Prosim kontrolu

[_misa_]

Tak jsem teď dělal test složky WINDOWS Avastem a už to trojana nehlásí. Huráá díky moooc.

[Reklama]

[fredik]

Ještě to není všechno, ještě udělej toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

Driver::
FreezeScreenSaver

File::
C:\WINDOWS\system32\FreezeScreenSaver.exe

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[_misa_]

ComboFix 08-03-17.1 - Michal 2008-03-18 20:54:05.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1556 [GMT 1:00]
Running from: C:\Documents and Settings\Michal\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michal\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\FreezeScreenSaver.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 18:33 . 2008-03-18 18:33 <DIR> d-------- C:\_OTMoveIt
2008-03-17 22:06 . 2008-03-18 20:58 557,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-17 22:06 . 2008-03-18 20:57 7,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-17 22:04 . 2008-03-17 22:04 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-03-17 22:02 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-17 22:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-17 22:02 . 2008-03-17 22:04 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-17 22:01 . 2008-03-17 22:01 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-17 21:59 . 2008-03-18 20:51 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-12 21:06 . 2008-03-12 21:14 <DIR> d-------- C:\Program Files\FSFDT
2008-03-11 21:51 . 2008-03-11 21:51 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-09 16:52 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\VRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 14:12 --------- d-----w C:\Program Files\ICQToolbar
2008-03-17 19:06 --------- d-----w C:\Program Files\FSacars
2008-03-12 09:36 --------- d-----w C:\Program Files\Real Environment Pro
2008-03-11 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 12:54 --------- d-----w C:\Program Files\uTorrent
2008-03-11 12:44 --------- d-----w C:\Program Files\ATCsimulator2
2008-03-11 12:43 368 ----a-w C:\temp.reg
2008-03-11 12:42 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-11 12:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-20 18:01 --------- d-----w C:\Program Files\Flatout
2008-02-15 22:27 --------- d-----w C:\Program Files\Total Video Player
2008-01-30 14:32 --------- d-----w C:\Program Files\Inbit
2008-01-26 19:29 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-07 17:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-02-08 10:30 65 ----a-w C:\Program Files\Common Files\appop.log
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-02-13 18:18 61 --sh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_15.06.32.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-18 19:58:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_29c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-17 22:04 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-03-17 22:04 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-17 22:04 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-25 00:49 299008]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 02:47 270336]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2000-05-11 11:12]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 02:09]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 20:58:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2008-03-18 21:01:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 20:01:17
ComboFix2.txt 2008-03-18 14:06:49

[paul27]

Tak myslím, že teď by to už mělo být vše. Ještě pročistěte T-Cleanerem.

[_misa_]

Tak je to vyčištěné. Díky moc pánové....