VIRY.CZ

Dobry den,

vcera mi pri spusteni flash avast nahlasil virus VBS:Malware-gen. I kdyz se tvaril, ze jej zachytil, kdyz jsem dnes rano spustil pocitac, nefunguje mi pripojeni k internetu; nefunguje ani automaticke ani rucni nastaveni konfigurace. Prosim o radu. Zde je log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jiří Chvátal at 2010-02-16 10:05:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 478 MB (38% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-01-24 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2005-11-21 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2009-03-08 73728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Levelone Wireless Utility.lnk - C:\Program Files\LevelOne\Common\RaUI.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Status Display.lnk - C:\Program Files\Panasonic\Panasonic KX-P7105 and KX-P7110\Status display\stmndsp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\hppapd.exe"="D:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"D:\setup\hppSetBOD.exe"="D:\setup\hppSetBOD.exe:*:Enabled:hppsetbod.exe"
"D:\setup\HPPNAC01.EXE"="D:\setup\HPPNAC01.EXE:*:Enabled:hppnac01.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Flashget\flashget.exe"="C:\Program Files\Flashget\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Norton 360\MAINSTUB.EXE"="C:\Program Files\Norton 360\MAINSTUB.EXE:*:Enabled:Norton 360"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Jiří Chvátal\Plocha\skript.bat"="C:\Documents and Settings\Jiří Chvátal\Plocha\skript.bat:*:Enabled:skript"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Ekiga\ekiga.exe"="C:\Program Files\Ekiga\ekiga.exe:*:Enabled:ekiga"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82744c91-8d63-11de-adab-00173190a657}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b549e54e-5a3c-11de-ad79-00173190a657}]
shell\AutoRun\command - setupSNK.exe

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-12-06 08:48:46 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-16 10:06:00 ----D---- C:\Program Files\trend micro
2010-02-16 10:05:59 ----D---- C:\rsit
2010-02-16 09:37:43 ----D---- C:\WINDOWS\ERDNT
2010-02-16 09:37:40 ----D---- C:\ComboFix
2010-02-16 09:37:39 ----A---- C:\WINDOWS\system32\CF10485.exe
2010-02-16 09:37:16 ----D---- C:\Qoobox
2010-02-16 09:37:00 ----A---- C:\WINDOWS\system32\cmd.execf
2010-02-15 09:59:16 ----A---- C:\WINDOWS\system32\TweakUI.exe
2010-02-10 16:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 16:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 16:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 16:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 16:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 16:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 16:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 16:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 16:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-08 09:44:32 ----D---- C:\Program Files\pdfsam
2010-02-02 11:49:52 ----D---- C:\LOCALS~1
2010-01-28 13:26:24 ----D---- C:\Program Files\Medieval Software
2010-01-28 13:19:14 ----D---- C:\Program Files\XRECODE

======List of files/folders modified in the last 1 months======

2010-12-06 08:48:43 ----D---- C:\Program Files\Alwil Software
2010-02-16 10:06:00 ----RD---- C:\Program Files
2010-02-16 10:01:15 ----D---- C:\WINDOWS
2010-02-16 10:01:12 ----D---- C:\WINDOWS\Temp
2010-02-16 09:54:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-16 09:51:35 ----D---- C:\WINDOWS\Prefetch
2010-02-16 09:43:45 ----D---- C:\WINDOWS\Debug
2010-02-16 09:37:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-16 09:37:39 ----D---- C:\WINDOWS\system32
2010-02-15 17:43:28 ----D---- C:\Documents and Settings\Jiří Chvátal\Data aplikací\Macromedia
2010-02-15 10:12:31 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-15 09:21:15 ----HD---- C:\WINDOWS\inf
2010-02-10 16:36:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 16:36:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-10 16:36:37 ----D---- C:\WINDOWS\system32\drivers
2010-02-02 11:53:22 ----D---- C:\Program Files\SPSS
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-29 15:38:47 ----D---- C:\Program Files\Unreal Commander
2010-01-28 17:30:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 15:15:19 ----D---- C:\Program Files\Media Coder Audio
2010-01-28 13:26:31 ----SHD---- C:\WINDOWS\Installer
2010-01-28 13:26:30 ----HD---- C:\Config.Msi
2010-01-27 11:19:03 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 15:30:09 ----D---- C:\Program Files\Internet Explorer
2010-01-22 15:29:59 ----D---- C:\WINDOWS\ie8updates
2010-01-21 16:42:45 ----D---- C:\Documents and Settings\Jiří Chvátal\Data aplikací\.purple
2010-01-21 15:25:28 ----D---- C:\Program Files\Pidgin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-27 20747]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 RapidPortM4;RapidPortM4; \??\C:\WINDOWS\System32\Drivers\CAPM4LP.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 RT61;LevelOne WNC-0301 11g Wireless PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-08-26 352768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
S3 ICDSX;Sony IC Recorder (SX); C:\WINDOWS\System32\Drivers\ICDSX.sys [2003-10-01 31744]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 RkPavproc1;RkPavproc1; \??\C:\WINDOWS\system32\drivers\RkPavproc1.sys []
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 SiS300i;SiS300i; C:\WINDOWS\System32\DRIVERS\sis300ip.sys [2001-08-17 101760]
S3 SiS7018;Služba pro ovladač vzorků AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 GhostStartService;GhostStartService; C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KME Remote Server;KME Remote Server; C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe [2001-10-12 53248]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Burner XP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe -run []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

zdravim
hlavne je ze pred hodinou si spustal combofix,,vloz sem log,combofix.txt
toto je co za bataka.??
Plocha\skript.bat

Pracuji na tom... ten skript je pozůstatek síťového připojení...

