Avast mi nasel win32/malware gen a nemuzu se ho zbavit

[Gimplak]

dobry den
vcera sem zjistil ze mam ve spravci uloh porad zaplejch asi 60 procesu tak sem zapnul avast a ten nasel win32/malware gen tak sem ho dal do truhly ale ty procesy tam jsou porad.prosim o radu jak bych se toho mohl zbavit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:05, on 13.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Kroutil\Plocha\Nová složka\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BearShareMediaBar BHO - {E49CE891-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\2.bin\BEARSMBR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BearShare Media Bar - {E49CE899-CD83-4841-8CC9-6E284D7978D0} - C:\Program Files\BearShare Applications\MediaBar\2.bin\BEARSMBR.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Služba Google Update (gupdate1c9dd6e1995a577) (gupdate1c9dd6e1995a577) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 14005 bytes

[earl]

Zdravim,

Odinstalujte BearShare a AVG Antispyware-mate Spyware Terminator.

Doinstalujte osobni firewall - vybrat muzete v sekci Firewally ,napr. Kerio Sunbelt,Zone Alarm,Comodo...

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[Gimplak]

tak tady je to z toho combofixu

ComboFix 09-10-12.03 - Kroutil 13.10.2009 21:51.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kroutil\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\Kroutil\Dokumenty\cc_20091013_204944.reg
c:\documents and settings\Kroutil\Dokumenty\ZbThumbnail.info
c:\windows\Installer\2f40ac5.msp
c:\windows\Installer\4570d0.msp
c:\windows\system32\ieuinit.inf
c:\windows\system32\pfxzmtsmtspm.dll
c:\windows\system32\pfxzmtwbmail.dll
c:\windows\system32\sfxzmtsmtspm.dll
c:\windows\system32\sfxzmtwbmail.dll
c:\windows\system32\tmp21.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINCOM32


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-13 do 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 19:08 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-10-13 19:08 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-10-13 17:20 . 2009-10-13 17:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 19:30 . 2009-09-21 19:31 -------- d-----w- c:\program files\Ask.com
2009-09-21 19:29 . 2009-09-21 19:31 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 20:04 . 2006-11-20 14:45 -------- d-----w- c:\program files\Realtek AC97
2009-09-22 13:07 . 2008-11-27 21:20 -------- d-----w- c:\program files\Metin2_TESTER
2009-09-11 07:16 . 2008-12-30 17:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-02 17:14 . 2006-12-31 17:30 -------- d-----w- c:\program files\EA GAMES
2009-09-02 12:51 . 2009-01-11 19:28 -------- d-----w- c:\program files\SweetIM
2009-08-24 10:17 . 2006-03-02 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2009-08-24 10:17 . 2006-03-02 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2009-08-24 10:12 . 2009-08-24 10:12 -------- d-----w- c:\program files\MSBuild
2009-08-24 10:12 . 2009-08-24 10:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2006-12-05 10:22 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-12-05 10:22 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-12-05 10:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-27 16:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-27 16:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-12-05 10:22 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-12-05 10:22 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-12-05 10:22 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2006-12-05 10:22 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 03:23 . 2009-01-01 02:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2007-01-22 13:40 . 2007-01-22 13:40 123392 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-22 157696]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kroutil\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Kroutil\\Plocha\\HRY\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Kroutil\\Plocha\\HRY\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\Kroutil\\Plocha\\HRY\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Documents and Settings\\Kroutil\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.4.2008 18:03 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [20.11.2006 16:41 13696]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [13.10.2009 21:08 270888]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/26 14:01];c:\program files\CyberLink\PowerDVD9\000.fcl [30.3.2009 17:53 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.4.2008 18:03 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.6.2008 18:49 222456]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [13.10.2009 21:08 65576]
S2 gupdate1c9dd6e1995a577;Služba Google Update (gupdate1c9dd6e1995a577);c:\program files\Google\Update\GoogleUpdate.exe [25.5.2009 21:22 133104]
S2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" --> c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8.7.2009 18:41 16384]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8.7.2009 18:41 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [8.7.2009 18:41 9856]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [7.9.2005 16:42 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [7.9.2005 16:42 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [7.9.2005 16:43 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [7.9.2005 16:43 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [7.9.2005 16:43 82864]
.
Obsah adresáře 'Naplánované úlohy'

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 19:21]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 19:21]

2009-10-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Search - ?p=ZJfox000
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Kroutil\Data aplikací\Mozilla\Firefox\Profiles\c83i06wy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBerSMB.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{E49CE891-CD83-4841-8CC9-6E284D7978D0} - c:\program files\BearShare Applications\MediaBar\2.bin\BEARSMBR.DLL
Toolbar-{E49CE899-CD83-4841-8CC9-6E284D7978D0} - c:\program files\BearShare Applications\MediaBar\2.bin\BEARSMBR.DLL
WebBrowser-{E49CE899-CD83-4841-8CC9-6E284D7978D0} - c:\program files\BearShare Applications\MediaBar\2.bin\BEARSMBR.DLL
HKU-Default-Run-adirka - c:\windows\system32\adirka.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-Counter-Strike: Source Texture Pack 1.00 - c:\program files\Counter-Strike Source\Uninstall.exe
AddRemove-Counter-Strike:Source čestina - c:\program files\Counter-Strike Source\csscz_odinstalovat.exe
AddRemove-Crayon Physics Deluxe_is1 - c:\program files\Crayon Physics Deluxe\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 21:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\ru394lbb.TMP 616448 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1993962763-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:f2,7b,a4,b6,d2,c3,95,03,02,fa,f8,09,df,a2,cd,99,63,f1,a7,a2,c5,
a9,13,c1,e8,98,67,22,74,22,a8,25,fe,11,4e,01,e5,9c,11,d7,b3,72,b3,b4,72,67,\
"rkeysecu"=hex:9c,4b,ab,f1,dc,13,f6,67,b9,05,cd,1c,29,46,8e,89
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1264)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-10-13 21:58
ComboFix-quarantined-files.txt 2009-10-13 19:57

