No ještě to není v pořádku.
Počkej chvilku dokud nezkontroluji log z ComboFixu.
zmizely mi všechny ikony na plose i panel nabídky START
Omlouvám se že píšu později.
Spusť Notepad (Poznámkový blok) a vlož do něj text z bílého políčka:
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
Tyto soubory nechej otestovat na Virustotalu (trošku se však změnil design stránky):
C:\WINDOWS\system32\MSCOMCT2.OCX
C:\WINDOWS\system32\TempDel.EXE
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\kbdjpn.dll
C:\Documents and Settings\Renda\mqdmserd.sys
A zkopíruj sem výsledky.
Spusť Notepad (Poznámkový blok) a vlož do něj text z bílého políčka:
Kód: Vybrat vše
File::
C:\DOCUME~1\RB\LOCALS~1\Temp\pidayrry23456.dll
C:\WINDOWS\system32\wingdm32.dll
DirLook::
C:\Program Files\Aruzsmhe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
Tyto soubory nechej otestovat na Virustotalu (trošku se však změnil design stránky):
C:\WINDOWS\system32\MSCOMCT2.OCX
C:\WINDOWS\system32\TempDel.EXE
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\kbdjpn.dll
C:\Documents and Settings\Renda\mqdmserd.sys
A zkopíruj sem výsledky.
Technická poznámka: mít ikony na ploše je pěkný humus (takže ti třeba ten vir naznačuje, že tam máš bordel a už se na to nemůže dívat 
), osobně tam mám jen koš, vše ostatní schované (asi 500 ikon) za horní hranou plochy v panelu Drag Strip, za pravou hranou panel SideBar (Win XP) s nástroji a pod dolní hranou Win panel:
), osobně tam mám jen koš, vše ostatní schované (asi 500 ikon) za horní hranou plochy v panelu Drag Strip, za pravou hranou panel SideBar (Win XP) s nástroji a pod dolní hranou Win panel:
log z combofix
ComboFix 07-12-08.1 - RB 2007-12-09 2:28:51.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.611 [GMT 1:00]
Running from: C:\Documents and Settings\RB\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\RB\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\DOCUME~1\RB\LOCALS~1\Temp\pidayrry23456.dll
C:\WINDOWS\system32\wingdm32.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-08 17:28 . 2007-12-08 18:19 0 --a------ C:\23990098.$$$
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-12-08 17:21 . 2007-12-08 18:18 26 --a------ C:\WINDOWS\Lic.xxx
2007-12-08 17:19 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2007-12-08 17:19 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-12-08 01:19 . 2007-12-08 01:19 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Data aplikací\Talkback
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Plocha
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolní tiskárny
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolní síť
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Oblíbené položky
2007-12-08 01:14 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Šablony
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Administrator.ABCDEF-123456\Nabídka Start
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Dokumenty
2007-12-08 01:14 . 2007-12-08 01:19 <DIR> dr-h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Data aplikací
2007-12-08 00:43 . 2007-12-08 00:43 <DIR> d-------- C:\Program Files\Aruzsmhe
2007-12-06 14:22 . 2007-12-06 14:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-06 14:22 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-06 14:21 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2007-12-06 14:19 . 2007-12-06 14:19 32 --a------ C:\WINDOWS\camtasia.v.5.INI
2007-12-06 12:52 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\TechSmith
2007-12-06 12:52 . 2007-12-06 12:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TechSmith
2007-12-06 10:23 . 2007-09-04 14:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2007-12-05 11:18 . 2007-12-08 00:44 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Abvent
2007-12-05 11:18 . 2007-12-05 22:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Abvent
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 00:17 . 2007-12-04 00:17 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 00:17 . 2007-12-04 09:35 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\BSplayer PRO
2007-12-03 23:28 . 2007-12-03 23:28 <DIR> d-------- C:\Program Files\Gabest
2007-12-03 21:26 . 2007-12-03 21:26 <DIR> d-------- C:\Program Files\Google
2007-12-01 21:01 . 2007-12-01 21:01 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Alien Skin
2007-12-01 12:46 . 2007-12-01 18:39 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Alien Skin
2007-12-01 11:59 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-01 11:59 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-01 10:02 . 2007-12-01 13:54 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\ICQ
2007-12-01 09:56 . 2007-12-01 09:56 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Talkback
2007-12-01 09:49 . 2007-12-02 14:29 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Plocha
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolní tiskárny
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolní síť
2007-12-01 09:49 . 2007-12-01 09:49 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Oblíbené položky
2007-12-01 09:49 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Šablony
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Nabídka Start
