Prosím pomoooc.. Windows stávkuje (vyřešeno)

guest · Příspěvekod **guest** » 08 led 2008 14:00

Je to verze 9.6.4. Musím ale dodat, že před scanováním jsem ji aktualizoval a teď to jenom scanuje??? Až to projedu, zkusím, co to udělá bez aktualizace - tak za 30 minut.

Reklama

BROZA · Příspěvekod **BROZA** » 08 led 2008 14:03

Udělal jsem to bez aktualizace a nechodí. Jen testuje.

vasek.plansky · Příspěvekod **vasek.plansky** » 08 led 2008 15:06

Ještě sem zapoměl na tohle

http://www.filefactory.com/file/90332e/

BROZA · Příspěvekod **BROZA** » 08 led 2008 15:43

No tak to je jiná. Ted už to chodí tak jak má :lol:

vasek.plansky · Příspěvekod **vasek.plansky** » 08 led 2008 15:54

no počítač pořád stávkuje.. :smile:

ta cesta odkazuje na prázdnou složku.

Takhle vypadá mů poslední log z CF:

ComboFix 08-01-04.1 - Administrator 2008-01-08 15:22:59.8 - FAT32x86 MINIMAL
Running from: C:\Program Files\Combofix\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 15:16 . 2008-01-08 15:16 60,416 --a------ C:\WINDOWS\system32\drivers\eitxdwfb.sys
2008-01-08 15:16 . 2008-01-08 15:16 1,080 --a------ C:\bxlmqnfb.bat
2008-01-08 14:57 . 2008-01-08 14:57 <DIR> d-------- C:\Program Files\IceSword122en
2008-01-08 13:31 . <DIR> C:\Documents and Settings\VaÜek\Local Settings
2008-01-08 13:31 . <DIR> C:\Documents and Settings\VaÜek\Local Settings
2008-01-08 12:59 . 2008-01-08 12:59 60,416 --a------ C:\WINDOWS\system32\drivers\yvlchsts.sys
2008-01-08 12:59 . 2008-01-08 12:59 1,080 --a------ C:\yljqscvj.bat
2008-01-08 12:30 . 2008-01-08 12:35 1,056,768 --a------ C:\WINDOWS\sectest.db
2008-01-08 12:05 . 2008-01-08 12:05 <DIR> d-------- C:\Program Files\Dial-a-fix-v0.60.0.24
2008-01-07 22:38 . 2008-01-08 14:02 50 --a------ C:\23990098.$$$
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-07 22:36 . 2008-01-07 22:36 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-07 22:35 . 2004-08-18 20:00 147,968 --a------ C:\WINDOWS\R.COM
2008-01-07 22:35 . 2004-08-18 20:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-07 22:35 . 2008-01-08 14:00 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-07 22:31 . 2008-01-07 22:31 60,416 --a------ C:\WINDOWS\system32\drivers\jbqajryq.sys
2008-01-07 22:31 . 2008-01-07 22:31 1,080 --a------ C:\rvbrajjm.bat
2008-01-07 16:18 . 2008-01-07 16:18 1,080 --a------ C:\xyfanniv.bat
2008-01-07 16:17 . 2008-01-07 16:17 60,416 --a------ C:\WINDOWS\system32\drivers\nicketos.sys
2008-01-07 16:17 . 2008-01-07 16:18 60,416 --a------ C:\WINDOWS\system32\drivers\mublqetw.sys
2008-01-07 16:11 . 2008-01-07 16:11 60,416 --a------ C:\WINDOWS\system32\drivers\mckgpcqq.sys
2008-01-07 16:11 . 2008-01-07 16:11 1,080 --a------ C:\tydbkmed.bat
2008-01-07 15:46 . 2008-01-07 15:46 126,976 --a------ C:\zip.exe
2008-01-07 15:46 . 2008-01-07 15:46 1,080 --a------ C:\uwdymbid.bat
2008-01-07 15:45 . 2008-01-07 15:45 <DIR> d-------- C:\Program Files\Avenger
2008-01-07 09:58 . 2008-01-07 09:58 7,412 --a------ C:\WINDOWS\SEC8F3.PNF
2008-01-07 09:56 . 2004-08-17 15:49 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2008-01-07 09:56 . 2004-08-17 15:49 32,256 --a------ C:\WINDOWS\system32\snmp.exe
2008-01-07 09:56 . 2004-08-17 15:49 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2008-01-07 09:55 . 2008-01-07 09:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-07 09:55 . 2004-08-17 15:49 105,472 --a------ C:\WINDOWS\system32\evntagnt.dll
2008-01-07 09:55 . 2004-08-17 15:49 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2008-01-07 09:54 . 2008-01-07 09:54 <DIR> d-------- C:\WINDOWS\EHome
2008-01-06 11:35 . 2008-01-06 11:45 6 --a------ C:\ISACER.ID
2008-01-06 10:25 . 2008-01-06 10:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-06 00:45 . 2008-01-06 00:45 <DIR> d-------- C:\Program Files\Combofix
2008-01-06 00:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 00:22 . 2008-01-06 00:23 5,959,487 --a------ C:\WINDOWS\REGBK00.ZIP
2008-01-06 00:21 . 2008-01-06 00:21 <DIR> d-------- C:\Program Files\MWAV
2008-01-02 13:18 . 2008-01-02 13:18 <DIR> d-------- C:\Program Files\Java
2007-12-26 10:31 . 2007-12-26 10:31 <DIR> d-------- C:\Program Files\Opera
2007-12-25 11:36 . 2007-12-25 11:37 <DIR> d-------- C:\Program Files\Autodesk
2007-12-18 18:31 . 2007-12-18 18:31 82 --a------ C:\WINDOWS\netdet.ini
2007-12-18 18:30 . 2007-12-18 18:30 <DIR> d-------- C:\Program Files\GeoPol 2005

