VIRY.CZ

problém spočíva v tom že pri spustení skype je po chvílke zablokovaný(komunikácia ústna aj textová),pomalé ukončovanie PC alebo žiadne...spustil som Combofix a detekoval Rootkit.To som vykonal asi tri dni po sebe vrátane dneška a vždy ho našiel.Zasielam log lebo neviem presne určiť kde sa skrýva ten rootkit. ďakujem.
Prikladám dva logy 1. je z RSIT a druhý z ComboFixu

1.
info.txt logfile of random's system information tool 1.08 2010-11-16 15:52:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 10 Corporate Edition-->MsiExec.exe /I{F1000000-0001-0000-0000-074957833700}
Acronis True Image WD Edition-->MsiExec.exe /X{A7D5787B-3A91-4433-A753-CFE520671683}
Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak-->msiexec /I {AC76BA86-1029-4770-7760-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Community Help-->msiexec /qb /x {EE531675-A09C-51DD-F356-ECA9D6857039}
Adobe Community Help-->MsiExec.exe /I{EE531675-A09C-51DD-F356-ECA9D6857039}
Adobe Dreamweaver CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}
Adobe Flash Professional CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{CFC9F871-7C40-40B6-BE4A-B98A5B309716}"
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Widget Browser-->msiexec /qb /x {C2F8A93B-52A9-B08F-FDFF-486CEBF89605}
Adobe Widget Browser-->MsiExec.exe /I{C2F8A93B-52A9-B08F-FDFF-486CEBF89605}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Anvil Studio-->C:\WINDOWS\ST5UNST.EXE -n "c:\Program Files\skus\ST5UNST.LOG"
Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Pro Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Balíček ovladače systému Windows - Nokia Modem (03/15/2010 4.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_BB31B421D7FB40A3FBE2494F34F4B4C8BE693DF9\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (03/15/2010 7.01.0.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_2CDEE77690404245452284973153A7CAF1D83847\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cestovné poriadky 2009/2010-->"C:\Documents and Settings\Ferdinand\Data aplikací\Cestovné poriadky\unins000.exe"
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang CZ-->MsiExec.exe /I{FFFE7261-2318-4227-B827-E9E05E16DFE5}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4-->C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX100_TX100 Manuál-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\SVK\USE_G\DOCUNINS.EXE
EPSON SX100 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDE.EXE /R /APD /P:"EPSON SX100 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ffdshow [rev 2975] [2009-05-28]-->"C:\Program Files\Video Convert Master\codec\ffdshow\unins000.exe"
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
intelliScore Ensemble-->C:\Program Files\intelliScore Ensemble\Uninstal.exe
Junior Icon Editor-->C:\Program Files\Junior Icon Editor\uninstall.exe
K-Lite Codec Pack 5.9.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LAME v3.98.3 for Audacity-->"C:\Program Files\Lame For Audacity\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
Nokia PC Suite-->C:\Documents and Settings\All Users\Data aplikací\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_slk_web.exe
Nokia PC Suite-->MsiExec.exe /I{18756A46-652E-4ED4-A029-C4940D59F09B}
O2Micro Flash Memory Card Reader Driver Installer(x86)-->MsiExec.exe /X{78764173-3805-4916-B3CE-B433702B8870}
PC Connectivity Solution-->MsiExec.exe /I{8C91D53E-0C23-4A79-A480-68A443D80100}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PlayFLV-->"C:\Program Files\PlayFLV\uninstall.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime Alternative 2.8.0-->"C:\Program Files\Video Convert Master\codec\quicktime\unins000.exe"
Real Alternative 1.9.0-->"C:\Program Files\Video Convert Master\codec\real\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
RegCure-->C:\Program Files\RegCure\uninst.exe
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
TotalAudioConverter-->"C:\Program Files\TotalAudioConverter\unins000.exe"
Unknown Device Identifier 7.00-->"C:\Program Files\Unknown Device Identifier\unins000.exe"
Unlocker 1.9.0-->C:\Program Files\Unlocker\uninst.exe
Video Convert Master 11.0.10.2010-->"C:\Program Files\Video Convert Master\unins000.exe"
VMware ThinApp-->MsiExec.exe /X{737D3098-67EE-46A8-BC03-7A699E4EA83A}
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-9C-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
WinXP Manager-->MsiExec.exe /I{B64EC0E5-8341-481D-BE23-6B02FC5A953C}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! Antivirus
AS: Spy Emergency (disabled)