2007-12-01 09:49 . 2007-12-02 13:19 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Dokumenty
2007-12-01 09:49 . 2007-12-01 09:49 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Comodo
2007-12-01 09:49 . 2007-12-01 12:46 <DIR> dr-h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací
2007-12-01 09:49 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 09:43 . 2007-12-01 09:43 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-27 11:18 . 2007-11-27 11:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-11-25 20:06 . 2007-11-28 21:34 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Move Networks
2007-11-25 20:03 . 2007-11-25 20:03 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Talkback
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-23 19:17 . 2006-11-13 13:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-23 19:17 . 2007-02-27 13:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-23 19:11 . 2007-11-23 19:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BVRP Software
2007-11-23 17:01 . 2007-11-23 17:01 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Jasc
2007-11-23 16:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 13:33 . 2007-11-23 13:33 <DIR> d-------- C:\Program Files\COMODO
2007-11-23 13:33 . 2007-11-23 13:33 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-23 13:33 . 2007-11-23 13:33 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-23 13:33 . 2007-11-23 13:33 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-21 23:46 . 2007-11-21 23:46 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\dvdcss
2007-11-20 11:47 . 2007-11-30 12:16 7,780 --a------ C:\Documents and Settings\RB\FMCodec.dat
2007-11-20 01:57 . 2007-11-20 02:05 <DIR> d-------- C:\WFDB
2007-11-20 01:22 . 2007-11-20 01:57 <DIR> d-------- C:\Program Files\WinFast
2007-11-20 00:37 . 2007-11-20 00:39 <DIR> d-------- C:\WINDOWS\NV20643276.TMP
2007-11-20 00:37 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-20 00:28 . 2007-11-20 00:29 <DIR> d-------- C:\WINDOWS\NV28563184.TMP
2007-11-19 23:36 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-11-19 23:20 . 2007-11-19 23:20 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-19 23:20 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-11-19 22:52 . 2001-12-19 15:47 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE
2007-11-19 22:52 . 2005-01-06 16:55 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 11:55 --------- d-----w C:\Documents and Settings\RB\Data aplikací\uTorrent
2007-12-06 11:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 09:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 08:15 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Ahead
2007-11-28 10:30 --------- d-----w C:\Documents and Settings\RB\Data aplikací\ICQ
2007-11-27 10:18 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-25 17:41 --------- d-----w C:\Program Files\EurotelSMS
2007-11-23 15:53 --------- d-----w C:\Program Files\Java
2007-11-23 12:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Comodo
2007-11-23 12:33 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Comodo
2007-11-19 22:36 --------- d-----w C:\Program Files\Ulead Systems
2007-11-19 16:08 --------- d-----w C:\Program Files\Apple Software Update
2007-11-15 08:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-15 06:49 --------- d-----w C:\Program Files\MagicISO
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-12 05:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-12 05:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-12 05:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-11-12 05:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 05:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-12 05:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-12 05:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 05:51 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-12 05:51 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-08 20:08 --------- d-----w C:\Documents and Settings\RB\Data aplikací\K-Meleon
2007-11-08 19:35 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Thinstall
2007-11-08 18:55 --------- d-----w C:\Documents and Settings\RB\Data aplikací\vlc
2007-11-08 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DVD Shrink
2007-11-08 16:53 --------- d-----w C:\Program Files\DVD Shrink
2007-11-08 15:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ulead Systems
2007-11-08 15:09 --------- d-----w C:\Documents and Settings\RB\Data aplikací\CyberLink
2007-11-08 14:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ahead
2007-11-07 20:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 18:00 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-07 17:56 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-07 17:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2007-11-07 17:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 16:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
2007-11-07 16:40 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Jasc Software Inc
2007-11-07 16:29 --------- d-----w C:\Program Files\Torrent Harvester
2007-11-07 16:00 --------- d-----w C:\Program Files\MSBuild
2007-11-07 15:56 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-07 15:15 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Photodex
