Problém se zabezpečením Vyřešeno

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
c:\windows\unvise32.exe
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
c:\windows\bwUnin-8.1.1.50-8876480SL.exe


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
c:\windows\system32\drivers\pe3aq6eb.sys
c:\windows\system32\drivers\ps7aq6eb.sys
Vlož sem pak výsledky.

[Reklama]

[hroch123]

Obnov v ovládacích panelech, nastavení internetu všechno na default nastavení.

[roman]

ComboFix 08-11-23.02 - Roman 2008-11-25 19:17:59.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.971 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 18:51 . 2008-11-24 18:51 <DIR> d-------- c:\program files\Yahoo!
2008-11-24 18:51 . 2008-11-24 18:51 <DIR> d-------- c:\program files\CCleaner
2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-23 20:14 . 2008-11-23 20:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 20:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-23 20:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-23 13:59 . 2008-11-23 13:59 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 08:17 . 2008-11-23 08:17 <DIR> d-------- c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 08:09 . 2008-11-23 08:09 <DIR> d-------- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-11-23 08:08 . 2008-11-23 08:08 <DIR> d-------- c:\programdata\Media Center Programs
2008-11-22 11:22 . 2008-11-22 11:22 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-21 17:11 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-11-18 07:02 . 2008-11-18 07:02 901,120 --a------ c:\windows\TMUninst.exe
2008-11-16 03:45 . 2008-11-16 03:45 682,280 --a------ c:\windows\System32\pbsvc.exe
2008-11-15 14:52 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 14:52 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 14:52 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 14:52 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 14:52 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 14:52 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 14:52 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 14:52 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 14:52 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 17:36 . 2008-11-16 13:14 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-11-14 17:36 . 2008-11-16 03:46 22,328 --a------ c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2008-11-14 17:35 . 2008-11-16 13:14 111,928 --a------ c:\windows\System32\PnkBstrB.exe
2008-11-14 17:35 . 2008-11-16 03:49 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-11-12 06:53 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 06:53 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 06:53 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-06 19:25 . 2008-11-06 19:25 <DIR> d-------- c:\programdata\NVIDIA Corporation
2008-11-06 19:24 . 2008-11-06 19:25 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-11-06 19:24 . 2006-03-29 08:50 671,744 --a------ c:\windows\System32\DolbyHph.dll
2008-11-06 19:24 . 2006-03-29 08:51 60,416 --a------ c:\windows\System32\DSETUP.dll
2008-11-06 19:24 . 2006-03-29 08:49 9,856 --a------ c:\windows\System32\drivers\pfc.sys
2008-11-06 19:24 . 2006-05-05 19:21 4,608 --a------ c:\windows\System32\drivers\nvport.sys
2008-11-05 07:05 . 1999-12-17 08:13 86,016 --a------ c:\windows\unvise32.exe
2008-11-01 08:49 . 2008-11-01 08:49 <DIR> dr-h----- c:\users\Roman\AppData\Roaming\SecuROM
2008-11-01 08:42 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2008-11-01 08:42 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2008-11-01 08:42 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2008-11-01 08:42 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll
2008-11-01 08:42 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2008-11-01 08:42 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2008-11-01 08:42 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll
2008-11-01 08:42 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll
2008-11-01 08:42 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2008-11-01 08:42 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2008-11-01 08:42 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll
2008-11-01 08:41 . 2008-11-01 08:41 <DIR> d-------- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2008-11-01 08:41 . 2008-11-01 08:41 <DIR> d-------- c:\program files\Ubisoft
2008-10-28 18:25 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 18:25 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 18:25 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-28 07:20 . 2008-10-28 07:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 17:49 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2008-11-24 19:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-23 07:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 17:11 --------- d-----w c:\program files\Microsoft Games
2008-11-17 17:36 --------- d-----w c:\program files\Electronic Arts
2008-11-06 19:06 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2008-11-06 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-02 20:15 --------- d-----w c:\users\Roman\AppData\Roaming\ICQ
2008-11-01 07:49 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-29 18:33 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-29 05:39 --------- d-----w c:\users\Roman\AppData\Roaming\Creative
2008-10-24 15:56 --------- d-----w c:\programdata\WindowsSearch
2008-10-22 13:53 --------- d-----w c:\programdata\CustomPortal
2008-10-21 15:20 --------- d-----w c:\programdata\Azureus
2008-10-21 15:15 --------- d-----w c:\program files\Java
2008-10-21 15:03 --------- d-----w c:\program files\Common Files\Java
2008-10-20 17:03 --------- d-----w c:\users\Roman\AppData\Roaming\Mikrotik
2008-10-20 16:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 16:21 --------- d-----w c:\programdata\LogiShrd
2008-10-20 15:39 --------- d-----w c:\program files\Common Files\Logitech
2008-10-20 15:39 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-16 18:20 --------- d-----w c:\program files\Windows Mail
2008-10-15 18:46 --------- d-----w c:\users\Roman\AppData\Roaming\AVGTOOLBAR
2008-10-10 17:10 --------- d-----w c:\program files\Common Files\EasyInfo
2008-10-10 14:47 --------- d-----w c:\programdata\NVIDIA
2008-10-09 17:31 --------- d-----w c:\program files\AGEIA Technologies
2008-10-06 16:39 --------- dc-h--w c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-05 18:42 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-03 17:28 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 15:56 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-01 15:56 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 06:51 --------- d-----w c:\programdata\HP
2008-09-28 05:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-27 09:44 --------- d-----w c:\users\Roman\AppData\Roaming\HP
2008-09-27 09:44 --------- d-----w c:\programdata\WEBREG
2008-09-27 09:40 --------- d-----w c:\programdata\Hewlett-Packard
2008-09-25 13:14 --------- d-----w c:\programdata\HPSSUPPLY
2008-09-25 13:14 --------- d-----w c:\program files\HP
2008-09-25 13:13 --------- d-----w c:\program files\Common Files\HP
2008-09-25 13:10 --------- d-----w c:\program files\Hewlett-Packard
2008-09-25 13:10 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
2008-09-20 17:14 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-09-20 17:14 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-09-20 17:07 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-20 17:07 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-19 15:49 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-19 14:27 269,312 ----a-w c:\windows\System32\es.dll
2008-09-19 14:25 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-19 14:25 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-19 14:25 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-19 14:25 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-19 14:25 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-19 14:25 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-19 14:25 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-19 14:25 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-19 14:25 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-19 14:25 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-18 12:56 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-17 12:33 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-17 12:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-09-17 12:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-09-17 12:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-17 12:33 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-17 12:33 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-17 12:33 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-09-17 12:33 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-17 12:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-17 12:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-09-17 12:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-17 12:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-17 12:27 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-17 12:26 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-17 12:19 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-09-17 12:18 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-17 12:16 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-17 12:16 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-17 12:16 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-09-17 09:28 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-09-17 09:28 315,392 ----a-w c:\windows\HideWin.exe
2008-09-16 19:27 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-09-04 07:31 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
2008-08-29 06:57 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
.