======System event log======

Computer Name: FERDO-EV
Event Code: 59
Message: Generate Activation Context pro C:\Program Files\Microsoft Office12_2007\Office12\msohevi.dll se nezdařila.
Referenční chybová zpráva: Operace byla dokončena úspěšně.
.

Record Number: 4054
Source Name: SideBySide
Time Written: 20101101121925.000000+060
Event Type: Chyba
User:

Computer Name: FERDO-EV
Event Code: 59
Message: Resolve Partial Assembly pro Microsoft.VC80.CRT se nezdařila.
Referenční chybová zpráva: Soubor manifestu obsahuje jednu nebo více syntaktických chyb.
.

Record Number: 4053
Source Name: SideBySide
Time Written: 20101101121925.000000+060
Event Type: Chyba
User:

Computer Name: FERDO-EV
Event Code: 33
Message: Spuštění aplikace se nezdařilo z důvodu neplatného manifestu.

Record Number: 4052
Source Name: SideBySide
Time Written: 20101101121925.000000+060
Event Type: Chyba
User:

Computer Name: FERDO-EV
Event Code: 58
Message: Chyba syntaxe v souboru manifestu nebo zásady C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy na řádku 12.

Record Number: 4051
Source Name: SideBySide
Time Written: 20101101121925.000000+060
Event Type: Chyba
User:

Computer Name: FERDO-EV
Event Code: 64
Message: Chyba syntaxe v souboru manifestu nebo zásady C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy na řádku 12.
Manifest kořene nebo aplikace obsahuje prvek noInherit, ale manifest závislé symbolické adresy
neobsahuje neděditelný prvek. Manifesty aplikací obsahující prvek noInherit mohou být závislé pouze
na symbolických adresách, které jsou neděditelné.

Record Number: 4050
Source Name: SideBySide
Time Written: 20101101121925.000000+060
Event Type: Chyba
User:

=====Application event log=====

Computer Name: FERDO-EV
Event Code: 1904
Message:
Record Number: 1783
Source Name: HHCTRL
Time Written: 20101031185522.000000+060
Event Type: Informace
User:

Computer Name: FERDO-EV
Event Code: 1904
Message:
Record Number: 1782
Source Name: HHCTRL
Time Written: 20101031185522.000000+060
Event Type: Informace
User:

Computer Name: FERDO-EV
Event Code: 1904
Message:
Record Number: 1781
Source Name: HHCTRL
Time Written: 20101031185522.000000+060
Event Type: Informace
User:

Computer Name: FERDO-EV
Event Code: 1904
Message:
Record Number: 1780
Source Name: HHCTRL
Time Written: 20101031185522.000000+060
Event Type: Informace
User:

Computer Name: FERDO-EV
Event Code: 1904
Message:
Record Number: 1779
Source Name: HHCTRL
Time Written: 20101031185522.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Acronis\SnapAPI;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