2007-11-07 15:02 --------- d-----w C:\Documents and Settings\RB\Data aplikací\iWin
2007-11-06 23:06 --------- d-----w C:\Program Files\Venturi2
2007-11-05 14:40 --------- d-----w C:\Program Files\ICQToolbar
2007-11-04 16:37 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\GetRightToGo
2007-11-03 19:39 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\XnView
2007-11-03 15:53 --------- d-----w C:\Program Files\Driver Magician
2007-11-01 16:56 --------- d-----w C:\Program Files\Realtek
2007-11-01 14:50 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-01 14:50 --------- d-----w C:\Program Files\LiveUpdate
2007-11-01 13:38 4,620,288 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-10-30 16:58 --------- d-----w C:\Documents and Settings\NetworkService\Data aplikací\Ahead
2007-10-27 10:58 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\uk.co.planetside
2007-10-27 10:29 --------- d-----w C:\Program Files\Terragen
2007-10-27 10:23 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\LimeWire
2007-10-27 08:40 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\Azureus
2007-10-26 16:48 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\Ahead
2007-10-26 16:15 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\CyberLink
2007-10-26 15:46 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\PC Suite
2007-10-26 07:01 --------- d-----w C:\Program Files\GameHouse
2007-10-26 06:34 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\dvdcss
2007-10-25 14:35 --------- d-----w C:\Program Files\FDRLab
2007-10-25 10:57 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 22:04 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\uTorrent
2007-10-20 00:56 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Aruzsmhe ----
((((((((((((((((((((((((((((( snapshot@2007-12-08_19.37.41.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-09 00:50:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"PeerGuardian"="E:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 10:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 10:10]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-23 13:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
R3 pgfilter;pgfilter;\??\E:\Program Files\PeerGuardian2\pgfilter.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\E:\Program Files\CyberLink\PowerDVD\000.fcl
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 19:02:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 02:41:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 2:41:46
C:\ComboFix2.txt ... 2007-12-08 19:38
.
--- E O F ---
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.611 [GMT 1:00]
Running from: C:\Documents and Settings\RB\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\RB\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\DOCUME~1\RB\LOCALS~1\Temp\pidayrry23456.dll
C:\WINDOWS\system32\wingdm32.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-08 17:28 . 2007-12-08 18:19 0 --a------ C:\23990098.$$$
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-12-08 17:26 . 2007-12-08 17:26 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-12-08 17:21 . 2007-12-08 18:18 26 --a------ C:\WINDOWS\Lic.xxx
2007-12-08 17:19 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2007-12-08 17:19 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-12-08 01:19 . 2007-12-08 01:19 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Data aplikací\Talkback
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Plocha
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolní tiskárny
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Okolní síť
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Oblíbené položky
2007-12-08 01:14 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Šablony
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Administrator.ABCDEF-123456\Nabídka Start
2007-12-08 01:14 . 2007-11-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator.ABCDEF-123456\Dokumenty
2007-12-08 01:14 . 2007-12-08 01:19 <DIR> dr-h----- C:\Documents and Settings\Administrator.ABCDEF-123456\Data aplikací
2007-12-08 00:43 . 2007-12-08 00:43 <DIR> d-------- C:\Program Files\Aruzsmhe
2007-12-06 14:22 . 2007-12-06 14:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-06 14:22 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-06 14:21 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2007-12-06 14:19 . 2007-12-06 14:19 32 --a------ C:\WINDOWS\camtasia.v.5.INI
2007-12-06 12:52 . 2007-12-06 14:21 <DIR> d-------- C:\Program Files\TechSmith
2007-12-06 12:52 . 2007-12-06 12:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TechSmith
2007-12-06 10:23 . 2007-09-04 14:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2007-12-05 11:18 . 2007-12-08 00:44 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Abvent
2007-12-05 11:18 . 2007-12-05 22:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Abvent
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 00:17 . 2007-12-04 00:17 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 00:17 . 2007-12-04 09:35 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\BSplayer PRO
2007-12-03 23:28 . 2007-12-03 23:28 <DIR> d-------- C:\Program Files\Gabest