Před spuštěním: Volných bajtů: 20 639 526 912
Po spuštění: Volných bajtů: 20 606 443 520

249 --- E O F --- 2009-10-13 09:27

[earl]

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

KillAll::
File::
c:\windows\TEMP\ru394lbb.TMP
Folder::
c:\program files\BearShare Applications
c:\program files\Ask.com
Rootkit::
c:\windows\TEMP\ru394lbb.TMP
AtJob::
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

[Gimplak]

tak tady to je

ComboFix 09-10-12.03 - Kroutil 14.10.2009 18:54:52.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.457 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Kroutil\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Kroutil\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091013-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\TEMP\ru394lbb.TMP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-14 do 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-13 19:08:22 . 2008-10-31 05:09:06 270888 ----a-r- C:\WINDOWS\system32\drivers\SbFw.sys
2009-10-13 19:08:22 . 2008-06-21 02:54:54 65576 ----a-w- C:\WINDOWS\system32\drivers\SbFwIm.sys
2009-10-13 17:20:21 . 2009-10-13 17:20:32 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-21 19:29:43 . 2009-09-21 19:31:00 0 d-----w- C:\Program Files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 20:04:07 . 2006-11-20 14:45:31 0 d-----w- C:\Program Files\Realtek AC97
2009-09-22 13:07:19 . 2008-11-27 21:20:38 0 d-----w- C:\Program Files\Metin2_TESTER
2009-09-11 07:16:16 . 2008-12-30 17:48:09 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-02 17:14:37 . 2006-12-31 17:30:25 0 d-----w- C:\Program Files\EA GAMES
2009-09-02 12:51:23 . 2009-01-11 19:28:27 0 d-----w- C:\Program Files\SweetIM
2009-08-24 10:17:02 . 2006-03-02 12:00:00 83652 ----a-w- C:\WINDOWS\system32\perfc005.dat
2009-08-24 10:17:02 . 2006-03-02 12:00:00 440316 ----a-w- C:\WINDOWS\system32\perfh005.dat
2009-08-24 10:12:51 . 2009-08-24 10:12:51 0 d-----w- C:\Program Files\MSBuild
2009-08-24 10:12:39 . 2009-08-24 10:12:39 0 d-----w- C:\Program Files\Reference Assemblies
2009-08-17 16:10:20 . 2006-12-05 10:22:21 1279456 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-08-17 16:06:54 . 2006-12-05 10:22:24 93392 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-08-17 16:06:43 . 2006-12-05 10:22:24 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2009-08-17 16:05:52 . 2008-04-27 16:03:05 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-08-17 16:05:37 . 2008-04-27 16:03:05 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-08-17 16:04:40 . 2006-12-05 10:22:25 51376 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-08-17 16:04:29 . 2006-12-05 10:22:25 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-08-17 16:03:21 . 2006-12-05 10:22:25 26944 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-08-17 16:02:50 . 2006-12-05 10:22:21 97480 ----a-w- C:\WINDOWS\system32\AVASTSS.scr
2009-08-05 09:01:14 . 2006-03-02 12:00:00 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-25 03:23:00 . 2009-01-01 02:48:50 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-07-17 19:04:02 . 2006-03-02 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2007-01-22 13:40:08 . 2007-01-22 13:40:10 123392 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.

[earl]

Log neni cely.

[Gimplak]

to je divny me to nic jinyho neukazalo

[earl]

log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.),

[Gimplak]

tam je to samy

[earl]

Tak jinak.

Stahnete GMER , rozbalte a spustte
probehne sken, po jehoz ukonceni na vas vyskoci vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem .

Pouzijte MBAM -instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

[Gimplak]

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-14 19:39:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Kroutil\LOCALS~1\Temp\kgqirfob.sys


---- System - GMER 1.0.15 ----

SSDT spxe.sys ZwEnumerateKey [0xF73FCCA2]
SSDT spxe.sys ZwEnumerateValueKey [0xF73FD030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD91F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[earl]

Ok,druhy GMER log + MBAM log.

Jeste me napadlo,aplikovat ten skript pro ComboFix jeste jednou.

[Gimplak]

ted delam ten druhej GMER a uz to jede pres 20 minut
mam to teda skusit jeste jednou combofixem?

[earl]

Ted urcite ne.

Az dojede GMER-log vlozte a pote aplikujte ten skript pro ComboFix.

MBAM zatim nechame na pokoji.

[Gimplak]

neni divny ze de ten GAMER uz hodinu?