2.
ComboFix 10-11-15.05 - Ferdinand . 11. 2010 12:19:12.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1604 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ferdinand\Plocha\ComboFix.exe
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-16 do 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-13 18:44 . 2008-04-14 07:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2010-11-13 18:44 . 2008-04-14 07:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-11-13 18:44 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-11-13 18:44 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-11-13 18:44 . 2008-04-14 07:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-11-13 18:44 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\program files\Lame For Audacity
2010-11-03 16:46 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-03 16:46 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-11-03 16:46 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-11-01 17:49 . 2010-11-13 16:39 -------- d-----w- C:\movies
2010-11-01 13:21 . 2008-04-14 07:51 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-11-01 13:21 . 2008-04-14 07:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-11-01 13:21 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-11-01 13:21 . 2008-04-14 07:51 9728 ------w- c:\windows\system32\rwnh.dll
2010-11-01 13:21 . 2008-04-14 07:51 10752 ------w- c:\windows\system32\smtpapi.dll
2010-11-01 13:13 . 2006-12-28 23:31 19569 ----a-w- c:\windows\006216_.tmp
2010-11-01 12:53 . 2005-05-04 01:43 69632 ------r- c:\windows\Alcmtr.exe
2010-11-01 11:39 . 2010-11-01 11:46 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-11-01 11:39 . 2008-04-14 07:52 380928 ------w- c:\windows\system32\irprops.cpl
2010-11-01 11:39 . 2008-04-14 07:52 162304 ------w- c:\windows\system32\wuaucpl.cpl
2010-11-01 11:37 . 2010-11-01 13:21 -------- d-----w- c:\windows\ServicePackFiles
2010-11-01 11:36 . 2008-04-14 07:53 146944 ----a-w- c:\windows\system\winspool.drv
2010-11-01 11:32 . 2004-07-17 10:40 19528 ----a-w- c:\windows\002799_.tmp
2010-11-01 11:19 . 2007-02-26 02:36 176128 ----a-r- c:\windows\system32\igfxres.dll
2010-11-01 11:02 . 2010-11-01 11:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft
2010-11-01 10:58 . 2001-10-25 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-11-01 10:57 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-11-01 10:57 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2010-11-01 10:57 . 2001-10-25 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2010-11-01 10:57 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-11-01 10:57 . 2001-10-25 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-11-01 10:57 . 2001-10-25 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-11-01 10:57 . 2001-10-25 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-11-01 10:57 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-11-01 10:57 . 2001-10-25 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-11-01 10:57 . 2001-10-25 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-11-01 10:57 . 2001-10-25 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-11-01 10:51 . 2008-04-14 07:52 294912 ----a-w- c:\program files\Windows Media Player\dlimport.exe
2010-11-01 10:51 . 2008-04-14 07:51 409088 ----a-w- c:\windows\system32\qmgr.dll
2010-11-01 10:51 . 2008-04-14 07:51 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-11-01 10:51 . 2008-04-14 07:52 3558912 ----a-w- c:\program files\Movie Maker\moviemk.exe
2010-11-01 10:49 . 2008-04-14 07:52 70144 ----a-w- c:\windows\system32\access.cpl
2010-11-01 10:48 . 2008-04-14 07:52 36352 ----a-w- c:\windows\system32\wbem\scrcons.exe
2010-11-01 10:46 . 2008-04-13 23:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-11-01 10:45 . 2008-04-13 23:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-11-01 10:44 . 2008-04-14 06:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-11-01 10:42 . 2008-04-14 07:52 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-11-01 10:42 . 2008-04-14 07:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-11-01 10:38 . 2008-04-14 07:53 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-11-01 10:38 . 2008-04-13 23:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-11-01 10:38 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-11-01 10:36 . 2008-04-14 07:51 741376 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2010-11-01 10:36 . 2008-04-13 23:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-11-01 10:36 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-01 10:36 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-01 10:36 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-01 10:36 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-01 10:36 . 2008-04-14 07:52 75264 ----a-w- c:\windows\system32\storprop.dll
2010-11-01 10:36 . 2001-10-25 12:00 13923 ----a-r- c:\windows\SET65.tmp
2010-11-01 10:35 . 2001-10-25 12:00 1085938 ----a-r- c:\windows\SET59.tmp
2010-10-31 20:44 . 2010-10-31 20:45 -------- d-----w- c:\documents and settings\Administrator
2010-10-30 20:24 . 2010-11-12 15:40 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Spy Emergency
