VIRY.CZ

Dobry den,pouzil som Combofix,a naslo mi virus ci co to je,neviem co dalej.Viem ze som ho nemal pouzit bez doporuceni radce.Prosim o pomoc co dalej./////////////////////ComboFix 11-10-30.03 - Administrator 31.10.2011 15:34:12.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.249 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 14:21 . 2011-10-31 14:21 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Avira
2011-10-31 14:15 . 2011-10-19 15:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-31 14:15 . 2011-10-19 15:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-31 14:15 . 2011-10-19 15:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-31 14:14 . 2011-10-31 14:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\VDLL.DLL
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\system32\runouce.exe
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\rundll16.exe
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\logo1_.exe
2011-10-30 23:18 . 2011-10-30 23:18 -------- d---a-w- c:\windows\logo_1.exe
2011-10-30 23:12 . 2011-10-30 23:12 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-10-30 23:12 . 2011-10-30 23:12 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-10-30 23:12 . 2011-10-30 23:12 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-10-30 23:12 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\TASKMGR.COM
2011-10-30 23:12 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-10-30 23:12 . 2008-04-14 03:22 147968 ----a-w- c:\windows\REGEDIT.COM
2011-10-30 23:12 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-10-30 23:12 . 2011-10-30 23:12 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-10-30 23:12 . 2011-10-30 23:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-10-30 06:11 . 2011-10-30 07:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2011-10-30 05:48 . 2011-03-18 00:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-10-30 05:48 . 2011-03-18 00:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-10-30 05:48 . 2011-10-30 05:48 -------- d-----w- c:\windows\system32\ZoneLabs
2011-10-30 05:48 . 2011-03-18 00:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-10-30 05:21 . 2011-10-30 05:21 6526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-29 20:05 . 2011-10-31 14:33 -------- d-----w- c:\windows\Internet Logs
2011-10-29 19:31 . 2011-10-29 19:31 -------- d-----w- c:\program files\Windows Sidebar
2011-10-29 19:31 . 2011-10-30 05:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-26 07:41 . 2011-10-30 12:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-10-26 06:10 . 2011-10-26 07:23 -------- d-----w- c:\program files\Google
2011-10-25 15:47 . 2011-10-25 15:47 -------- d-----w- c:\program files\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 23:21 . 2011-10-30 23:18 5777519 ----a-w- c:\windows\REGBK00.ZIP
2011-10-24 21:37 . 2011-05-30 11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-12 12:50 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-22 23:41 . 2002-09-20 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2002-09-20 18:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2002-09-20 18:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-07-07 14:42 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-08-29 02:01 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\firewally\ZoneAlarm\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"avgnt"="d:\antiviry\Avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0ssbtsr\0\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 07:09 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
"!SASCORE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
"wuauserv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\My Download Files\\Subory\\Skype\\Phone\\Skype.exe"=
"d:\\My Download Files\\Subory\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [31.10.2011 15:15 36000]
R2 AntiVirSchedulerService;Avira Scheduler;d:\antiviry\Avira antivir\Avira\AntiVir Desktop\sched.exe [31.10.2011 15:15 86224]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 9:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 13:03 84704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 17:34 34608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 11:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 15:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 17:00 77824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\PandaUSBVaccine.job
- e:\panda\Panda USB Vaccine\RunInteractiveWin.exe [2011-04-13 14:45]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CLPSLS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 15:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,b7,0d,55,62,69,4c,b3,c9,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jakknfcnnjkcgajdennp"=hex:61,61,00,00
"kakknfcnpibefgiikiapla"=hex:61,61,00,00
"fakknfcncjhc"=hex:66,61,6e,62,63,66,70,64,65,70,70,62,00,9d
.
[HKEY_LOCAL_MACHINE\software\AVAST Software]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2632)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-31 15:49:13
ComboFix-quarantined-files.txt 2011-10-31 14:49
.
Pre-Run: 625 500 160
Post-Run: 704 864 256
.
- - End Of File - - 112B161B8328DA8A8CB08FF2634067CD

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08ED0636-64FD-61D9-364E-9A9BBB53EE63}*]

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Když víte, že jste ho neměl použít samostatně, proč to děláte? Takto si koledujete o shoizení systému.