Ok,aky problem mas s pripojenim??
Aky browser pouzivas??

Používám Mozillu.

TCP dosud fungovalo automaticky, při dnešním spuštění mi to ale ukázalo v podrobnostech síťového připojení pouze fyzickou adresu a adresu IP. Když jsem DNS etc zadat "ručně", sice mi to hlásilo, žej sem připojen, ale realita byla jiná...

A ještě jedna věc: Combofix se zastavil v bodě "Systém nenašel ... CHECH_HAL" (to mezitím nedokáží rozšifrovat) - co s tím? Je to nějaká chyba?

kde combofix zastavil,uz pri skane stage??

Hlásil, že začíná skenovat... přenastavil čas + smazal dva soubory a pak tam vyskočila ta hláška...

estliže nepoužíváte pevnou IP adresu, proxy atd., v sekci Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti zvolíme Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky. V opačném případě zadáme do volných řádků nastavení od poskytovatele internetu.

> Poté zvolíme Start - Spustit, napíšeme: CMD a klikneme na OK. Následně v novém okně napíšeme cd\ a stiskneme Enter. Poté napíšeme ipconfig /flushdns a opět stiskneme Enter a zavřeme okno příkazového řádku.

1: pockaj ci pojde dalej,,ak nie odinstalovat combofix,,dufam ze ho mas na ploche,,ak ano stsrt spustit vloz prikaz combofix /uninstall ok

2:

stiahni>>OTC
2x-kliknite OTC.exe.
Kliknite na tlačidlo CleanUp!
Vyberte Áno, ak
Otvorenie procesu čistenia?
zobrazí upozornenie.
Ak sa zobrazí výzva na reštartovanie počas čistenia, vyberte Áno.
Nástroj sám zmaže, keď to skončí, ak nie odstrániť .

3:pojdes do nudzoveho rezimu s pracou v sieti a stiahnes combofix takto,pravy klik na odkaz combofixu,,ulozit odkaz ako,,,napises cobra.com a ulozis na plochu
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

Děkuji za návod, tady je výsledek:

ComboFix 10-02-12.01 - Administrator . 02. 2010 12:08:05.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.478.279 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 10:57 . 2010-02-16 10:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-16 10:51 . 2010-02-16 10:50 390144 ----a-w- c:\windows\system32\CF3959.exe
2010-02-16 10:06 . 2010-02-16 10:06 390144 ----a-w- c:\windows\system32\CF28014.exe
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\program files\trend micro
2010-02-16 08:37 . 2010-02-16 08:37 390144 ----a-w- c:\windows\system32\CF10485.exe
2010-02-15 08:59 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-08 08:44 . 2010-02-08 08:44 -------- d-----w- c:\program files\pdfsam
2010-02-02 10:49 . 2010-02-02 10:49 -------- d-----w- C:\LOCALS~1
2010-01-28 12:26 . 2010-01-28 12:26 -------- d-----w- c:\program files\Medieval Software
2010-01-28 12:19 . 2010-01-28 12:19 -------- d-----w- c:\program files\XRECODE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 07:48 . 2009-11-06 12:54 -------- d-----w- c:\program files\Alwil Software
2010-02-15 09:12 . 2008-12-12 09:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-02 10:53 . 2003-07-30 12:43 -------- d-----w- c:\program files\SPSS
2010-01-29 14:38 . 2008-04-30 13:38 -------- d-----w- c:\program files\Unreal Commander
2010-01-28 16:30 . 2009-10-08 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 14:15 . 2008-02-06 16:23 -------- d-----w- c:\program files\Media Coder Audio
2010-01-21 14:25 . 2008-04-30 11:59 -------- d-----w- c:\program files\Pidgin
2010-01-15 09:04 . 2002-11-12 12:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-10-08 15:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-08 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 09:39 . 2010-01-07 09:39 -------- d-----w- c:\program files\r2 Studios
2010-01-06 16:04 . 2007-09-14 14:09 -------- d-----w- c:\program files\Seven-Zip
2010-01-06 09:38 . 2010-01-06 09:38 -------- d-----w- c:\program files\7-Zip
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2002-11-10 16:37 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 07:01 . 2002-09-23 12:00 83208 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 07:01 . 2002-09-23 12:00 438878 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Levelone Wireless Utility.lnk - c:\program files\LevelOne\Common\RaUI.exe [2006-6-27 585728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Status Display.lnk - c:\program files\Panasonic\Panasonic KX-P7105 and KX-P7110\Status display\stmndsp.exe [2007-5-28 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14. 8. 2002 14:11 5632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8. 10. 2009 14:06 28544]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 KME Remote Server;KME Remote Server;c:\progra~1\PANASO~1\REMOTE~1\kmentsrv.exe [28. 5. 2007 9:42 53248]
S2 RapidPortM4;RapidPortM4;c:\windows\system32\drivers\CAPM4LP.SYS [24. 9. 2004 14:11 23232]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [26. 2. 2007 15:08 31744]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0h752934.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 12:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ALUAlert = c:\program files\Symantec\LiveUpdate\ALUNotify.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-02-16 12:15:39
ComboFix-quarantined-files.txt 2010-02-16 11:15

Před spuštěním: Volných bajtů: 57 243 566 080
Po spuštění: Volných bajtů: 57 241 944 064

- - End Of File - - 824E696BF928239E7521A877D55C33FB

aky antivirak pouzivas?/nakolko vidim tu zopar driverov z pandy,

Avast... ale ten jsem před kontrolou odinstaloval...

odinstalovnie neznamena ze vsetko sa odinstaluje,v systeme stale nieco zostane,,preto len opatrne s instalovanim vseliakych malware nahanacov,,a programov,
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Rootkit::
c:\windows\system32\drivers\RkPavproc1.sys
Driver::
RkPavproc1
Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert" =-

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Děkuji, pracuji na tom...

Tady to je:

ComboFix 10-02-12.01 - Administrator . 02. 2010 13:02:27.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.478.237 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RkPavproc1

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 10:57 . 2010-02-16 10:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-16 10:51 . 2010-02-16 10:50 390144 ----a-w- c:\windows\system32\CF3959.exe
2010-02-16 10:06 . 2010-02-16 10:06 390144 ----a-w- c:\windows\system32\CF28014.exe
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\program files\trend micro
2010-02-16 08:37 . 2010-02-16 08:37 390144 ----a-w- c:\windows\system32\CF10485.exe
2010-02-15 08:59 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-08 08:44 . 2010-02-08 08:44 -------- d-----w- c:\program files\pdfsam
2010-02-02 10:49 . 2010-02-02 10:49 -------- d-----w- C:\LOCALS~1
2010-01-28 12:26 . 2010-01-28 12:26 -------- d-----w- c:\program files\Medieval Software
2010-01-28 12:19 . 2010-01-28 12:19 -------- d-----w- c:\program files\XRECODE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 07:48 . 2009-11-06 12:54 -------- d-----w- c:\program files\Alwil Software
2010-02-15 09:12 . 2008-12-12 09:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-02 10:53 . 2003-07-30 12:43 -------- d-----w- c:\program files\SPSS
2010-01-29 14:38 . 2008-04-30 13:38 -------- d-----w- c:\program files\Unreal Commander
2010-01-28 16:30 . 2009-10-08 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 14:15 . 2008-02-06 16:23 -------- d-----w- c:\program files\Media Coder Audio
2010-01-21 14:25 . 2008-04-30 11:59 -------- d-----w- c:\program files\Pidgin
2010-01-15 09:04 . 2002-11-12 12:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-10-08 15:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-08 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 09:39 . 2010-01-07 09:39 -------- d-----w- c:\program files\r2 Studios
2010-01-06 16:04 . 2007-09-14 14:09 -------- d-----w- c:\program files\Seven-Zip
2010-01-06 09:38 . 2010-01-06 09:38 -------- d-----w- c:\program files\7-Zip
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2002-11-10 16:37 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 07:01 . 2002-09-23 12:00 83208 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 07:01 . 2002-09-23 12:00 438878 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2004-08-18 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Levelone Wireless Utility.lnk - c:\program files\LevelOne\Common\RaUI.exe [2006-6-27 585728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Status Display.lnk - c:\program files\Panasonic\Panasonic KX-P7105 and KX-P7110\Status display\stmndsp.exe [2007-5-28 122880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-08 28544]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
R2 KME Remote Server;KME Remote Server;c:\progra~1\PANASO~1\REMOTE~1\kmentsrv.exe [2007-05-28 53248]
R2 RapidPortM4;RapidPortM4;c:\windows\system32\drivers\CAPM4LP.SYS [2004-09-24 23232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2007-02-26 31744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82744c91-8d63-11de-adab-00173190a657}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b549e54e-5a3c-11de-ad79-00173190a657}]
\Shell\AutoRun\command - setupSNK.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jiří Chvátal\Data aplikací\Mozilla\Firefox\Profiles\yqgqsdww.default\
FF - prefs.js: browser.search.selectedEngine - Merriam-Webster Dictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 13:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-117609710-1580436667-1957994488-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F4CB7605-9B06-35A8-9864-BB4FEC9C4795}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Burner XP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CAPM4RSK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-16 13:16:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-16 12:16
ComboFix2.txt 2010-02-16 11:15

Před spuštěním: Volných bajtů: 57 253 322 752
Po spuštění: Volných bajtů: 57,093,681,152

- - End Of File - - 0525C807810FEA59DEAFB8D8103C804E

VIRY.CZ

VBS: Malware-gen a nefungujici internet

VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet

Re: VBS: Malware-gen a nefungujici internet