((((((((((((((((((((((((((((( snapshot_2008-11-25_18.53.33,94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-25 18:17:42 6,479,872 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2008-11-24 20:14:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-25 18:12:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-24 20:14:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-25 18:12:37 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-24 20:14:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-25 18:12:37 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-22 09:47:28 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-11-25 18:15:29 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-11-21 17:11:51 126,708,455 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-25 18:15:47 129,367,986 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-01-19 07:36:07 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-19 07:36:07 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files 2\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1235736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2007-10-25 c:\windows\System32\CTXFIREG.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5BE01679-9095-4144-844E-0AA3CCB25517}c:\\program files 2\\azureus\\azureus.exe"= UDP:c:\program files 2\azureus\azureus.exe:Azureus
"UDP Query User{9E2D707C-4726-4411-8397-958A6FDA8756}c:\\program files 2\\azureus\\azureus.exe"= TCP:c:\program files 2\azureus\azureus.exe:Azureus
"TCP Query User{DD70A684-A6E6-4E72-86C5-380C9E83F7BB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FB5DA61D-23AE-4533-90B0-71263346C49D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-09-19 12936]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\system32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\system32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-19 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-24 90632]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-09-21 72192]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2008-09-19 9856]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-09-17 1163800]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc []
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-09-17 79360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 19:19:14
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(428)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2008-11-25 19:20:12
ComboFix-quarantined-files.txt 2008-11-25 18:19:49
ComboFix2.txt 2008-11-25 17:54:12
ComboFix3.txt 2008-11-24 17:32:50

