Vundo Fix - HJT + ComboFix Pomoc prosím!

[ReCall]

Asi desetkrát mi avast! vyskočil s trojským koněm Vundo. Použil jsem Vundo Fix a tady je log po použití.
Mohl by se na to někdo podívat, prosím?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:04, on 24.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Budík\WMUSvc.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Budík\WMUAgent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\xxyVPhef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WMUAgent.exe] C:\Budík\WMUAgent.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 5861570609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5831178687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5831683703
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xxyVPhef - C:\WINDOWS\SYSTEM32\xxyVPhef.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WakeMeUp! Service (svcWMU) - Highspheres.com - C:\Budík\WMUSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 8466 bytes

Zdá se mi že tam ještě něco je.

[Reklama]

[zlobyl]

V HJT fixni tuhle zbytečnost:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

+ Tohle je na 99% šmejd, ale raději si nemaž zálohu z HJT a kdyby to bylo něco potřebného, tak to obnov zpět.
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\xxyVPhef.dll
O20 - Winlogon Notify: xxyVPhef - C:\WINDOWS\SYSTEM32\xxyVPhef.dll


[ReCall]

Tak ten šmejd v logu zůstal. Po fixnutí se mě akorát zeptal comodo jestli chci povolit změny v soubory winlogon.exe. Vyzkouším ještě ten druhý program na odstranění Vundo a potom se ozvu.

[ReCall]

Tak ani to nepomohlo, po restartu do normálního ežimu zase avast ukazuje Vundo.

[Nodon]

Udělej log v comfixu.

[ReCall]

