Prosím o kontrolu logu... (vyřešeno)

[Kobuk]

A tady nový log z HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:01:12, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5482 bytes

[Reklama]

[sakiri]

Log z HJT je čistý.

Ale log z ComboFixu nám ukázal tolik neznámých souborů.A vypadá to šmejdy jako zvon.

spusť znovu Avenger

Zvol možnost - Input script manually a klikni na ikonku lupy zobrazí se prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\zzzx.exe
C:\WINDOWS\system32\pxcrt.dll

Pak klikni na Done.
Poté klikni na ikonku semafory.Pak ti vyskočí hláška kde odklikni Yes poté další hláska kde odklikni Yes.
Pc se restartuje.
Po restartu by se ti měl zobrazit výpis Avengeru tak ho sem zkopíruj.

Poté nechej zkontrolovat tyto soubory na Virustotalu:
C:\WINDOWS\system32\rcpdu.dll
C:\WINDOWS\system32\dcphnet.dll
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\browse.dll
C:\WINDOWS\system32\protect.dll
C:\WINDOWS\system32\gdid32.dll
C:\WINDOWS\system32\netd.dll
C:\WINDOWS\system32\ftpsystem.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\psx.dll
C:\WINDOWS\system32\credigui.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\260x.exe

Pro lepší nalezení si zapni - Zobrazovat skryté a systémové soubory.
A poté sem zkopíruj výsledky.

Vím že toho je hodně ale nechej zkontrolovat ty všechny soubory.

+ znáš tuhle složku:
C:\Virus Protection Tools

[Kobuk]

No to je mi tedy záhadou, jak se mi tam tolik potvor dostalo. Vždy jsem se považoval za docela opatrného surfaře

Tu složku C/Virus Protection Tools jsem si udělal dnes sám, abych měl všechny ty KillBoxy, ComboFixy, Avengery atd. pohromadě...

Mimochodem se mi na C udělala nová složka s názvem QooBox. Mám ji smazat? A mám smazat i tu složku !KillBox?

Tady je ten log z Avengeru, Virustotal bude chvíli trvat...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nlygwqbr

*******************

Script file located at: \??\C:\Documents and Settings\ojyikcck.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\zzzx.exe deleted successfully.
File C:\WINDOWS\system32\pxcrt.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[sakiri]

To víš stačí aby se ti tam dostal nějaký šmejd typu backdoor,downloader,dropper a už to začíná s těma virama.

Jinak pokud jsi tu složku vytvořil tak je to OK.

Tu složku !Killbox můžeš smazat. Ta složka Qoobox je v pořádku patří ke ComboFixu je to záloha kam se dali ty soubory co smazal.Takže ju tam můžeš nechat.

Avenger úspěšně smazal ty dva soubory.

A na Virustotal už se těším.

[Kobuk]

Tak tady je to ve zkrácené verzi (bez "virus no found")...

C:\WINDOWS\system32\rcpdu.dll

BitDefender 7.2 05.30.2007 MemScan:Trojan.Spy.Agent.NDJ
Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\dcphnet.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\iphelp.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\browse.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\protect.dll

Ewido 4.0 05.29.2007 Downloader.Small.ehe
Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\gdid32.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\netd.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\ftpsystem.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\rsh.dll

Ewido 4.0 05.29.2007 Downloader.Small.ehe
Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\psx.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\credigui.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\system32\mscert.dll

Fortinet 2.85.0.0 05.30.2007 suspicious
Microsoft 1.2503 05.29.2007 VirTool:Win32/Obfuscator.C
Panda 9.0.0.4 05.30.2007 Suspicious file
Sunbelt 2.2.907.0 05.26.2007 VIPRE.Suspicious
Webwasher-Gateway 6.0.1 05.30.2007 Virus.Win32.FileInfector.gen (suspicious)

C:\WINDOWS\260x.exe

AVG 7.5.0.467 05.30.2007 PSW.Banker3.NMF
Fortinet 2.85.0.0 05.30.2007 PossibleThreat
F-Secure 6.70.13030.0 05.30.2007 W32/Suspicious_U.gen.dropper
NOD32v2 2299 05.30.2007 probably a variant of Win32/Spy.Banker.CKW
Norman 5.80.02 05.30.2007 W32/Malware.VBI
Panda 9.0.0.4 05.30.2007 Suspicious file
Prevx1 V2 05.30.2007 Covert.Sys.Exec
Sophos 4.18.0 05.28.2007 Mal/Behav-101