2010-10-30 20:24 . 2009-04-21 15:55 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2010-10-30 20:24 . 2009-02-04 16:42 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2010-10-30 20:24 . 2009-02-04 16:42 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2010-10-30 20:24 . 2010-10-30 20:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NETGATE
2010-10-30 20:02 . 2010-10-30 20:22 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\ScanSpyware
2010-10-30 18:56 . 2010-10-30 18:56 -------- d-----w- c:\windows\ie8updates
2010-10-30 12:01 . 2010-10-30 12:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MSN6
2010-10-30 12:01 . 2010-10-30 12:02 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\MSN6
2010-10-29 21:01 . 2010-10-29 21:01 -------- d-----w- c:\program files\Junior Icon Editor
2010-10-24 17:29 . 2010-10-24 17:31 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Anvil Studio
2010-10-24 17:29 . 2002-06-05 23:01 29696 ----a-w- c:\windows\system32\asutl8.dll
2010-10-24 17:29 . 2010-10-24 17:29 -------- d-----w- c:\program files\skus
2010-10-24 17:29 . 2002-01-05 00:18 84992 ----a-w- c:\windows\system32\atl70.dll
2010-10-24 17:24 . 2010-10-24 17:24 -------- d-----w- c:\windows\system32\aspi
2010-10-24 17:24 . 2010-10-24 17:24 -------- d-----w- c:\program files\intelliScore Ensemble
2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\Help
2010-10-24 16:26 . 2010-10-24 17:06 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Music Recognition
2010-10-24 16:11 . 2010-10-24 16:11 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\PackageAware
2010-10-23 12:15 . 2010-10-23 12:15 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-23 12:14 . 2010-10-23 12:14 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-10-23 11:06 . 2010-10-23 12:15 -------- d-----w- c:\program files\Common Files\Real
2010-10-23 11:06 . 2010-10-23 11:06 -------- d-----w- c:\program files\Real
2010-10-23 10:54 . 2010-10-23 10:54 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Softplicity
2010-10-23 10:53 . 2010-10-23 11:53 -------- d-----w- c:\program files\TotalAudioConverter
2010-10-23 10:09 . 2010-10-30 17:45 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-10-23 09:41 . 2010-10-23 09:41 -------- d-----w- c:\program files\Power Video Converter
2010-10-23 09:35 . 2010-10-23 09:35 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-23 09:35 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-10-23 09:33 . 2010-10-23 09:33 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\DVDCreator
2010-10-22 22:47 . 2010-10-22 22:47 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Xi
2010-10-22 22:27 . 2010-10-22 22:32 1986560 ----a-w- c:\windows\system32\akll.dll
2010-10-22 22:27 . 2010-10-22 22:32 196608 ----a-w- c:\windows\system32\maag.dll
2010-10-22 22:27 . 2010-10-22 22:32 1245184 ----a-w- c:\windows\system32\bkll.dll
2010-10-22 22:27 . 2010-10-22 22:32 1212416 ----a-w- c:\windows\system32\ckll.dll
2010-10-22 22:27 . 2010-10-22 22:32 90112 ----a-w- c:\windows\system32\agsaami.dll
2010-10-22 22:27 . 2010-10-22 22:32 610304 ----a-w- c:\windows\system32\agsaamg.dll
2010-10-22 22:27 . 2010-10-22 22:32 372736 ----a-w- c:\windows\system32\agsaamc.dll
2010-10-22 22:27 . 2010-10-22 22:32 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2010-10-22 22:27 . 2010-10-22 22:27 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-10-22 22:26 . 2006-07-28 23:22 51712 ----a-w- c:\windows\system32\coodest.dll
2010-10-22 22:26 . 2010-10-22 22:26 -------- d-----w- c:\windows\system32\RMBin
2010-10-22 22:26 . 2002-01-05 09:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-10-22 22:26 . 2002-01-05 03:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-10-22 22:26 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-10-22 21:53 . 2010-11-13 16:36 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Audacity
2010-10-22 21:53 . 2010-10-22 21:53 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-10-22 21:52 . 2010-10-22 21:52 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 21:48 . 2010-09-20 17:28 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2010-09-20 17:28 . 2010-09-20 17:28 8 --sh--r- c:\documents and settings\All Users\Data aplikací\A0D3AF5725.sys
2010-09-19 20:27 . 2010-09-19 20:27 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-19 20:27 . 2010-09-19 20:27 170272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-19 20:16 . 2010-09-19 20:16 315392 ----a-w- c:\windows\HideWin.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-23 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office12_2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS5\\Dreamweaver.exe"=
"c:\\Program Files\\Video Convert Master\\codec\\real\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Ferdinand\\Plocha\\Ďaľšie Programy\\Komunikačné\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [19.9.2010 21:21 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [19.9.2010 21:21 35712]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [30.10.2010 21:24 12344]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [19.12.2009 0:06 814344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe --> c:\program files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [25.9.2010 8:26 19034]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [30.10.2010 21:24 18232]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [30.10.2010 21:24 14392]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 10:45]