Tak tady je ten comfix
ComboFix 08-05-21.3 - WarezBos 2008-05-24 19:16:25.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.953 [GMT 2:00]
Running from: C:\Documents and Settings\WarezBos\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\WarezBos\Plocha\Tiger\MP3\DRUM&BASS\dnb1\_desktop.ini
C:\WINDOWS\nayceaatm.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\natcraatm.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-24 16:08 . 2008-05-24 16:08 59,392 --a------ C:\WINDOWS\system32\khfEXqoN.dll
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Documents and Settings\WarezBos\Spyware Terminator
2008-05-24 13:34 . 2008-05-24 13:37 <DIR> d-------- C:\VundoFix Backups
2008-05-23 21:48 . 2008-05-23 21:48 <DIR> d-------- C:\Audacity
2008-05-23 18:38 . 2008-05-23 18:38 <DIR> d-------- C:\Program Files\DebugMode
2008-05-23 18:26 . 2008-05-23 18:26 59,392 --a------ C:\WINDOWS\system32\efcbbYrP.dll
2008-05-23 18:25 . 2008-05-23 18:25 59,392 --a------ C:\WINDOWS\system32\iifcCuTl.dll
2008-05-23 18:22 . 2008-05-23 18:22 59,392 --a------ C:\WINDOWS\system32\tuvTnLcy.dll
2008-05-23 18:21 . 2008-05-23 18:21 59,392 --a------ C:\WINDOWS\system32\ssqNEvtt.dll
2008-05-23 18:20 . 2008-05-23 18:20 59,392 --a------ C:\WINDOWS\system32\nnnoPGWM.dll
2008-05-23 17:59 . 2008-05-23 17:59 59,392 --a------ C:\WINDOWS\system32\cbXPijHX.dll
2008-05-23 14:32 . 2008-05-23 14:32 59,392 --a------ C:\WINDOWS\system32\yayaXPgH.dll
2008-05-23 14:24 . 2008-05-23 14:24 59,392 --a------ C:\WINDOWS\system32\xxyVPhef.dll.vir
2008-05-22 19:03 . 2008-05-22 19:03 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-22 19:03 . 2008-05-22 19:03 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-05-22 19:03 . 2008-05-22 19:03 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\InstallShield
2008-05-22 19:03 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-22 17:48 . 2001-07-06 00:19 164 -r------- C:\WINDOWS\avrack.ini
2008-05-22 17:47 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\Realtek AC97
2008-05-22 17:19 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\AvRack
2008-05-22 17:09 . 2008-05-22 17:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 16:28 . 2008-05-22 16:28 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\AVSMedia
2008-05-22 16:26 . 2008-05-23 14:23 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-22 16:26 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-22 16:26 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-05-22 16:26 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-22 16:26 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-05-22 16:26 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-05-22 16:26 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-05-22 16:26 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-05-22 14:27 . 2008-05-22 14:27 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\Publish Providers
2008-05-22 14:27 . 2008-05-22 14:48 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-22 14:27 . 2008-05-22 14:48 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-22 14:27 . 2008-05-22 14:27 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-22 14:26 . 2008-05-22 14:26 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\Sony
2008-05-22 13:19 . 2008-05-22 16:47 <DIR> d-------- C:\Program Files\Sony
2008-05-22 13:10 . 2008-05-22 13:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-22 13:09 . 2008-05-22 13:09 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-22 13:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-22 11:27 . 2008-05-22 11:27 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\Sony Setup
2008-05-22 11:25 . 2008-05-22 11:26 <DIR> d-------- C:\Program Files\Sony Setup
2008-05-20 20:49 . 2008-05-20 20:49 <DIR> d-------- C:\Documents and Settings\WarezBos\.idlerc
2008-05-20 20:48 . 2008-05-20 20:48 <DIR> d-------- C:\Python24
2008-05-19 18:48 . 2008-05-19 18:48 97,792 --a------ C:\WINDOWS\system32\drivers\ACEDRV05.sys
2008-05-18 11:49 . 2008-05-18 12:02 <DIR> d-------- C:\Program Files\Real
2008-05-18 10:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-17 22:42 . 2008-05-17 22:42 <DIR> d-------- C:\Program Files\COMODO
2008-05-17 22:42 . 2008-05-24 14:30 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-17 22:42 . 2008-05-24 14:30 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-17 22:42 . 2008-05-24 14:30 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-17 22:15 . 2008-05-24 11:54 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-17 22:15 . 2008-05-17 22:15 <DIR> d-------- C:\Program Files\Crawler
2008-05-17 22:15 . 2008-05-24 11:54 <DIR> d-------- C:\Documents and Settings\WarezBos\Data aplikací\Spyware Terminator
2008-05-17 22:15 . 2008-05-23 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-05-17 22:15 . 2008-05-17 22:15 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-17 20:41 . 2008-05-17 20:42 <DIR> d-------- C:\Program Files\Avast4
2008-05-17 12:57 . 2008-05-17 12:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-16 23:59 . 2008-05-16 23:59 <DIR> d-------- C:\MagicISO
2008-05-05 22:40 . 2008-05-06 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-05 22:39 . 2008-05-06 18:14 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-05 22:39 . 2008-05-05 22:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\WINDOWS\speech
2008-04-26 15:44 . 2008-04-27 12:05 <DIR> d-------- C:\Talker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 11:37 --------- d-----w C:\Program Files\PowerISO
2008-05-23 20:37 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\uTorrent
2008-05-23 16:20 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\wsInspector
2008-05-23 16:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-22 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 13:45 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-05-22 11:16 --------- d-----w C:\Program Files\MSBuild
2008-05-18 10:02 --------- d-----w C:\Program Files\Common Files\Real
2008-05-18 08:21 --------- d-----w C:\Program Files\Java
2008-05-17 21:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Comodo
2008-05-17 20:42 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\Comodo
2008-05-17 18:36 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\AVG7
2008-05-17 18:36 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-05-17 15:03 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\FileZilla
2008-04-22 12:18 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-22 12:18 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-03 21:06 --------- d-----w C:\Documents and Settings\WarezBos\Data aplikací\ImgBurn
2008-03-30 09:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 20:34 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-24 12:30 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

------- Sigcheck -------

2007-06-05 18:46 2222208 d1101c99dc7db646a1cb0e6dec0f322b C:\WINDOWS\system32\ntkrnlpa.exe
2007-06-05 18:46 2059008 9355304dd565e23f8ee294720b2c03e5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2007-06-05 18:25 2344832 b39a4ed44f8a484ab99482ba2425d39f C:\WINDOWS\system32\ntoskrnl.exe
2007-06-05 18:25 2181632 7fabe135eac02a4bc8094b831adc0cc3 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-05 18:13 1550848 01b4c56946b831dadba5d9a13596c494 C:\WINDOWS\explorer.exe
2007-06-05 18:13 1183232 d5d29d130497e6a74e3fcd54778fa01b C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 17:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 17:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-17 17:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]
2008-05-24 16:08 59392 --a------ C:\WINDOWS\system32\khfEXqoN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 17:49 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle Professional"="C:\Program Files\RAM Idle\RAM_XP.exe" [2004-06-11 16:28 133632]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16 196608]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-17 22:15 1817600]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-24 13:51 1575680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"WMUAgent.exe"="C:\Budík\WMUAgent.exe" [2006-11-25 06:31 160256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\khfEXqoN.dll [2008-05-24 16:08 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfEXqoN]
khfEXqoN.dll 2008-05-24 16:08 59392 C:\WINDOWS\system32\khfEXqoN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-17 22:15]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 10:09:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 19:17:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
-> C:\WINDOWS\system32\khfEXqoN.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-05-24 19:21:34
ComboFix-quarantined-files.txt 2008-05-24 17:21:17

Adresářů: 15, Volných bajtů: 546,484,224
Adresářů: 25, Volných bajtů: 534,687,744

188

[ReCall]

Tak co tam je k fixnutí?

