Prolém s Sunbelt Kerio Firewall 4

[fredik]

Do toho co tu psal melior se nepouštěj. Ráno se ti napíši jak pokračovat.

[Reklama]

[melior]

fredik:
a proc ne? zustal mi tam jeden zaznam navic se divam jdu to upravit?
ptam se rad bych vedel co je na metode "rucne smazat" spatne?

[memphisto]

omlouvám se za vstup jen napíšu co k čemu patří:

PnkBstrA.exe - online hraní (Call of Duty 2,Crysis)
Postak.exe - meil na seznamu
wmiapsrv.exe - WMI performance adapter
geede.exe - šmejd Covert.Sys.Exec.
winampa.exe - neškodný agent přehrávače WinAmp

geede.exe určitě odstranit ale né ručně

[fredik]

Protože už mu na začátku radíš smazat soubor co patří k systému.

[melior]

rikam ze se mi tam neco pripletlo:) delal sem copy paste z hroniho logu...

ps co je PnkBstrA.exe sem si zjistil, spis by me zajimalo co dela v system32

DOznavam se ke svemu Lamovstvi a kamenujte me

[memphisto]

nikdo tě kamenovat nebude. já taky nevím co je co za procesy (teda kromě těch s kterýma se potkávám denně) a proto se mrknu na google.com a hned vím k čemu co patří. já mu nemůžu nadiktovat kam se má nainstalovat. to je jeho problém, že sídlí v system 32

[fredik]

Fixni v HJT tyto položky:
F0 - win.ini: load=C:\WINDOWS\system32\geede.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {AE1063D7-7A71-44D0-925A-C8AAA30317F0} - C:\WINDOWS\system32\geede.dll

====================**************************====================

Stáhni si Avengera spusť ho pod účtem administrátora.
Zvol možnost - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj tento tučný text:
Files to delete:
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\geede.exe

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE1063D7-7A71-44D0-925A-C8AAA30317F0}

Poté klikni na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes. PC se restartuje po restartu by ti měl "vyskočit" výpis z Avengeru tak ho sem zkopíruj.

====================**************************====================

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

====================**************************====================

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

====================**************************====================

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Avengeru
- log z SUPERAntiSpyware
- udělej a dej sem nový log z DSS

[NIESRA]

tak tady to je:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kjkiqddk

*******************

Script file located at: \??\C:\Documents and Settings\jnqctjej.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\edeeg.ini2 deleted successfully.
File C:\WINDOWS\system32\geede.dll deleted successfully.


File C:\WINDOWS\system32\geede.exe not found!
Deletion of file C:\WINDOWS\system32\geede.exe failed!

Could not process line:
C:\WINDOWS\system32\geede.exe
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE1063D7-7A71-44D0-925A-C8AAA30317F0} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE1063D7-7A71-44D0-925A-C8AAA30317F0} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

---------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/27/2007 at 01:49 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 00:29:21

Memory items scanned : 329
Memory threats detected : 0
Registry items scanned : 4407
Registry threats detected : 5
File items scanned : 30276
File threats detected : 13

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{DE013B2E-389B-45A5-95E9-00E690C9C944}
HKCR\CLSID\{DE013B2E-389B-45A5-95E9-00E690C9C944}
HKCR\CLSID\{DE013B2E-389B-45A5-95E9-00E690C9C944}\InprocServer32
HKCR\CLSID\{DE013B2E-389B-45A5-95E9-00E690C9C944}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEEDE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE013B2E-389B-45A5-95E9-00E690C9C944}

Adware.Tracking Cookie
C:\Documents and Settings\NIESRA\Cookies\niesra@adx.allstar[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@clickaider[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@showit[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@please[3].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@toplist[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@please[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@user[1].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@please[4].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@please[2].txt
C:\Documents and Settings\NIESRA\Cookies\niesra@ad.adfox[2].txt
C:\Deckard\System Scanner\backup\DOCUME~1\NIESRA\LOCALS~1\Temp\Cookies\niesra@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt


---------------------------------------------------------------------------


Deckard's System Scanner v20071014.68
Run by NIESRA on 2007-12-27 14:11:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 5.42 GiB (less than 15%) free.