2007-12-03 21:26 . 2007-12-03 21:26 <DIR> d-------- C:\Program Files\Google
2007-12-01 21:01 . 2007-12-01 21:01 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Alien Skin
2007-12-01 12:46 . 2007-12-01 18:39 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Alien Skin
2007-12-01 11:59 . 2004-08-17 15:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-01 11:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-01 11:59 . 2001-10-24 12:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-01 10:02 . 2007-12-01 13:54 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\ICQ
2007-12-01 09:56 . 2007-12-01 09:56 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Talkback
2007-12-01 09:49 . 2007-12-02 14:29 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Plocha
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolní tiskárny
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Okolní síť
2007-12-01 09:49 . 2007-12-01 09:49 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Oblíbené položky
2007-12-01 09:49 . 2007-11-07 00:32 <DIR> d--h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Šablony
2007-12-01 09:49 . 2007-11-07 01:23 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Nabídka Start
2007-12-01 09:49 . 2007-12-02 13:19 <DIR> dr------- C:\Documents and Settings\Lucy.ABCDEF-123456\Dokumenty
2007-12-01 09:49 . 2007-12-01 09:49 <DIR> d-------- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací\Comodo
2007-12-01 09:49 . 2007-12-01 12:46 <DIR> dr-h----- C:\Documents and Settings\Lucy.ABCDEF-123456\Data aplikací
2007-12-01 09:49 . 2004-08-17 14:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 09:43 . 2007-12-01 09:43 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-27 11:18 . 2007-11-27 11:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-11-25 20:06 . 2007-11-28 21:34 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Move Networks
2007-11-25 20:03 . 2007-11-25 20:03 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Talkback
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-23 19:21 . 2007-11-23 19:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-23 19:17 . 2006-11-13 13:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-23 19:17 . 2007-02-27 13:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-23 19:11 . 2007-11-23 19:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BVRP Software
2007-11-23 17:01 . 2007-11-23 17:01 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\Jasc
2007-11-23 16:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 13:33 . 2007-11-23 13:33 <DIR> d-------- C:\Program Files\COMODO
2007-11-23 13:33 . 2007-11-23 13:33 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-23 13:33 . 2007-11-23 13:33 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-23 13:33 . 2007-11-23 13:33 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-21 23:46 . 2007-11-21 23:46 <DIR> d-------- C:\Documents and Settings\RB\Data aplikací\dvdcss
2007-11-20 11:47 . 2007-11-30 12:16 7,780 --a------ C:\Documents and Settings\RB\FMCodec.dat
2007-11-20 01:57 . 2007-11-20 02:05 <DIR> d-------- C:\WFDB
2007-11-20 01:22 . 2007-11-20 01:57 <DIR> d-------- C:\Program Files\WinFast
2007-11-20 00:37 . 2007-11-20 00:39 <DIR> d-------- C:\WINDOWS\NV20643276.TMP
2007-11-20 00:37 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-20 00:28 . 2007-11-20 00:29 <DIR> d-------- C:\WINDOWS\NV28563184.TMP
2007-11-19 23:36 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-11-19 23:20 . 2007-11-19 23:20 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-11-19 23:20 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-11-19 22:52 . 2001-12-19 15:47 49,152 --a------ C:\WINDOWS\system32\TempDel.EXE
2007-11-19 22:52 . 2005-01-06 16:55 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 11:55 --------- d-----w C:\Documents and Settings\RB\Data aplikací\uTorrent
2007-12-06 11:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 09:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 08:15 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Ahead
2007-11-28 10:30 --------- d-----w C:\Documents and Settings\RB\Data aplikací\ICQ
2007-11-27 10:18 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-25 17:41 --------- d-----w C:\Program Files\EurotelSMS
2007-11-23 15:53 --------- d-----w C:\Program Files\Java
2007-11-23 12:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Comodo
2007-11-23 12:33 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Comodo
2007-11-19 22:36 --------- d-----w C:\Program Files\Ulead Systems
2007-11-19 16:08 --------- d-----w C:\Program Files\Apple Software Update
2007-11-15 08:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-15 06:49 --------- d-----w C:\Program Files\MagicISO
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-12 05:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-12 05:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-12 05:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-11-12 05:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 05:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-12 05:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-12 05:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 05:51 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-12 05:51 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-08 20:08 --------- d-----w C:\Documents and Settings\RB\Data aplikací\K-Meleon