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:13 79,096 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-23 18:13 23,672 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-23 18:13 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:27 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,464,384 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:50 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:50 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:50 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:50 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:50 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:50 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:50 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:50 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:50 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:50 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:50 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:50 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:50 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:50 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:50 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:50 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:50 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:50 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:50 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:50 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:50 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:50 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:58 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-18 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-05 16:52 921600]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"qgajktjp"="C:\uwdymbid.bat" [2008-01-07 15:46 1080]
"kjvqdfbg"="C:\tydbkmed.bat" [2008-01-07 16:11 1080]
"lpwjakft"="C:\xyfanniv.bat" [2008-01-07 16:18 1080]
"hjvgqpwf"="C:\rvbrajjm.bat" [2008-01-07 22:31 1080]
"SRFirstRun"="srclient.dll" [2004-08-17 15:49 67584 C:\WINDOWS\system32\srclient.dll]
"qdwpitfd"="C:\yljqscvj.bat" [2008-01-08 12:59 1080]
"ajxprspe"="C:\bxlmqnfb.bat" [2008-01-08 15:16 1080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 19:13]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 19:13]
S1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
S2 DK12DRV;DK12 WindowsNT Driver;C:\WINDOWS\system32\Drivers\DK12DRV.SYS [2001-02-13 15:57]
S2 DK3DRV;DK3 Windows NT Driver;C:\WINDOWS\system32\Drivers\DK3DRV.SYS [2002-08-05 10:04]
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
S2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-12-12 10:37]
S3 commiwi;[CommView] Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows 2000;C:\WINDOWS\system32\DRIVERS\commiwi.sys [2006-10-04 16:11]
S3 DK3USB;DK3usb Enabler;C:\WINDOWS\system32\Drivers\DK3USB.sys [2002-08-05 10:04]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 20:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 08:00:02 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 15:28:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-08 15:30:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 14:30:40
ComboFix5.txt 2008-01-07 14:33:54
ComboFix4.txt 2008-01-07 14:56:02
ComboFix3.txt 2008-01-07 15:09:16
ComboFix2.txt 2008-01-08 12:31:04
.
2008-01-07 18:53:22 --- E O F ---
:wink:

vasek.plansky · Příspěvekod **vasek.plansky** » 08 led 2008 23:06

Problém Vyřešen..Odinstaloval sem COMODO FIREWALL PRO a už je vše jako dřív. :smile:

Prosím pomoooc.. Windows stávkuje (vyřešeno) Vyřešeno

Kdo je online