Kontrola logů - podezření na malware, bez příznaků

Problematika virů a antivirů, zabezpečení PC - firewall, spyware, atd.
Odpovědět
quido
Nováček
Nováček
Registrován: 23. bře 2008

Kontrola logů - podezření na malware, bez příznaků

Příspěvek od quido »

Prosím o kontrolu logů, nevím si rady s jedním problémem a ani nevím, jak je to nebezpečné.

Kdy si pustím Autoruns.exe od SystemInternals, v záložce "Drivers" se mi pokaždé ukáže nějaký pofidérní odkaz na neexistující driver. např. takto :

avmaxn2k File not found: C:\WINDOWS\System32\Drivers\avmaxn2k.sys

Po každém restartu je tam něco jiného. Společné mají to, že na webu o takovýchto souborech není vůbec žádná zmínka. Evidentně si něco zkouší vytvořit nějakou knihovnu, ale nedaří se to. Co s tím?
Posílám výpis HijackThis logu, ale tam toho moc není:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:31, on 2008-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BEZPECNOST\ESET Smart Security\ekrn.exe
C:\Program Files\APPS\Firebird\bin\fbguard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APPS\Firebird\bin\fbserver.exe
C:\Program Files\BEZPECNOST\ESET Smart Security\egui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\KOMUNIKACE\Firefox_Port\App\firefox\firefox.exe
C:\Program Files\UTILS\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\KOMUNIKACE\CopernicDesktopSearch2\DesktopSearchBand203000018.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\UTILS\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\komunikace\Java_150_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\komunikace\Java_150_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vernissage.cz
O17 - HKLM\Software\..\Telephony: DomainName = vernissage.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vernissage.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vernissage.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vernissage.cz
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = vernissage.cz
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\UTILS\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\BEZPECNOST\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\BEZPECNOST\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\APPS\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\APPS\Firebird\bin\fbserver.exe
O23 - Service: Agent IKOS (IKOSAGENT) - IKOS Liberec, s.r.o. - C:\Program Files\APPS\Doch3\agent.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\KOMUNIKACE\OpenVPN\bin\openvpnserv.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6572 bytes

Ještě jsem uděla nějaké kontroly pomocí různých nástrojů:
- Spybot - negativní
- PrevX1 - projel jsem celý disk a negativní
- VundoFix - negativní
- ComboFix - podle mě v pořádku, ale jsou tam 2 nesrovnalosti:

2007-08-18 05:34 20 ---h--w D:\documents and Settings\All Users\Data aplikací\PKP_DLea.DAT
2007-08-18 05:30 0 ---ha-w C:\Program Files\Common Files\MSN

Ani ten adresář, ani ten soubor nemůžu najít, přestože vidím na všechny skryté i systémové soubory a složky

Po spuštění se vytvoří v registru nějaký nový klíč k driveru, který v PC neexistuje např. takto:


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ap1yhgdy]
"Start"=dword:00000003
"Type"=dword:00000001
"Group"="SCSI miniport"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ap1yhgdy\Enum]
"0"="ACPI\\PNPA000\\4&6f9ac54e&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ap1yhgdy\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ap1yhgdy\Parameters\PnpInterface]
"0"=dword:00000001


Přikádám ještě výpis z ComboFix.txt
***********************************
ComboFix 08-03-30.4 - martinf 2008-04-01 8:17:22.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1599 [GMT 2:00]
Running from: C:\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: Windir.dat