2007-11-08 19:35 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Thinstall
2007-11-08 18:55 --------- d-----w C:\Documents and Settings\RB\Data aplikací\vlc
2007-11-08 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DVD Shrink
2007-11-08 16:53 --------- d-----w C:\Program Files\DVD Shrink
2007-11-08 15:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ulead Systems
2007-11-08 15:09 --------- d-----w C:\Documents and Settings\RB\Data aplikací\CyberLink
2007-11-08 14:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Ahead
2007-11-07 20:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 18:00 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-07 17:56 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-07 17:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2007-11-07 17:44 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 16:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\CyberLink
2007-11-07 16:40 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Jasc Software Inc
2007-11-07 16:29 --------- d-----w C:\Program Files\Torrent Harvester
2007-11-07 16:00 --------- d-----w C:\Program Files\MSBuild
2007-11-07 15:56 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-07 15:15 --------- d-----w C:\Documents and Settings\RB\Data aplikací\Photodex
2007-11-07 15:02 --------- d-----w C:\Documents and Settings\RB\Data aplikací\iWin
2007-11-06 23:06 --------- d-----w C:\Program Files\Venturi2
2007-11-05 14:40 --------- d-----w C:\Program Files\ICQToolbar
2007-11-04 16:37 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\GetRightToGo
2007-11-03 19:39 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\XnView
2007-11-03 15:53 --------- d-----w C:\Program Files\Driver Magician
2007-11-01 16:56 --------- d-----w C:\Program Files\Realtek
2007-11-01 14:50 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-01 14:50 --------- d-----w C:\Program Files\LiveUpdate
2007-11-01 13:38 4,620,288 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-10-30 16:58 --------- d-----w C:\Documents and Settings\NetworkService\Data aplikací\Ahead
2007-10-27 10:58 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\uk.co.planetside
2007-10-27 10:29 --------- d-----w C:\Program Files\Terragen
2007-10-27 10:23 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\LimeWire
2007-10-27 08:40 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\Azureus
2007-10-26 16:48 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\Ahead
2007-10-26 16:15 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\CyberLink
2007-10-26 15:46 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\PC Suite
2007-10-26 07:01 --------- d-----w C:\Program Files\GameHouse
2007-10-26 06:34 --------- d-----w C:\Documents and Settings\Lucy\Data aplikací\dvdcss
2007-10-25 14:35 --------- d-----w C:\Program Files\FDRLab
2007-10-25 10:57 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 22:04 --------- d-----w C:\Documents and Settings\Renda\Data aplikací\uTorrent
2007-10-20 00:56 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Aruzsmhe ----
((((((((((((((((((((((((((((( snapshot@2007-12-08_19.37.41.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-09 00:50:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"PeerGuardian"="E:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 10:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 10:10]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-23 13:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
R3 pgfilter;pgfilter;\??\E:\Program Files\PeerGuardian2\pgfilter.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\E:\Program Files\CyberLink\PowerDVD\000.fcl
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 19:02:28 C:\WINDOWS\Tasks\AwcProUpdate.job"
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- E:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 02:41:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 2:41:46
C:\ComboFix2.txt ... 2007-12-08 19:38
.
--- E O F ---
stalo se mi to same - zadne ikony a nabidka start s radkem
Ahoj Sakiri,
prosím Te mohl by ses mi také podívat na ten log z ComboFixu, zatim jsem to proskenoval Avastem a vypadá to, že tam nic není. Absolutně nechápu volbu těch řádků co se následně "vkládají do ComboFixu" -CFScript.
Díky Cedrela
prosím Te mohl by ses mi také podívat na ten log z ComboFixu, zatim jsem to proskenoval Avastem a vypadá to, že tam nic není. Absolutně nechápu volbu těch řádků co se následně "vkládají do ComboFixu" -CFScript.
Díky Cedrela
log z combofixu
Ahoj, takže jsem to včera tim combixem projel (avast nic nenašel).
potom se počítač combofixem restartoval:
Comodo Firewall Pro mi oznámil dvě aktivity:
1. C:/windows/system32/csrcipt.exe ha tried to use c:/windows/system32/svchost.exe throught ole automation, which can be used to hijack other application
2. C:/combofix/listdlls.cfexe modified the memory of the parent application c:/windows/explorer.exe in memory
Vzhledem k tomu, že jsem po projeti Combofixem neprovedl to vlozeni CFScriptu do Combifixu, na obe aktivity jsem dal Deny.
