Dik za odpoved, sorry, ze sem neudelal novy tema, ale prislo mi logictejsi pokracovat v tomhle.
Kazdopadne log Combofixu vypada asi nasledovne:
ComboFix 08-05-28.4 - Administrator 2008-05-29 6:39:47.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.3004 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Plocha\TermVir.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Lumir\Data aplikací\m\
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\100453.exe
C:\WINDOWS\system32\drivers\downld\100968.exe
C:\WINDOWS\system32\drivers\downld\102656.exe
C:\WINDOWS\system32\drivers\downld\103203.exe
C:\WINDOWS\system32\drivers\downld\105843.exe
C:\WINDOWS\system32\drivers\downld\106093.exe
C:\WINDOWS\system32\drivers\downld\108734.exe
C:\WINDOWS\system32\drivers\downld\109468.exe
C:\WINDOWS\system32\drivers\downld\109578.exe
C:\WINDOWS\system32\drivers\downld\116781.exe
C:\WINDOWS\system32\drivers\downld\119718.exe
C:\WINDOWS\system32\drivers\downld\125968.exe
C:\WINDOWS\system32\drivers\downld\143937.exe
C:\WINDOWS\system32\drivers\downld\148812.exe
C:\WINDOWS\system32\drivers\downld\149703.exe
C:\WINDOWS\system32\drivers\downld\157062.exe
C:\WINDOWS\system32\drivers\downld\163421.exe
C:\WINDOWS\system32\drivers\downld\170937.exe
C:\WINDOWS\system32\drivers\downld\178265.exe
C:\WINDOWS\system32\drivers\downld\187734.exe
C:\WINDOWS\system32\drivers\downld\190609.exe
C:\WINDOWS\system32\drivers\downld\200546.exe
C:\WINDOWS\system32\drivers\downld\215203.exe
C:\WINDOWS\system32\drivers\downld\225640.exe
C:\WINDOWS\system32\drivers\downld\243984.exe
C:\WINDOWS\system32\drivers\downld\291843.exe
C:\WINDOWS\system32\drivers\downld\320750.exe
C:\WINDOWS\system32\drivers\downld\334140.exe
C:\WINDOWS\system32\drivers\downld\336109.exe
C:\WINDOWS\system32\drivers\downld\340953.exe
C:\WINDOWS\system32\drivers\downld\346109.exe
C:\WINDOWS\system32\drivers\downld\349921.exe
C:\WINDOWS\system32\drivers\downld\435109.exe
C:\WINDOWS\system32\drivers\downld\475937.exe
C:\WINDOWS\system32\drivers\downld\48156.exe
C:\WINDOWS\system32\drivers\downld\500671.exe
C:\WINDOWS\system32\drivers\downld\50281.exe
C:\WINDOWS\system32\drivers\downld\53546.exe
C:\WINDOWS\system32\drivers\downld\56921.exe
C:\WINDOWS\system32\drivers\downld\57531.exe
C:\WINDOWS\system32\drivers\downld\58218.exe
C:\WINDOWS\system32\drivers\downld\592203.exe
C:\WINDOWS\system32\drivers\downld\621953.exe
C:\WINDOWS\system32\drivers\downld\62703.exe
C:\WINDOWS\system32\drivers\downld\641640.exe
C:\WINDOWS\system32\drivers\downld\6425171.exe
C:\WINDOWS\system32\drivers\downld\67156.exe
C:\WINDOWS\system32\drivers\downld\68734.exe
C:\WINDOWS\system32\drivers\downld\72140.exe
C:\WINDOWS\system32\drivers\downld\73734.exe
C:\WINDOWS\system32\drivers\downld\88468.exe
C:\WINDOWS\system32\drivers\downld\89718.exe
C:\WINDOWS\system32\drivers\downld\90859.exe
C:\WINDOWS\system32\drivers\downld\94000.exe
C:\WINDOWS\system32\drivers\downld\94859.exe
C:\WINDOWS\system32\drivers\downld\95093.exe
C:\WINDOWS\system32\drivers\downld\95750.exe
C:\WINDOWS\system32\drivers\downld\96625.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-28 12:43 . 2008-05-28 12:43 92,672 --a------ C:\pppp.exe
2008-05-24 10:39 . 2008-05-24 10:39 25 --a------ C:\WINDOWS\cdplayer.ini
2008-05-24 10:37 . 2008-05-24 10:37 <DIR> d-------- C:\Program Files\Real
2008-05-24 10:37 . 2008-05-24 10:37 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-20 21:14 . 2008-05-28 09:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 21:14 . 2008-05-20 21:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 12:54 . 2008-05-15 12:54 1,829,995 --a------ C:\knihy.rar
2008-05-06 19:35 . 2008-05-08 10:18 <DIR> d-------- C:\_Vçechny foty kterě chci vypalit_
2008-05-04 19:16 . 2004-08-17 15:49 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-04 19:16 . 2004-08-17 15:49 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 09:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-28 08:28 --------- d-----w C:\Program Files\emule 0.48a pro -ultra2
2008-05-20 17:03 --------- d-----w C:\Program Files\_install_
2008-05-10 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 11:25 --------- d-----w C:\Program Files\OpenAL
2008-04-25 13:14 3,155 ----a-w C:\SetAckTick.vbs
2008-04-21 16:18 --------- d-----w C:\Program Files\Xing
2008-04-21 16:18 --------- d-----w C:\Program Files\Common Files\Xing Shared
2008-03-30 14:08 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-30 14:06 --------- d-----w C:\Program Files\eRightSoft
2008-02-09 13:37 1 ----a-w C:\Documents and Settings\Lumir\SI.bin
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-05-28 12:59 58984 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 07:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2007-09-28 10:39 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-24 10:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\GAMES\\Quake III Arena\\Quake3.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\GAMES\\Crysis\\Bin32\\Crysis.exe"=
"C:\\GAMES\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 05:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 12:34:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 19:27:22 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Lumir.job"
- C:\PROGRA~1\tools\NORTON~1\Navw32.exee/task:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-29 06:43:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2008-05-29 6:49:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 04:49:07
Adresářů: 10, Volných bajtů: 15,094,538,240
Adres ý…: 12, Volněch bajt…: 16,002,093,056
196 --- E O F --- 2008-05-28 06:48:59
fix.reg