2010-09-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 10:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 12:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'lsass.exe'(956)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.
Celkový čas: 2010-11-16 12:28:20
ComboFix-quarantined-files.txt 2010-11-16 11:28
ComboFix2.txt 2010-11-16 08:15
ComboFix3.txt 2010-11-14 22:26

Před spuštěním: Volných bajtů: 26 921 304 064
Po spuštění: Volných bajtů: 26 917 187 584

- - End Of File - - 9409755AC7D2099D7772F2C515F8A995

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\006216_.tmp
c:\windows\002799_.tmp
c:\windows\SET65.tmp
c:\windows\SET59.tmp

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Soubory, které CF nyní smaže, mohou být zbytečnosti, ale také je mohl vytvořit virus. Samy o sobě viry nejsou. V kyždém případě se ze systému oídstraňují. Co se týká rootkitu, ať ty logy čtu shora dolů, či opačně, nikde žádný nevidím.

urobil som ako si mi kázal a v zápätí sa spustil Combofix a znova vypísal:" Rootkit!!! Combofix detekoval prítomnosť aktivity rootkitu a vyžaduje reštart počítaču". pro reštarte prebiehali testy a potom vypísal: " podrobenie vzorky ďalšej analýze" Combof. potrebuje podrobiť vzorky ďalšej analýze. Prosím uistite sa že ste pripojenýk Internetu než kliknete na OK. Samozrejme že sa nepripojil lebo bol spustený pred načítaním pracovnej plochy a tak po OK vypísal:"Web serv sa zdá dočasne nedostup.Combof vytvoril zasielací formulár v umiestnení *C:\CF-Submit.htm. prosím použite ho k nahrávaniu vzorky neskôr. Tak čo teraz? Ako ten dokument .htm odošlem? tu je log čo vytvoril:

ComboFix 10-11-15.05 - Ferdinand . 11. 2010 19:56:08.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1596 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ferdinand\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ferdinand\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}