Před spuštěním: Volných bajtů: 158 111 014 912
Po spuštění: Volných bajtů: 158,078,058,496

272 --- E O F --- 2008-11-24 20:25:34

[roman]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

--
End of file - 9599 bytes

[roman]

tak toto c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
virustotal píše://0 bytes size received / Se ha recibido un archivo vacio//
c:\windows\system32\drivers\pe3aq6eb.sys
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
NOD32 3639 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.25 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.25 -
Rozšiřující informace
File size: 69248 bytes
MD5...: e450f150e9895863d032238a2d3efc06
SHA1..: 311a9f6b251c12d32146649c31d99a4f459d6234
SHA256: e6ddeda0d20d40440d10c938233caa0731534b025323a65c0403dcfac3b90ebd
SHA512: 5b08e1221f5aa3e2518c6a369e674c6bffb67ed95f2c657f0e53cad974783689
08e9c45a8e8ac42f6673107ce9f14254c64cec8f6b7ba95cc4fdd038b6bbd66d

ssdeep: 1536:M0qYUJdZTW52X0nnQ5PhKLxsUmI+cXi9eziFOgL7L:4YadrX0nQ5P0LxsUm
IJXVziFOA

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x20ac0
timedatestamp.....: 0x47f48903 (Thu Apr 03 07:36:35 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x128a 0x1400 6.10 a6de8cb7a9f33f1d9dd60d81a214d8af
.rdata 0x3000 0x989 0xa00 5.88 a5096410dbfcc7a4cea38e1071308970
.data 0x4000 0x804 0x200 0.08 1fd62ec5648b0294c196045987fa1c25
PAGE 0x5000 0xa945 0xaa00 6.76 9f60690ff07c01551ac1f3e3b516a975
INIT 0x10000 0x136a 0x1400 6.27 ecf4ba9cfbefc7fd1128a7d1a5e69284
.rsrc 0x12000 0x620 0x800 2.82 48222f99524fde6f1b9a0982d3ea86e9
.reloc 0x13000 0x850 0xa00 5.04 5461cdfb459d5821713f05fd00e38d91

( 2 imports )
> HAL.dll: KfRaiseIrql, KfLowerIrql, KeStallExecutionProcessor
> ntoskrnl.exe: _aullshr, _allmul, _aulldiv, ExRaiseAccessViolation, MmUserProbeAddress, ExRaiseDatatypeMisalignment, ExAllocatePoolWithTag, KeDelayExecutionThread, ExFreePoolWithTag, RtlUpperChar, ObfDereferenceObject, ZwClose, ObReferenceObjectByHandle, ExEventObjectType, ZwCreateEvent, KeInitializeEvent, KeWaitForSingleObject, KeSetEvent, KeEnterCriticalRegion, KeLeaveCriticalRegion, IoGetDeviceObjectPointer, IofCallDriver, IoBuildDeviceIoControlRequest, ZwQueryValueKey, RtlInitUnicodeString, ZwOpenKey, ZwCreateKey, ZwFlushKey, ZwSetValueKey, RtlQueryRegistryValues, ZwDeleteValueKey, IoFreeWorkItem, KeCancelTimer, KeSetTimer, KeClearEvent, IoQueueWorkItem, IoAllocateWorkItem, KeInitializeDpc, KeInitializeTimer, ExRaiseStatus, MmSystemRangeStart, ZwQuerySystemInformation, _except_handler3, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlFreeUnicodeString, KeRemoveQueueDpc, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, IofCompleteRequest, IoCreateDevice, IoDeleteDevice, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, KeUnstackDetachProcess, KeStackAttachProcess, ObfReferenceObject, IoGetCurrentProcess, ExAllocatePoolWithTagPriority, KeGetCurrentThread, IoReleaseCancelSpinLock, KeQueryActiveProcessors, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, IoRegisterShutdownNotification, IoCreateSymbolicLink, PsGetVersion, PsGetCurrentProcessId, PsGetCurrentThreadId, MmGetSystemRoutineAddress, RtlEqualUnicodeString, KeBugCheckEx