[sakiri]

spusť znova Avenger Zvol možnost - Input script manually a klikni na ikonku lupy zobrazí se prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\system32\rcpdu.dll
C:\WINDOWS\system32\dcphnet.dll
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\browse.dll
C:\WINDOWS\system32\gdid32.dll
C:\WINDOWS\system32\netd.dll
C:\WINDOWS\system32\ftpsystem.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\psx.dll
C:\WINDOWS\system32\credigui.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\260x.exe
C:\WINDOWS\system32\protect.dll

Pak klikni na Done.
Poté klikni na ikonku semafory.Pak ti vyskočí hláška kde odklikni Yes poté další hláska kde odklikni Yes.
Pc se restartuje.
Po restartu by se ti měl zobrazit výpis Avengeru tak ho sem zkopíruj.

+ udělej nový log z ComboFixu.

[Kobuk]

Tak tady je ten log z Avengeru:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\plyswmsp

*******************

Script file located at: \??\C:\Program Files\podowtby.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\rcpdu.dll deleted successfully.
File C:\WINDOWS\system32\dcphnet.dll deleted successfully.
File C:\WINDOWS\system32\iphelp.dll deleted successfully.
File C:\WINDOWS\system32\browse.dll deleted successfully.
File C:\WINDOWS\system32\gdid32.dll deleted successfully.
File C:\WINDOWS\system32\netd.dll deleted successfully.
File C:\WINDOWS\system32\ftpsystem.dll deleted successfully.
File C:\WINDOWS\system32\rsh.dll deleted successfully.
File C:\WINDOWS\system32\psx.dll deleted successfully.
File C:\WINDOWS\system32\credigui.dll deleted successfully.
File C:\WINDOWS\system32\mscert.dll deleted successfully.
File C:\WINDOWS\260x.exe deleted successfully.
File C:\WINDOWS\system32\protect.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kftquann

*******************


Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

Could not open script file! Status: 0xc0000034 Abort!

[Kobuk]

A ComboFix:

"User" - 2007-05-31 18:08:09 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Virus Protection Tools\ComboFix\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))


2007-05-31 18:04 <DIR> d-------- C:\avenger
2007-05-31 17:53 60,416 --a------ C:\WINDOWS\system32\drivers\s^ucweic.sys
2007-05-30 17:57 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-30 17:44 <DIR> d-------- C:\Virus Protection Tools
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-05-30 07:02 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-05-30 07:00 147,968 --a------ C:\WINDOWS\R.COM
2007-05-30 07:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-05-29 18:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-05-29 17:59 <DIR> d-------- C:\DOCUME~1\User\DATAAP~1\Comodo
2007-05-29 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-05-29 17:57 <DIR> d-------- C:\Program Files\Comodo
2007-05-01 15:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trymedia
2007-05-01 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-31 16:04:01 -------- d-----w C:\Program Files\SpeedFan
2007-05-31 15:47:12 -------- d-----w C:\Program Files\GetRight
2007-05-29 16:35:17 -------- d-----w C:\Program Files\eMule
2007-05-01 15:03:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 13:46:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-25 09:02:53 80,088 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-03-25 09:02:53 409,876 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-03-17 13:45:10 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:40 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:40 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:40 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:36:45 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"nwiz"="nwiz.exe" [2006-02-13 15:05 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-25 22:48]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-25 22:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-10 22:28]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-29 17:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-31 18:09:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-31 18:09:26
C:\ComboFix-quarantined-files.txt ... 2007-05-31 18:09
C:\ComboFix2.txt ... 2007-05-31 18:00
C:\ComboFix3.txt ... 2007-05-30 17:57

--- E O F ---

[sakiri]

Tak už stačí pouze zkontrolovat tento soubor na Virustotalu:
C:\WINDOWS\system32\drivers\s^ucweic.sys

Poté až do do scanuje tak sem dej ten výsledek.

[Kobuk]

Tak je to kompletně "no virus found". To už jsem dlouho neviděl

[sakiri]

Ok pokud ti PC šlape jak má tak to je všechno.

[Kobuk]

Mockrát děkuji za pomoc, jste kouzelníci!