Log byl nasledujici:
ComboFix 07-12-09.1 - Filip 2007-12-09 22:39:20.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Filip\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\nnnllkh.dll
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-09 15:30 . 2007-12-09 15:30 <DIR> d-------- C:\Program Files\WinISO
2007-12-03 21:35 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-11-14 12:16 . 2007-11-14 12:16 <DIR> d-------- C:\WINDOWS\XXLGS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 11:55 1,132 ----a-w C:\Program Files\uninstal.log
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:35 293 ----a-w C:\Program Files\Risoo.lnk
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-19 13:49 --------- d-----w C:\Program Files\Microsoft Works
2007-09-24 10:13 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
1998-06-03 23:00 2,459 ----a-w C:\Program Files\Scrrun.dep
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"pdfSaver3"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"COMODO Firewall Pro"="D:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-25 15:43]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 12:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 22:44:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 22:46:12 - machine was rebooted
.
--- E O F ---
Prosim Te mohl by si mi teda napsat. co do toho CFScriptu mam dat?
Moc bych uvítal Tvou pomoc, Díky Cedrela
P.S. Kdyz jsem se podival do logu Comodo Firewallu Activity zjistil jsem, že ten program co me infikoval provedl i - modified the memory of the parent application c:/windows/system32/winlogon.exe in memory - Combofix, ale ten Winlogon.exe nejak neresi, tak doufam ze to v poradku
potom se počítač combofixem restartoval:
Comodo Firewall Pro mi oznámil dvě aktivity:
1. C:/windows/system32/csrcipt.exe ha tried to use c:/windows/system32/svchost.exe throught ole automation, which can be used to hijack other application
2. C:/combofix/listdlls.cfexe modified the memory of the parent application c:/windows/explorer.exe in memory
Vzhledem k tomu, že jsem po projeti Combofixem neprovedl to vlozeni CFScriptu do Combifixu, na obe aktivity jsem dal Deny.
Log byl nasledujici:
ComboFix 07-12-09.1 - Filip 2007-12-09 22:39:20.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Filip\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\nnnllkh.dll
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-09 15:30 . 2007-12-09 15:30 <DIR> d-------- C:\Program Files\WinISO
2007-12-03 21:35 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-11-14 12:16 . 2007-11-14 12:16 <DIR> d-------- C:\WINDOWS\XXLGS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 11:55 1,132 ----a-w C:\Program Files\uninstal.log
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:35 293 ----a-w C:\Program Files\Risoo.lnk
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-19 13:49 --------- d-----w C:\Program Files\Microsoft Works
2007-09-24 10:13 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
1998-06-03 23:00 2,459 ----a-w C:\Program Files\Scrrun.dep
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"pdfSaver3"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"COMODO Firewall Pro"="D:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-25 15:43]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 12:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 22:44:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 22:46:12 - machine was rebooted
.
--- E O F ---
Prosim Te mohl by si mi teda napsat. co do toho CFScriptu mam dat?
Moc bych uvítal Tvou pomoc, Díky Cedrela
P.S. Kdyz jsem se podival do logu Comodo Firewallu Activity zjistil jsem, že ten program co me infikoval provedl i - modified the memory of the parent application c:/windows/system32/winlogon.exe in memory - Combofix, ale ten Winlogon.exe nejak neresi, tak doufam ze to v poradku
Omlouvám se že píšu pozdě.
Do CFScript.txt vlož:
A vlož sem log po skončení operace.
Tyto soubory nechej otestovat na Virustotalu:
C:\Program Files\Risoo.lnk
C:\Program Files\Scrrun.dep
A zkopíruj sem výsledky.
Do CFScript.txt vlož:
Kód: Vybrat vše
DirLook::
C:\WINDOWS\XXLGSA vlož sem log po skončení operace.
Tyto soubory nechej otestovat na Virustotalu:
C:\Program Files\Risoo.lnk
C:\Program Files\Scrrun.dep
A zkopíruj sem výsledky.
opozdene vysledky testu
Ahoj Sakiri,
díky moc za odpověď , bohužel jsem se k té záležitosti dostal až teď, udělal jsem co jsi napsal musel jsem jiz pouzit novou verzi Combofixu:
vysledky:
ComboFix 07-12-21.4 - Filip 2007-12-22 12:52:51.3 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.78 [GMT 1:00]
Running from: C:\Documents and Settings\Filip\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Filip\Plocha\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.