( 0 exports )

[roman]

a c:\windows\system32\drivers\ps7aq6eb.sys

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
NOD32 3639 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.25 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.25 -
Rozšiřující informace
File size: 68744 bytes
MD5...: bbbe465ebfb7d633ced4a6408387ff31
SHA1..: 954b1f372e5dcb29956c0b45f3b58683ce94b7c6
SHA256: e709aefce3f0eb994727c5c3f1d3fffa77459b9c7ddc6487a29a8e02cfd763f6
SHA512: cedcadf685d460784fa67191647eb2d9049307f9d743fb0a94949596c83befce
7a7f20b90cb7b8bce1367e78180b12ff0cca790e32722eba5af04ba278965706

ssdeep: 1536:TB8yYmvZ3AdGIlquLoqna6y4GflxR0BMuV6yOk9L7v:TB8yYmvZ3AdGIDlf
8EBMuV6yOQ

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x191c0
timedatestamp.....: 0x47f488cf (Thu Apr 03 07:35:43 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1156 0x1200 6.18 6e977b890b5a3f2bde17287a60698cd2
.rdata 0x3000 0x160d 0x1800 4.78 2a942441a50ba59ffa0936d7f7560466
.data 0x5000 0x3cc 0x200 0.63 d2e116575be99730bd600741d4970811
.lisign2 0x6000 0x108 0x200 4.59 0111f60bf10e4aea93f6bb433594ed60
PAGEI 0x7000 0x2202 0x2400 5.34 c78c51307ac0e887da8d0a11bffb2339
PAGE 0xa000 0x8734 0x8800 6.49 4889589f90c890d73089746edc516d35
.xinit 0x13000 0x12a 0x200 3.37 1fa2be0cc54f8ee2290337d7bd3782a2
.rsrc 0x14000 0x630 0x800 2.85 457828f8b8ec8287e976185e4af1b57c
.xreloc 0x15000 0x9f4 0xa00 6.13 9f5a6ea44686e1d7a82c28c1fc146467

( 1 imports )
> ntoskrnl.exe: MmSystemRangeStart, ZwQuerySystemInformation, ExFreePoolWithTag, ExAllocatePoolWithTag, MmGetSystemRoutineAddress, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, PsGetVersion, KeBugCheckEx

( 0 exports )

[jaro3]

Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
c:\windows\unvise32.exe
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
c:\windows\bwUnin-8.1.1.50-8876480SL.exe

po restartu novy log z avengeru, stejne tak si zopakuj Combofix,
Co ty soubory na virustotal?

//EDIT :už to vidím ,,koukni na to :c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
co to tam vlastně je.

[roman]

Obnov v ovládacích panelech, nastavení internetu všechno na default nastavení.

nějak to nemůžu najít v tech ovl.panelech

[majkll]

ovládací panely --->možnosti internetu

[roman]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP" is a folder, not a file!
Deletion of file "c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "c:\windows\unvise32.exe" deleted successfully.

Error: "c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP" is a folder, not a file!
Deletion of file "c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Error: file "c:\windows\bwUnin-8.1.1.50-8876480SL.exe" not found!
Deletion of file "c:\windows\bwUnin-8.1.1.50-8876480SL.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[roman]

možnosti internetu nacházím ale to default nastavení ne

[roman]

to centrum zabezpečení mě už zase jde