Myslim že probléém je vyřešen :) dokonce jsem i zprovoznil dlouho nefungující bránu firewall systemu windows ale pro jistou přikládám log z ComboFixu
ComboFix 08-09-05.03 - Lukin 2008-09-07 17:34:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1438 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Lukin\Plocha\ComboFix.exe
* Vytvoren novy Bod Obnoveni
* Resident AV is active
VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!.
((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\MAILTRAN.INI
C:\Documents and Settings\Lukin\Local Settings\Temporary Internet Files\TRNCOM.INI
C:\Documents and Settings\Lukin\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Lukin\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Lukin\Oblíbené položky\Spyware&Malware Protection.url
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\edno.exe
C:\WINDOWS\gksraemq.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\awttqOif.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\vanwxemgkmx.dll
.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-07 do 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-07 16:12 . 2008-09-07 14:19 143,360 --a------ C:\WINDOWS\sxmaokgf.exe
2008-09-07 13:35 . 2004-01-05 14:04 38,871 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-09-07 13:35 . 2006-07-16 15:45 29,236 --------- C:\WINDOWS\hpoins03.dat.temp
2008-09-06 23:07 . 2008-09-06 23:07 <DIR> d-------- C:\Program Files\Google
2008-09-06 23:07 . 2008-04-08 01:16 9,200 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-06 23:07 . 2008-04-08 01:16 9,072 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-06 23:02 . 2008-09-06 23:02 <DIR> d-------- C:\Program Files\filehippo.com
2008-09-06 22:30 . 2008-09-06 22:30 <DIR> d-------- C:\Program Files\Longman
2008-09-06 22:20 . 2008-09-06 22:20 <DIR> d-------- C:\Program Files\Uniblue
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-06 20:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-06 20:09 . 2008-09-06 20:11 <DIR> d-------- C:\Program Files\Nokia
2008-09-06 19:19 . 2008-09-06 19:19 <DIR> d-------- C:\Program Files\Fireluke
2008-09-06 18:58 . 2008-09-06 18:58 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 18:28 . 2008-09-06 18:28 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:32 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\MyPhoneExplorer
2008-09-06 18:28 . 2008-09-06 18:44 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-09-06 16:29 . 2008-09-06 16:29 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 16:14 . 2008-09-06 16:19 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-06 15:51 . 2008-09-06 16:03 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2008-09-06 12:42 . 2008-09-06 12:42 <DIR> d-------- C:\Program Files\QIP Infium
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\Program Files\Skype
2008-08-29 19:18 . 2008-08-29 19:18 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr
2008-08-16 18:10 . 2008-08-16 18:10 <DIR> d-------- C:\Documents and Settings\Lukin\.idlerc
2008-08-15 15:07 . 2008-08-15 15:11 <DIR> d-------- C:\Program Files\ICQ6
2008-08-14 11:27 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:26 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 15:18 . 2008-08-10 15:18 <DIR> d-------- C:\Program Files\VisualConnection
2008-08-10 15:18 . 2008-08-10 16:50 <DIR> d-------- C:\Documents and Settings\Lukin\Data aplikací\CTVoD
.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:31 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\Skype
2008-09-07 14:14 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\uTorrent
2008-09-06 22:24 --------- d-----w C:\Program Files\Portable Driver Genius Professional Edition 2007 v7.1.0.622
2008-09-06 20:40 --------- d-----w C:\Program Files\Down2Home
2008-09-06 19:17 --------- d-----w C:\Program Files\TVUPlayer
2008-09-06 18:19 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\PC Suite
2008-09-06 18:12 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-09-06 13:44 --------- d-----w C:\Program Files\QIP
2008-08-20 15:40 --------- d-----w C:\Documents and Settings\Lukin\Data aplikací\ICQ
2008-08-15 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 14:05 1,296,896 ----a-w C:\WINDOWS\system32\SPort.dll
2008-07-27 14:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 11:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-01 16:38 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-02-07 12:20 22,328 ----a-w C:\Documents and Settings\Lukin\Data aplikací\PnkBstrK.sys
2006-07-18 13:41 1,019,094 -csha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2008-05-25 18:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-01-20 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-07-07 204288]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 20034600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 339968]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-08 949376]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2007-11-27 2631376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"AGRSMMSG"=AGRSMMSG.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-03-01 11296]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [ ]
S3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [ ]
S3 gMouUsb;USB Mouse Device Drv;C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-02 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efaae3d6-d06b-11db-8de8-001731946640}]
\Shell\AutoRun\command - H:\Autorun\UbiAutorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Obsah adresare 'Naplanovane ulohy'
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -
Toolbar-{B766F1CE-A1FD-448E-A03D-5C68DB7F1EC3} - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{8E509EF7-6209-4A5C-A145-22F514F51C4F} - C:\WINDOWS\system32\wvUmJAqN.dll
Notify-wvUmJAqN - wvUmJAqN.dll
.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Lukin\Data aplikací\Mozilla\Firefox\Profiles\z5lpfsvy.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-07 17:37:03
Windows 5.1.2600 Service Pack 3 NTFS
skenovani skrytych procesu ...
skenovani skrytych polozek 'Po spusteni' ...
skenovani skrytych souboru ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navazane na bezici procesy ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Celkovy cas: 2008-09-07 17:40:30
ComboFix-quarantined-files.txt 2008-09-07 15:39:17
Pre-Run: Volných bajtů: 43,301,924,864
Post-Run: Volných bajtů: 43,365,564,416
189 --- E O F --- 2008-09-06 10:10:21