file zipped: c:\windows\002799_.tmp
file zipped: c:\windows\006216_.tmp
file zipped: c:\windows\SET59.tmp
file zipped: c:\windows\SET65.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\002799_.tmp
c:\windows\006216_.tmp
c:\windows\SET59.tmp
c:\windows\SET65.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-16 do 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 14:52 . 2010-11-16 14:52 -------- d-----w- c:\program files\trend micro
2010-11-16 14:52 . 2010-11-16 14:52 -------- d-----w- C:\rsit
2010-11-16 12:05 . 2010-09-07 15:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-11-16 11:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-16 11:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-16 11:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-16 11:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-16 11:34 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-16 11:34 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-16 11:34 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-16 11:33 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-16 11:33 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-13 18:44 . 2008-04-14 07:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2010-11-13 18:44 . 2008-04-14 07:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-11-13 18:44 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-11-13 18:44 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-11-13 18:44 . 2008-04-14 07:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-11-13 18:44 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\program files\Lame For Audacity
2010-11-03 16:46 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-03 16:46 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-11-03 16:46 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-11-01 17:49 . 2010-11-13 16:39 -------- d-----w- C:\movies
2010-11-01 13:21 . 2008-04-14 07:51 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-11-01 13:21 . 2008-04-14 07:49 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-11-01 13:21 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-11-01 13:21 . 2008-04-14 07:51 9728 ------w- c:\windows\system32\rwnh.dll
2010-11-01 13:21 . 2008-04-14 07:51 10752 ------w- c:\windows\system32\smtpapi.dll
2010-11-01 12:53 . 2005-05-04 01:43 69632 ------r- c:\windows\Alcmtr.exe
2010-11-01 11:39 . 2010-11-01 11:46 -------- d-----w- c:\windows\system32\wbem\Repository.001
2010-11-01 11:39 . 2008-04-14 07:52 380928 ------w- c:\windows\system32\irprops.cpl
2010-11-01 11:39 . 2008-04-14 07:52 162304 ------w- c:\windows\system32\wuaucpl.cpl
2010-11-01 11:37 . 2010-11-01 13:21 -------- d-----w- c:\windows\ServicePackFiles
2010-11-01 11:36 . 2008-04-14 07:53 146944 ----a-w- c:\windows\system\winspool.drv
2010-11-01 11:19 . 2007-02-26 02:36 176128 ----a-r- c:\windows\system32\igfxres.dll
2010-11-01 11:02 . 2010-11-01 11:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft
2010-11-01 10:58 . 2001-10-25 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-11-01 10:57 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-11-01 10:57 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2010-11-01 10:57 . 2001-10-25 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2010-11-01 10:57 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-11-01 10:57 . 2001-10-25 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-11-01 10:57 . 2001-10-25 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-11-01 10:57 . 2001-10-25 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-11-01 10:57 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-11-01 10:57 . 2001-10-25 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-11-01 10:57 . 2001-10-25 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-11-01 10:57 . 2001-10-25 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-11-01 10:51 . 2008-04-14 07:52 294912 ----a-w- c:\program files\Windows Media Player\dlimport.exe
2010-11-01 10:51 . 2008-04-14 07:51 409088 ----a-w- c:\windows\system32\qmgr.dll
2010-11-01 10:51 . 2008-04-14 07:51 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-11-01 10:51 . 2008-04-14 07:52 3558912 ----a-w- c:\program files\Movie Maker\moviemk.exe
2010-11-01 10:49 . 2008-04-14 07:52 70144 ----a-w- c:\windows\system32\access.cpl
2010-11-01 10:48 . 2008-04-14 07:52 36352 ----a-w- c:\windows\system32\wbem\scrcons.exe
2010-11-01 10:46 . 2008-04-13 23:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-11-01 10:45 . 2008-04-13 23:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-11-01 10:44 . 2008-04-14 06:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-11-01 10:42 . 2008-04-14 07:52 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-11-01 10:42 . 2008-04-14 07:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-11-01 10:38 . 2008-04-14 07:53 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-11-01 10:38 . 2008-04-13 23:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-11-01 10:38 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-11-01 10:36 . 2008-04-14 07:51 741376 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2010-11-01 10:36 . 2008-04-13 23:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-11-01 10:36 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-01 10:36 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-01 10:36 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-01 10:36 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-01 10:36 . 2008-04-14 07:52 75264 ----a-w- c:\windows\system32\storprop.dll
2010-10-31 20:44 . 2010-10-31 20:45 -------- d-----w- c:\documents and settings\Administrator
2010-10-30 20:24 . 2010-11-12 15:40 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Spy Emergency