[ReCall]

Prosím, zkontroluje to někdo?

[ReCall]

Já si počkám. Prosím.

[zlobyl]

Zkopíruj si následující text do poznámkového bloku (Start-Spustit-Notepad) a ulož ho na Plochu jako CFScript.txt.
(nepoužívej funkci Vybrat vše!)

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\system32\khfEXqoN.dll
C:\WINDOWS\system32\efcbbYrP.dll
C:\WINDOWS\system32\iifcCuTl.dll
C:\WINDOWS\system32\tuvTnLcy.dll
C:\WINDOWS\system32\ssqNEvtt.dll
C:\WINDOWS\system32\nnnoPGWM.dll
C:\WINDOWS\system32\cbXPijHX.dll
C:\WINDOWS\system32\yayaXPgH.dll
C:\WINDOWS\system32\xxyVPhef.dll.vir

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfEXqoN]

Pak tento soubor přetáhni na ikonu ComboFixu a pusť.(předpokládám, že máš ComboFix také na ploše)



Pak sem dej log, který ti z něj vyleze.


Jo-ještě ti fredik vzkazuje, že pokud jsi provedl update u Comoda FW minimálně na verzi 3.0.23.364, tak už by ti neměl označovat winlogon.exe za infikovaný.

[ReCall]

Díky. Jinak Comodo jsem ještě neuprgradoval, ale chystám se k tomu.
Tak tady to je.
//problém: Po restartu který zařídil combofix se mi nerozjel jako vždy na liště avast! tak jsem ho zapnul a z free verze je demo 4.8 s omezenim na 60 dni. Nevíte co se stalo?

ComboFix 08-05-21.3 - WarezBos 2008-05-25 20:42:23.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1016 [GMT 2:00]
Running from: C:\Documents and Settings\WarezBos\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\WarezBos\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cbXPijHX.dll
C:\WINDOWS\system32\efcbbYrP.dll
C:\WINDOWS\system32\iifcCuTl.dll
C:\WINDOWS\system32\khfEXqoN.dll
C:\WINDOWS\system32\nnnoPGWM.dll
C:\WINDOWS\system32\ssqNEvtt.dll
C:\WINDOWS\system32\tuvTnLcy.dll
C:\WINDOWS\system32\xxyVPhef.dll.vir
C:\WINDOWS\system32\yayaXPgH.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbXPijHX.dll
C:\WINDOWS\system32\efcbbYrP.dll
C:\WINDOWS\system32\iifcCuTl.dll
C:\WINDOWS\system32\khfEXqoN.dll
C:\WINDOWS\system32\nnnoPGWM.dll
C:\WINDOWS\system32\ssqNEvtt.dll
C:\WINDOWS\system32\tuvTnLcy.dll
C:\WINDOWS\system32\xxyVPhef.dll.vir
C:\WINDOWS\system32\yayaXPgH.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