2007-12-22 10:00 . 2007-12-22 10:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-22 09:53 . 2007-12-22 12:06 67 --a------ C:\WINDOWS\AVIConverter.INI
2007-12-09 15:30 . 2007-12-09 15:30 <DIR> d-------- C:\Program Files\WinISO
2007-12-03 21:35 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 11:55 1,132 ----a-w C:\Program Files\uninstal.log
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:35 293 ----a-w C:\Program Files\Risoo.lnk
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:01 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-24 07:32 --------- d-----w C:\Documents and Settings\Filip\Data aplikací\ICQ
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-09-24 10:13 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
1998-06-03 23:00 2,459 ----a-w C:\Program Files\Scrrun.dep
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\XXLGS ----
2007-11-14 12:16 86016 --a------ C:\WINDOWS\XXLGS\STXZIP32.DLL
2007-11-14 12:16 36864 --a------ C:\WINDOWS\XXLGS\REG.EXE
2007-11-14 12:16 270336 --a------ C:\WINDOWS\XXLGS\UN32.EXE
2007-11-14 12:16 130 --a------ C:\WINDOWS\XXLGS\UN32.INI
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"pdfSaver3"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"COMODO Firewall Pro"="D:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-25 15:43]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 12:00]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
Server4PC.lnk - D:\Program Files\TechniSat DVB\bin\Server4PC.exe [2007-09-17 09:20:25]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 12:00]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 11:56]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 12:00]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 12:54:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 12:54:38
C:\ComboFix3.txt ... 2007-12-09 22:46
C:\ComboFix2.txt ... 2007-12-10 15:00
.
2007-12-22 09:00:56 --- E O F ---
Vec, co se mi nezdá je, že Combofix zase neco po skonceni upravoval (oznameni Comodo Firewall Pro) tentokrat souborem catchme.exe, snad je to v poradku.
Pěkné Vánoce
Cedrela
díky moc za odpověď , bohužel jsem se k té záležitosti dostal až teď, udělal jsem co jsi napsal musel jsem jiz pouzit novou verzi Combofixu:
vysledky:
ComboFix 07-12-21.4 - Filip 2007-12-22 12:52:51.3 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.78 [GMT 1:00]
Running from: C:\Documents and Settings\Filip\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Filip\Plocha\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.
2007-12-22 10:00 . 2007-12-22 10:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-22 09:53 . 2007-12-22 12:06 67 --a------ C:\WINDOWS\AVIConverter.INI
2007-12-09 15:30 . 2007-12-09 15:30 <DIR> d-------- C:\Program Files\WinISO
2007-12-03 21:35 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 11:55 1,132 ----a-w C:\Program Files\uninstal.log
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 20:35 293 ----a-w C:\Program Files\Risoo.lnk
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:01 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-24 07:32 --------- d-----w C:\Documents and Settings\Filip\Data aplikací\ICQ
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:14 660,480 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:14 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:14 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-09-24 10:13 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
1998-06-03 23:00 2,459 ----a-w C:\Program Files\Scrrun.dep
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\XXLGS ----
2007-11-14 12:16 86016 --a------ C:\WINDOWS\XXLGS\STXZIP32.DLL
2007-11-14 12:16 36864 --a------ C:\WINDOWS\XXLGS\REG.EXE
2007-11-14 12:16 270336 --a------ C:\WINDOWS\XXLGS\UN32.EXE
2007-11-14 12:16 130 --a------ C:\WINDOWS\XXLGS\UN32.INI
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"pdfSaver3"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 12:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"COMODO Firewall Pro"="D:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-25 15:43]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 12:00]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
Server4PC.lnk - D:\Program Files\TechniSat DVB\bin\Server4PC.exe [2007-09-17 09:20:25]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 12:00]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 11:56]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 12:00]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 12:54:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 12:54:38
C:\ComboFix3.txt ... 2007-12-09 22:46
C:\ComboFix2.txt ... 2007-12-10 15:00
.
2007-12-22 09:00:56 --- E O F ---
Vec, co se mi nezdá je, že Combofix zase neco po skonceni upravoval (oznameni Comodo Firewall Pro) tentokrat souborem catchme.exe, snad je to v poradku.
Pěkné Vánoce
Cedrela
jeste k tomu catchme
To přesné hlášení je c:\combofix\catchme.cfexe has modiefied the parent application explorer.exe in memory. This is typical of Virus Trojan and Sypyware behaviour... - když se to opravovalo poprvé (přepodkládám, že to je opravný soubor Combofixu) tak to bylo jasné (infenkce tam byla a předtim to pozmenila). Tentokrát to ale nechápu, když tam Combofix už nic nenašel.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů