POMOZTE TROJAN

[fredik]

Dík za nahrání souboru.

Log z ComboFix si sem nedal celý. Spusť znovu ComboFix (bez skriptu) a vlož sem log, který se ti objeví po jeho proběhnutí.

[Reklama]

[petas.jir]

tak snad ted

ComboFix 08-03-14.4 - xxx 2008-03-19 20:34:58.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.706 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-16 14:17 . 2008-03-16 14:17 3,584 --a------ C:\Documents and Settings\xxx\admin.exe
2008-03-15 17:23 . 2008-03-15 17:23 22,469 --a------ C:\WINDOWS\system32\mp3res.dll
2008-03-15 17:23 . 2008-03-15 17:23 8,736 --a------ C:\WINDOWS\system32\xprot.sys
2008-03-15 16:19 . 2008-03-15 16:19 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\DWGeditor
2008-03-15 16:18 . 2008-03-15 16:19 <DIR> d-------- C:\Program Files\DWGeditor
2008-03-13 11:03 . 2008-03-10 03:04 <DIR> d-------- C:\SDFix
2008-03-13 11:01 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-11 22:47 . 2008-03-11 22:47 <DIR> d---s---- C:\Documents and Settings\xxx\UserData
2008-03-11 17:42 . 2008-03-11 17:43 1,412,414 --a------ C:\SDFix.exe
2008-03-11 12:16 . 2008-03-11 12:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 12:14 . 2008-03-11 12:14 812,344 --a------ C:\HJTInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 14:21 --------- d-----w C:\Program Files\Google
2008-02-03 11:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-03 11:02 --------- d-----w C:\Documents and Settings\xxx\Data aplikací\Winamp
2008-02-03 11:01 --------- d-----w C:\Program Files\Winamp
2008-01-24 20:17 --------- d-----w C:\Program Files\FlatOut2
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_21.43.30.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 13:24:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 11:28:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 16:38:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-07 21:36 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Hry\\Battlefield 2\\BF2.exe"=
"C:\\Hry\\Battlefield 2148\\BF2142.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-24 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a307bf5b-8d75-11dc-9e9d-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:35:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 20:36:20
ComboFix-quarantined-files.txt 2008-03-19 19:36:12
ComboFix2.txt 2008-03-19 15:12:30
ComboFix3.txt 2008-03-16 20:43:51

[fredik]

Vytvoř si nový CFScript a tentokrát vlož do něho toto a použij ho stejným způsobem jak bylo napsáno:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\mp3res.dll
C:\WINDOWS\system32\xprot.sys

Vlož sem pak log, který se ti zobrazí po proběhnutí programu

[petas.jir]

Snad to je cely

ComboFix 08-03-14.4 - xxx 2008-03-20 10:51:04.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.734 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxx\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mp3res.dll
C:\WINDOWS\system32\xprot.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mp3res.dll
C:\WINDOWS\system32\xprot.sys

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-16 14:17 . 2008-03-16 14:17 3,584 --a------ C:\Documents and Settings\xxx\admin.exe
2008-03-15 16:19 . 2008-03-15 16:19 <DIR> d-------- C:\Documents and Settings\xxx\Data aplikací\DWGeditor
2008-03-15 16:18 . 2008-03-15 16:19 <DIR> d-------- C:\Program Files\DWGeditor
2008-03-13 11:03 . 2008-03-10 03:04 <DIR> d-------- C:\SDFix
2008-03-13 11:01 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-11 22:47 . 2008-03-11 22:47 <DIR> d---s---- C:\Documents and Settings\xxx\UserData
2008-03-11 17:42 . 2008-03-11 17:43 1,412,414 --a------ C:\SDFix.exe
2008-03-11 12:16 . 2008-03-11 12:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 12:14 . 2008-03-11 12:14 812,344 --a------ C:\HJTInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 14:21 --------- d-----w C:\Program Files\Google
2008-02-03 11:05 --------- d-----w C:\Program Files\Alwil Software
2008-02-03 11:02 --------- d-----w C:\Documents and Settings\xxx\Data aplikací\Winamp
2008-02-03 11:01 --------- d-----w C:\Program Files\Winamp
2008-01-24 20:17 --------- d-----w C:\Program Files\FlatOut2
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_21.43.30.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 13:24:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 11:28:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-20 09:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-07 21:36 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Hry\\Battlefield 2\\BF2.exe"=
"C:\\Hry\\Battlefield 2148\\BF2142.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-24 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a307bf5b-8d75-11dc-9e9d-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 10:52:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 10:52:39
ComboFix-quarantined-files.txt 2008-03-20 09:52:31
ComboFix2.txt 2008-03-19 19:36:20
ComboFix3.txt 2008-03-19 15:12:30
ComboFix4.txt 2008-03-16 20:43:51

[fredik]

Otestuj ještě tento soubor na Virustotal (momentálně nejsou v návodu obrázky, ale vše podstatné tam je zmíněno):
C:\Documents and Settings\xxx\admin.exe
Stačí zkopírovat tam celou cestu, vlož sem pak výsledek.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

Pokud nepoužíváš žádný anti-spyware program tak bych ti doporučil si nějaký doinstalovat.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vlož sem pak výsledek testu a řekni, jestli náš ještě nějaké problémy?

[petas.jir]

ComboFix 08-03-14.4 - xxx 2008-03-25 22:14:28.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.652 [GMT 1:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\CcEvtSvc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CCEVTSVC
-------\CcEvtSvc


((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-23 10:27 . 2008-03-23 10:26 93,696 --a------ C:\WINDOWS\winlogon.exe
2008-03-23 10:27 . 2008-03-23 10:27 0 --a------ C:\5.tmp
2008-03-23 10:26 . 2008-03-23 10:26 86,016 --a------ C:\3.tmp
2008-03-23 10:26 . 2008-03-23 10:26 0 --a------ C:\4.tmp
2008-03-15 16:18 . 2008-03-15 16:19 <DIR> d-------- C:\Program Files\DWGeditor
2008-03-13 11:03 . 2008-03-10 03:04 <DIR> d-------- C:\SDFix
2008-03-13 11:01 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-11 22:47 . 2008-03-11 22:47 <DIR> d---s---- C:\Documents and Settings\xxx\UserData
2008-03-11 17:42 . 2008-03-11 17:43 1,412,414 --a------ C:\SDFix.exe
2008-03-11 12:16 . 2008-03-11 12:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 12:14 . 2008-03-11 12:14 812,344 --a------ C:\HJTInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 14:21 --------- d-----w C:\Program Files\Google
2008-02-03 11:05 --------- d-----w C:\Program Files\Alwil Software
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_21.43.30.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 13:24:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 11:28:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-16 13:24:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-19 11:28:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 10:23:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-07 21:36 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Hry\\Battlefield 2\\BF2.exe"=
"C:\\Hry\\Battlefield 2148\\BF2142.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-24 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a307bf5b-8d75-11dc-9e9d-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 22:16:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-25 22:17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 21:17:17
ComboFix2.txt 2008-03-20 09:52:39
ComboFix3.txt 2008-03-19 19:36:20
ComboFix4.txt 2008-03-19 15:12:30
ComboFix5.txt 2008-03-16 20:43:51

[fredik]

Vytvoř si nový CFScript a tentokrát vlož do něho toto a použij ho stejným způsobem jak bylo napsáno

Kód: Vybrat vše

Driver::
grande48

File::
C:\WINDOWS\winlogon.exe
C:\5.tmp
C:\3.tmp
C:\4.tmp
C:\WINDOWS\system32\drivers\grande48.sys

Vlož sem pak log, který se ti zobrazí po proběhnutí programu. Nicméně jsi nic neřekl k tomu na co jsem se ptal?