2008-05-25 20:42 . 2008-05-25 20:42 166,152 --a------ C:\WINDOWS\system32\byXNdefE.dll
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Documents and Settings\WarezBos\Spyware Terminator
2008-05-24 13:34 . 2008-05-24 13:37 <DIR> d-------- C:\VundoFix Backups
2008-05-23 21:48 . 2008-05-23 21:48 <DIR> d-------- C:\Audacity
2008-05-23 18:38 . 2008-05-23 18:38 <DIR> d-------- C:\Program Files\DebugMode
2008-05-22 19:03 . 2008-05-22 19:03 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-22 19:03 . 2008-05-22 19:03 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-05-22 19:03 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-22 17:48 . 2001-07-06 00:19 164 -r------- C:\WINDOWS\avrack.ini
2008-05-22 17:47 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\Realtek AC97
2008-05-22 17:19 . 2008-05-22 17:48 <DIR> d-------- C:\Program Files\AvRack
2008-05-22 17:09 . 2008-05-22 17:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 16:26 . 2008-05-23 14:23 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-22 16:26 . 2002-08-20 00:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-05-22 16:26 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-05-22 16:26 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-05-22 16:26 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-05-22 16:26 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-05-22 16:26 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-05-22 16:26 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-05-22 14:27 . 2008-05-22 14:48 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-22 14:27 . 2008-05-22 14:48 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-22 14:27 . 2008-05-22 14:27 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-22 13:19 . 2008-05-22 16:47 <DIR> d-------- C:\Program Files\Sony
2008-05-22 13:10 . 2008-05-22 13:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-22 13:09 . 2008-05-22 13:09 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-22 13:08 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-22 11:25 . 2008-05-22 11:26 <DIR> d-------- C:\Program Files\Sony Setup
2008-05-20 20:49 . 2008-05-20 20:49 <DIR> d-------- C:\Documents and Settings\WarezBos\.idlerc
2008-05-20 20:48 . 2008-05-20 20:48 <DIR> d-------- C:\Python24
2008-05-19 18:48 . 2008-05-19 18:48 97,792 --a------ C:\WINDOWS\system32\drivers\ACEDRV05.sys
2008-05-18 11:49 . 2008-05-18 12:02 <DIR> d-------- C:\Program Files\Real
2008-05-18 10:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-17 22:42 . 2008-05-17 22:42 <DIR> d-------- C:\Program Files\COMODO
2008-05-17 22:42 . 2008-05-24 14:30 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-17 22:42 . 2008-05-24 14:30 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-17 22:42 . 2008-05-24 14:30 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-17 22:15 . 2008-05-25 11:42 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-17 22:15 . 2008-05-17 22:15 <DIR> d-------- C:\Program Files\Crawler
2008-05-17 22:15 . 2008-05-17 22:15 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-17 20:41 . 2008-05-17 20:42 <DIR> d-------- C:\Program Files\Avast4
2008-05-17 12:57 . 2008-05-17 12:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-16 23:59 . 2008-05-16 23:59 <DIR> d-------- C:\MagicISO
2008-05-05 22:40 . 2008-05-06 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-05 22:39 . 2008-05-06 18:14 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-05 22:39 . 2008-05-05 22:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\WINDOWS\speech
2008-04-26 15:44 . 2008-04-27 12:05 <DIR> d-------- C:\Talker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 11:37 --------- d-----w C:\Program Files\PowerISO
2008-05-23 16:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-22 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 11:16 --------- d-----w C:\Program Files\MSBuild
2008-05-18 10:02 --------- d-----w C:\Program Files\Common Files\Real
2008-05-18 08:21 --------- d-----w C:\Program Files\Java
2008-04-22 12:18 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-22 12:18 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-30 09:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 20:34 286,720 ------w C:\WINDOWS\Setup1.exe
.

------- Sigcheck -------

2007-06-05 18:46 2222208 d1101c99dc7db646a1cb0e6dec0f322b C:\WINDOWS\system32\ntkrnlpa.exe
2007-06-05 18:46 2059008 9355304dd565e23f8ee294720b2c03e5 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2007-06-05 18:25 2344832 b39a4ed44f8a484ab99482ba2425d39f C:\WINDOWS\system32\ntoskrnl.exe
2007-06-05 18:25 2181632 7fabe135eac02a4bc8094b831adc0cc3 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-05 18:13 1550848 01b4c56946b831dadba5d9a13596c494 C:\WINDOWS\explorer.exe
2007-06-05 18:13 1183232 d5d29d130497e6a74e3fcd54778fa01b C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-17 17:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\ctfmon.exe
2004-08-17 17:49 25088 5050a0b550ccf3ffbc3dad33524a4dc1 C:\WINDOWS\system32\dllcache\ctfmon.exe
2004-08-17 17:49 15360 a5baa91475167161dea02ba3c4ca4f59 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-24_19.19.55.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-24 15:33:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 18:46:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 18:47:20 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
+ 2008-05-25 18:46:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 17:49 25088]
"WEBTRAN"="" []
"OEXPRESS"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle Professional"="C:\Program Files\RAM Idle\RAM_XP.exe" [2004-06-11 16:28 133632]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16 196608]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-17 22:15 1817600]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-24 13:51 1575680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"WMUAgent.exe"="C:\Budík\WMUAgent.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Programy\\Flash Get\\flashget.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-17 22:15]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys []
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 10:09:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 20:47:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Budík\WMUSvc.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-05-25 20:56:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-25 18:56:24
ComboFix2.txt 2008-05-24 17:21:36

Adresářů: 15, Volných bajtů: 367,165,440
Adres ý…: 24, Volněch bajt…: 354,619,392

192

[zlobyl]

Ohledně Avastu nevím.

Použij ještě KillBox na tento soubor:

Kód: Vybrat vše

C:\WINDOWS\system32\byXNdefE.dll

Jak se teď chová PC?