-- HijackThis (run as NIESRA.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:11, on 2007-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QIP\qip .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\NIESRA\Plocha\dss.exe
C:\DOCUME~1\NIESRA\Plocha\NIESRA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip .exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-27 13:18:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 01:16:20 0 d-------- C:\Program Files\IObit
2007-12-25 23:40:40 0 d-------- C:\Program Files\Midkemia Updater
2007-12-25 23:20:19 0 d-------- C:\Program Files\GamePark
2007-12-24 23:43:14 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-24 23:42:21 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-24 20:46:02 0 d-------- C:\WINDOWS\system32\DX9
2007-12-24 20:45:15 0 d-------- C:\WINDOWS\system32\WinFox
2007-12-24 20:45:15 0 d-------- C:\WINDOWS\system32\WinFast
2007-12-24 20:45:15 9469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)>
2007-12-24 14:20:16 0 d-------- C:\Program Files\Labels
2007-12-24 13:34:48 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-12-24 13:34:45 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-12-24 13:34:44 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-12-24 13:34:44 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-12-24 13:34:34 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-24 13:34:30 0 d-------- C:\Program Files\Ahead
2007-12-24 13:31:09 0 d-------- C:\Program Files\Mv2Player
2007-12-24 12:47:46 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-24 12:47:45 0 d-------- C:\Program Files\Microsoft.NET
2007-12-24 12:38:54 0 dr-h----- C:\MSOCache
2007-12-23 17:35:49 4096 --a------ C:\WINDOWS\system32\crash
2007-12-23 17:18:25 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-12-23 17:13:03 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-12-23 17:11:46 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-12-23 17:11:01 0 d-------- C:\Program Files\ATI Technologies
2007-12-23 16:44:14 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-23 16:44:14 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2007-12-23 16:44:13 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2007-12-23 16:44:12 0 d-------- C:\WINDOWS\system32\Futuremark
2007-12-23 16:43:19 0 d-------- C:\Program Files\Futuremark
2007-12-23 12:03:56 0 d-------- C:\Program Files\vghd
2007-12-23 00:54:51 0 d-------- C:\Program Files\Sunbelt Software
2007-12-23 00:33:13 0 d--hs---- C:\WINDOWS\ftpcache
2007-12-22 21:36:17 0 d-------- C:\Program Files\Lavasoft
2007-12-22 21:34:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 21:06:19 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-22 21:02:17 0 d-------- C:\Program Files\Seznam
2007-12-22 20:05:00 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-22 17:40:05 0 d-------- C:\Program Files\HellFIRE Screensaver
2007-12-22 17:13:33 0 d-------- C:\Games
2007-12-22 17:11:47 0 d-------- C:\Program Files\DAEMON Tools Lite
2007-12-22 17:01:30 0 d-------- C:\WINDOWS\RegisteredPackages
2007-12-22 16:59:29 0 d-------- C:\Program Files\Winamp
2007-12-22 16:36:19 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-22 16:32:19 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-22 16:32:17 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-12-22 16:25:29 0 d-------- C:\Program Files\Opera
2007-12-22 16:19:40 0 d-------- C:\Program Files\AMD
2007-12-22 16:05:24 0 d-------- C:\Program Files\YourWare Solutions
2007-12-22 16:03:10 8440 --a------ C:\WINDOWS\system32\drivers\LANPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-12-22 15:43:55 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-22 15:33:20 0 d-------- C:\WINDOWS\system32\Data
2007-12-22 15:15:29 0 d-------- C:\Program Files\uTorrent
2007-12-22 15:15:29 0 d-------- C:\Program Files\QIP
2007-12-22 15:15:12 0 d-------- C:\totalcmd
2007-12-22 15:14:40 0 d-------- C:\Downloads
2007-12-22 15:02:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 15:00:22 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-22 14:59:56 0 d-------- C:\ATI
2007-12-22 14:55:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-22 14:55:43 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-22 14:55:43 0 d-------- C:\WINDOWS\Prefetch
2007-12-22 14:54:35 0 d--hs---- C:\WINDOWS\Installer
2007-12-22 14:54:34 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-22 14:54:32 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-22 14:54:31 0 dr------- C:\Program Files
2007-12-22 14:54:31 0 d-------- C:\Program Files\Common Files
2007-12-22 14:53:53 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-22 14:53:53 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-22 14:53:23 0 d--hs---- C:\System Volume Information
2007-12-22 14:53:23 0 d-------- C:\Documents and Settings
2007-12-22 14:52:38 0 d-------- C:\WINDOWS\system32\xircom
2007-12-22 14:52:38 0 d-------- C:\Program Files\microsoft frontpage
2007-12-22 14:52:23 0 -rahs---- C:\MSDOS.SYS
2007-12-22 14:52:23 0 -rahs---- C:\IO.SYS
2007-12-22 14:52:23 0 --a------ C:\CONFIG.SYS
2007-12-22 14:52:23 0 --a------ C:\AUTOEXEC.BAT
2007-12-22 14:51:28 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-22 14:51:28 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-22 14:51:20 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-22 14:51:16 0 d-------- C:\Program Files\Online Services
2007-12-22 14:51:03 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-22 14:50:27 0 d---s---- C:\WINDOWS\Tasks
2007-12-22 14:50:26 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-22 14:50:22 0 d-------- C:\WINDOWS\srchasst
2007-12-22 14:50:21 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-22 14:50:14 0 d-------- C:\Program Files\Movie Maker
2007-12-22 14:50:07 0 d-------- C:\WINDOWS\system32\Restore
2007-12-22 14:49:28 21812 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-22 14:49:13 0 d-------- C:\WINDOWS\Registration
2007-12-22 14:49:02 0 d-------- C:\Program Files\Messenger
2007-12-22 14:48:58 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-22 14:48:31 0 d-------- C:\Program Files\Windows NT
2007-12-22 14:48:28 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-22 14:48:26 0 d-------- C:\WINDOWS\system32\Com
2007-12-22 14:47:08 0 d-------- C:\WINDOWS
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\WinSxS
2007-12-22 14:47:08 0 dr------- C:\WINDOWS\Web
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\twain_32
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\wins
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\wbem
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\usmt
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\spool
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\Setup
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\ras
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\oobe
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\npp
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\mui
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\IME
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\ias
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\export
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\drivers
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-22 14:47:08 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\config
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\3076
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\2052
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1054
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1042
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1041
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1037
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1033
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1031
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1029
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1028
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system32\1025
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\system
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\security
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Resources
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\repair
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Provisioning
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\pchealth
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\PeerNet
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\mui
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\msapps
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\msagent
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Media
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\java
2007-12-22 14:47:08 0 d--h----- C:\WINDOWS\inf
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\ime
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Help
2007-12-22 14:47:08 0 dr--s---- C:\WINDOWS\Fonts
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\ehome
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Driver Cache
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Debug
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Cursors
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\Config
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\AppPatch
2007-12-22 14:47:08 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-12-27 13:18:05 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\SUPERAntiSpyware.com
2007-12-27 13:03:58 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\uTorrent
2007-12-25 00:01:03 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Adobe
2007-12-24 13:36:54 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Ahead
2007-12-23 17:25:25 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\ATI
2007-12-23 17:13:45 398250 --a------ C:\WINDOWS\system32\perfh005.dat
2007-12-23 17:13:45 73506 --a------ C:\WINDOWS\system32\perfc005.dat
2007-12-23 12:03:45 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\vghd
2007-12-22 18:09:56 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\WinRAR
2007-12-22 18:03:21 0 dr-h----- C:\Documents and Settings\NIESRA\Data aplikací\SecuROM
2007-12-22 17:36:25 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\DAEMON Tools
2007-12-22 17:12:36 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\InstallShield
2007-12-22 17:01:51 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Winamp
2007-12-22 16:49:47 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Macromedia
2007-12-22 16:26:39 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Opera
2007-12-22 14:58:04 0 d-------- C:\Documents and Settings\NIESRA\Data aplikací\Identities
2007-12-22 14:54:04 62 --ahs---- C:\Documents and Settings\NIESRA\Data aplikací\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-04-12 08:53 C:\WINDOWS\system32\P17.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" []
"QIP2005"="C:\Program Files\QIP\qip .exe" [2007-12-26 22:47]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\NIESRA\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule




-- End of Deckard's System Scanner: finished at 2007-12-27 14:12:43 ------------

[fredik]

Smaž adresář/složku:
C:\Avenger
C:\Deckard

Zkus si stáhnou znovu ComboFix a spusť ho a vlož sem z něho log, pokud proběhne celý

Poznámka:
Používáš starší verzi HijackThis, pokud by jsi někdy v budoucnu ho potřeboval, stáhni si aktuální verzi zde a tu starou před použitím vymaž.

Logy vypadají dobře, ale dej sem ještě pro jistotu log z ComboFix. Máš ještě problémy?

[NIESRA]

Uz je to vsechno v poradku, myslim ze uz to nebude treba. Jen potrebuju jeste vedet jednu malickost. Jak v keriu muzu povolit porty, jelikoz kdyz stahuju z torrentu a mam zaple kerio tak mi to jede jako pasiv, ale kdyz ho vypnu tak jede normalne jako aktiv. Diky

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Kde se dají v Keriu nastavit/zakázat jednotlivé porty ti přesně neřeknu, ale pokud máš povolenou komunikaci pro daný program (Síťová bezpečnost => Aplikace) tak by snad neměl být s tím problém. Pak se dá nastavit přímo pro aplikaci jednotlivá pravidla pro komunikaci v (Síťová bezpečnost => Aplikace, Paketový filtr...) (tam si můžeš nastavit porty, protokol ...)

[NIESRA]

Jo tak ten ComboFix sem tedy odinstaloval a to kerio uz mi jede suprove. Uz mam nastavene i ty ruzne aplikace ktere chcu mit povolene. Diky za rady