Bol to virus?////ComboFix 11-10-30.04 - Administrator 31.10.2011 19:33:31.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.316 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt..txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 14:21 . 2011-10-31 14:21 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Avira
2011-10-31 14:15 . 2011-10-19 15:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-31 14:15 . 2011-10-19 15:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-31 14:15 . 2011-10-19 15:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-31 14:14 . 2011-10-31 14:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2011-10-30 06:11 . 2011-10-30 07:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2011-10-30 05:48 . 2011-03-18 00:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-10-30 05:48 . 2011-03-18 00:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-10-30 05:48 . 2011-10-30 05:48 -------- d-----w- c:\windows\system32\ZoneLabs
2011-10-30 05:48 . 2011-03-18 00:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-10-29 20:05 . 2011-10-31 18:52 -------- d-----w- c:\windows\Internet Logs
2011-10-29 19:31 . 2011-10-29 19:31 -------- d-----w- c:\program files\Windows Sidebar
2011-10-29 19:31 . 2011-10-30 05:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-26 07:41 . 2011-10-30 12:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Opera
2011-10-26 06:10 . 2011-10-26 07:23 -------- d-----w- c:\program files\Google
2011-10-25 15:47 . 2011-10-25 15:47 -------- d-----w- c:\program files\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 23:21 . 2011-10-30 23:18 5777519 ----a-w- c:\windows\REGBK00.ZIP
2011-10-24 21:37 . 2011-05-30 11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-12 12:50 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-22 23:41 . 2002-09-20 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2002-09-20 18:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:41 . 2002-09-20 18:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-07-07 14:42 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-08-29 02:01 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\firewally\ZoneAlarm\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"avgnt"="d:\antiviry\Avira antivir\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0ssbtsr\0\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 07:09 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"sp_rssrv"=2 (0x2)
"cmdAgent"=2 (0x2)
"!SASCORE"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Bonjour Service"=2 (0x2)
"wuauserv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\My Download Files\\Subory\\Skype\\Phone\\Skype.exe"=
"d:\\My Download Files\\Subory\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [31.10.2011 15:15 36000]
R2 AntiVirSchedulerService;Avira Scheduler;d:\antiviry\Avira antivir\Avira\AntiVir Desktop\sched.exe [31.10.2011 15:15 86224]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 9:26 508288]
R3 S3SAVAGE4;S3SAVAGE4;c:\windows\system32\drivers\s3savg4m.sys [10.8.2000 13:03 84704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 17:34 34608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.5.2011 11:55 32377]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12.6.2011 15:08 27064]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 17:00 77824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\PandaUSBVaccine.job
- e:\panda\Panda USB Vaccine\RunInteractiveWin.exe [2011-04-13 14:45]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.100.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-31 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,58,b7,0d,55,62,69,4c,b3,c9,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,22,01,3a,f3,8c,ea,4d,8d,d2,45,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
.
[HKEY_LOCAL_MACHINE\software\AVAST Software]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-31 20:02:56
ComboFix-quarantined-files.txt 2011-10-31 19:02
.
Pre-Run: 668 512 256
Post-Run: 594 665 472
.
- - End Of File - - D38837D41EF2A597BCC7CC2E72C53177

Log již vypadá čistý. Co se týká mazání CF, při 1. skenu smazal složku a jeden driver, přes skript pak zamčený klíč, který nebyl legitimní.

Dakujem velmi pekne.

Nemáte zač!

VIRY.CZ

Combofix

Combofix

Re: Combofix

Re: Combofix

Re: Combofix

Re: Combofix

Re: Combofix