je ještě problém s netem .
Ještě chci dát místo ZA comodo protože ta nová verze má bug .
Dík za pomoc...

[stell]

Nedavaj comodo, nakolko treba to vediet nastavit, ak nenastavis tak ako treba ,tak nema zmysel, nainstaluj PCTOOLS-Firewall-bez spyware doctora, odskusaj, a ak budu problemy, tak vloz sem log z G-mer.
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836
Nemas zaco.

[EvilZone]

ok ještě jednou dík , gmer 2 x vytuhnul .. jdu do prace rano udělám log v nouzovém režimu ..

[stell]

ok,

[EvilZone]

Problém vyřešen vypadá to že za všechno mohl FlashGet ( teda nakej jeho pozustatek ) TFC pomohlo dokonce je internet a pc rychlejší než předtím ještě naistaluju PC Tools ...