2010-10-30 20:24 . 2009-04-21 15:55 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2010-10-30 20:24 . 2009-02-04 16:42 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2010-10-30 20:24 . 2009-02-04 16:42 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2010-10-30 20:24 . 2010-10-30 20:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NETGATE
2010-10-30 20:02 . 2010-10-30 20:22 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\ScanSpyware
2010-10-30 18:56 . 2010-10-30 18:56 -------- d-----w- c:\windows\ie8updates
2010-10-30 12:01 . 2010-10-30 12:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MSN6
2010-10-30 12:01 . 2010-10-30 12:02 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\MSN6
2010-10-29 21:01 . 2010-10-29 21:01 -------- d-----w- c:\program files\Junior Icon Editor
2010-10-24 17:29 . 2010-10-24 17:31 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Anvil Studio
2010-10-24 17:29 . 2002-06-05 23:01 29696 ----a-w- c:\windows\system32\asutl8.dll
2010-10-24 17:29 . 2010-10-24 17:29 -------- d-----w- c:\program files\skus
2010-10-24 17:29 . 2002-01-05 00:18 84992 ----a-w- c:\windows\system32\atl70.dll
2010-10-24 17:24 . 2010-10-24 17:24 -------- d-----w- c:\windows\system32\aspi
2010-10-24 17:24 . 2010-10-24 17:24 -------- d-----w- c:\program files\intelliScore Ensemble
2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\Help
2010-10-24 16:26 . 2010-10-24 17:06 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Music Recognition
2010-10-24 16:11 . 2010-10-24 16:11 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\PackageAware
2010-10-23 12:15 . 2010-10-23 12:15 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-23 12:14 . 2010-10-23 12:14 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-10-23 11:06 . 2010-10-23 12:15 -------- d-----w- c:\program files\Common Files\Real
2010-10-23 11:06 . 2010-10-23 11:06 -------- d-----w- c:\program files\Real
2010-10-23 10:54 . 2010-10-23 10:54 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Softplicity
2010-10-23 10:53 . 2010-10-23 11:53 -------- d-----w- c:\program files\TotalAudioConverter
2010-10-23 10:09 . 2010-10-30 17:45 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-10-23 09:41 . 2010-10-23 09:41 -------- d-----w- c:\program files\Power Video Converter
2010-10-23 09:35 . 2010-10-23 09:35 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-23 09:35 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-10-23 09:33 . 2010-10-23 09:33 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\DVDCreator
2010-10-22 22:47 . 2010-10-22 22:47 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Xi
2010-10-22 22:27 . 2010-10-22 22:32 1986560 ----a-w- c:\windows\system32\akll.dll
2010-10-22 22:27 . 2010-10-22 22:32 196608 ----a-w- c:\windows\system32\maag.dll
2010-10-22 22:27 . 2010-10-22 22:32 1245184 ----a-w- c:\windows\system32\bkll.dll
2010-10-22 22:27 . 2010-10-22 22:32 1212416 ----a-w- c:\windows\system32\ckll.dll
2010-10-22 22:27 . 2010-10-22 22:32 90112 ----a-w- c:\windows\system32\agsaami.dll
2010-10-22 22:27 . 2010-10-22 22:32 610304 ----a-w- c:\windows\system32\agsaamg.dll
2010-10-22 22:27 . 2010-10-22 22:32 372736 ----a-w- c:\windows\system32\agsaamc.dll
2010-10-22 22:27 . 2010-10-22 22:32 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2010-10-22 22:27 . 2010-10-22 22:27 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-10-22 22:26 . 2006-07-28 23:22 51712 ----a-w- c:\windows\system32\coodest.dll
2010-10-22 22:26 . 2010-10-22 22:26 -------- d-----w- c:\windows\system32\RMBin
2010-10-22 22:26 . 2002-01-05 09:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-10-22 22:26 . 2002-01-05 03:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-10-22 22:26 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-10-22 21:53 . 2010-11-13 16:36 -------- d-----w- c:\documents and settings\Ferdinand\Data aplikací\Audacity
2010-10-22 21:53 . 2010-10-22 21:53 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-10-22 21:52 . 2010-10-22 21:52 -------- d-----w- c:\documents and settings\Ferdinand\Local Settings\Data aplikací\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 21:48 . 2010-09-20 17:28 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2010-09-20 17:28 . 2010-09-20 17:28 8 --sh--r- c:\documents and settings\All Users\Data aplikací\A0D3AF5725.sys
2010-09-19 20:27 . 2010-09-19 20:27 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-19 20:27 . 2010-09-19 20:27 170272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-19 20:16 . 2010-09-19 20:16 315392 ----a-w- c:\windows\HideWin.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-23 185896]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office12_2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS5\\Dreamweaver.exe"=
"c:\\Program Files\\Video Convert Master\\codec\\real\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Ferdinand\\Plocha\\Ďaľšie Programy\\Komunikačné\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [19.9.2010 21:21 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [19.9.2010 21:21 35712]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.11.2010 13:05 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2010 12:34 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [30.10.2010 21:24 12344]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [19.12.2009 0:06 814344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2010 12:34 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe --> c:\program files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [25.9.2010 8:26 19034]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [30.10.2010 21:24 18232]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [30.10.2010 21:24 14392]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 10:45]

2010-09-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 10:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 20:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Ferdinand\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'lsass.exe'(984)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.
Celkový čas: 2010-11-16 20:06:41
ComboFix-quarantined-files.txt 2010-11-16 19:06
ComboFix2.txt 2010-11-16 11:28
ComboFix3.txt 2010-11-16 08:15
ComboFix4.txt 2010-11-14 22:26

Před spuštěním: Volných bajtů: 24 722 841 600
Po spuštění: Volných bajtů: 24 719 998 976

- - End Of File - - F76422C762B0A670585CEB09AE8C0227

v tom súbore CF-Submit.htm je po otvorení napísané: Zkopírujte/Vložte cestu k souboru uvedenou níže do okna nahoře a klikněte na Send.

File path ---> C:\Qoobox\Quarantine\[4]-Submit_2010-11-16_19.55.58.zip
tak som to odoslal...

otvorilo sa mi okno http://www.bleepingcomputer.com/pf.php
a neviem čo ďalej nie som tu nikde registrovaný.. a našiel som tu v riadku napísané: Malware Submission: Your file was successfully submitted. Please let the user helping you know that you have submitted the file. Tak že teraz z toho nič neviem je to v poriadku alebo nie?... a ktorý to vlastne súbor odoslal?

Celou složku Quoobox klidně smažte. Je to záloha ComboFixu.

nejde zmazať tú zložku conbofixu vypisuje mi BackEnv nemožno odstrániť prístup zamietnutý

Zkuste použít Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:

Folders to delete:
C:\Quoobox.

urobil som ako ste kázali a zrazu čítam log a tam že failed pozerám a zbadal som totiž to ten priečinok má názov Qoobox takže ak prepíšem v tom skripte na Qoobox bude to už dobre.

nepomohlo ani to nedokáže ho zmazať. A pri tom ten názov je ako som napísal. Je to aj vyššie v správe uvedené.Tu je jeho terajší log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: folder "C:\Qoobox." not found!
Deletion of folder "C:\Qoobox." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Zkuste ještě Start>spustit>(napsat) combofix /uninstall>OK. CF se odinstaluje a pak by měla jít ta složka smazat.

žial vypisuje nepozná cestu a ani tu ten Combofix nevidím (je tu len to Qoobox ale ak som dal zobraziť skryté a aj systémové zložky je tu niečo na c..cmdcons čo to je?

Zkuste to smazat v nouz. režimu. Tahle složka by neměla dělat takovéhle problémy.

skúsil som to v núdzovom ale nič tak som otvoril priečinok a vymazal všetko ale okrem BackEnv čo mi nedovolí ani zmazať ani prepísať ako by to nejaký proces využíval.

Nabootujte z instal. CD a vstupte do konzole pro zotavení. Do příkazového řádku napište postupně:

cd c:\
(stiskněte enter)

del c:\Qoobox
(stiskněte Enter)

exit
(stiskněte enter)

Případně přesnou cestu k tomu adresáři. PC se restartujte a složka by měla být pryč.

VIRY.CZ

prosím o kontrolu logu-Rootkit

prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit

Re: prosím o kontrolu logu-Rootkit