((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-04-01 00:15 . 2008-04-01 00:00 1,603,486 --a------ C:\ComboFix.exe
2008-03-31 19:55 . 2008-03-31 19:55 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\FastStone
2008-03-29 23:11 . 2008-03-29 23:11 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\GARMIN
2008-03-29 23:05 . 2008-03-29 23:05 <DIR> d-------- C:\Garmin
2008-03-29 16:35 . 2008-04-01 07:46 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\Prevx
2008-03-29 16:35 . 2008-04-01 07:43 <DIR> d-------- C:\Program Files\Prevx1
2008-03-29 16:35 . 2006-12-08 14:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-03-29 16:35 . 2006-12-08 14:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-03-29 16:27 . 2008-03-29 16:27 1,986 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-29 16:11 . 2008-04-01 07:31 <DIR> d-------- D:\Documents and Settings\All Users\Data aplikací\Prevx
2008-03-29 16:04 . 2008-03-29 16:04 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Plocha
2008-03-29 13:57 . 2008-03-29 15:36 <DIR> d-------- C:\VundoFix Backups
2008-03-27 09:16 . 2008-03-27 09:16 0 --a------ C:\WINDOWS\wincmd.ini
2008-03-27 09:09 . 2008-03-27 09:16 16,896 --a------ C:\WINDOWS\system32\DECRYPT.DLL
2008-03-25 09:50 . 2008-03-25 09:50 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-24 19:26 . 2008-03-24 19:26 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-24 16:36 . 2008-03-24 16:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-24 16:03 . 2008-03-24 16:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-24 15:20 . 2004-08-17 15:49 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-03-24 15:20 . 2004-08-17 15:49 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-03-23 23:52 . 2005-05-06 17:08 68,096 --a------ C:\WINDOWS\system32\prjXTab.ocx
2008-03-23 22:14 . 2005-05-25 07:00 90,112 --------- C:\WINDOWS\SDUnInst.exe
2008-03-23 21:10 . 2008-03-23 21:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-23 10:12 . 2008-03-23 10:12 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\Pegtop
2008-03-22 15:15 . 2008-03-22 15:15 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 13:53 . 1997-11-05 22:17 64,000 --a------ C:\WINDOWS\system32\Apigid32.dll
2008-03-22 09:54 . 2004-08-17 15:49 18,432 --a------ C:\WINDOWS\system32\ups.exe
2008-03-22 09:54 . 2004-08-17 15:49 18,432 --a--c--- C:\WINDOWS\system32\dllcache\ups.exe
2008-03-19 18:19 . 2008-03-23 11:56 <DIR> d-------- C:\Program Files\NETWORK
2008-03-18 00:39 . 2008-03-18 00:39 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-17 23:07 . 2008-03-17 23:07 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\r2 Studios
2008-03-17 23:07 . 2008-03-17 23:07 <DIR> d-------- D:\Documents and Settings\All Users\Data aplikací\r2 Studios
2008-03-17 09:16 . 2008-03-17 20:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-16 17:55 . 2008-03-16 18:03 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\ExeDesk
2008-03-16 17:54 . 2008-04-01 07:53 <DIR> d-a------ D:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-14 09:23 . 2008-03-14 09:23 81 --a------ C:\WINDOWS\AbsoluteTelnet.trg
2008-03-14 09:21 . 2008-03-23 11:42 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\AbsoluteTelnet
2008-03-02 22:37 . 2008-03-02 22:38 <DIR> d-------- D:\Documents and Settings\Martinf\Data aplikací\DeepBurner
2008-03-02 02:05 . 2006-08-29 16:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys
2008-03-02 01:35 . 2008-03-02 01:35 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-03-02 00:53 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-02 00:53 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-02 00:53 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-02 00:53 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-03-02 00:53 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 20:07 --------- d-----w C:\Program Files\UTILS
2008-03-31 19:07 --------- d-----w C:\Program Files\BEZPECNOST
2008-03-31 18:07 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\uTorrent
2008-03-31 11:29 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\VMware
2008-03-29 21:05 --------- d-----w C:\Program Files\GARMIN
2008-03-29 20:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 19:07 --------- d-----w C:\Program Files\KOMUNIKACE
2008-03-23 21:46 --------- d-----w C:\Program Files\Vario11
2008-03-23 20:29 --------- d-----w C:\Program Files\GRAFIKA
2008-03-23 07:46 --------- d-----w C:\Program Files\APPS
2008-03-17 11:35 --------- d-----w D:\documents and Settings\All Users\Data aplikací\SecTaskMan
2008-03-16 00:32 --------- d-----w C:\Program Files\INTERNET
2008-03-07 08:16 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\Skype
2008-03-05 11:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 20:21 --------- d-----w C:\Program Files\MULTIMEDIA
2008-03-03 17:19 --------- d-----w D:\documents and Settings\All Users\Data aplikací\VMware
2008-03-03 17:18 --------- d-----w C:\Program Files\VMware
2008-03-02 00:04 --------- d-----w C:\Program Files\Nokia
2008-03-01 23:43 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-01 23:43 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-01 23:39 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\Nokia
2008-03-01 23:30 --------- d-----w D:\documents and Settings\All Users\Data aplikací\Installations
2008-02-17 21:01 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\HTML Executable
2008-02-02 14:00 --------- d-----w D:\documents and Settings\Martinf\Data aplikací\The Bat!
2007-08-18 05:34 20 ---h--w D:\documents and Settings\All Users\Data aplikací\PKP_DLea.DAT
2007-08-18 05:30 0 ---ha-w C:\Program Files\Common Files\MSN
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="C:\Program Files\UTILS\Startup Delayer\Startup Launcher GUI.exe" [2007-12-14 11:11 44032]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-18 14:00 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WD Button Manager"=WDBtnMgr.exe
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 Angelnt;Angelnt;C:\WINDOWS\system32\Drivers\ANGELNT.SYS [2007-10-25 09:50]
R1 AntiCaps;ANTICAPS;C:\WINDOWS\system32\drivers\AntiCaps.sys [2007-08-17 16:13]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\APPS\Firebird\bin\fbguard.exe [2007-01-31 01:05]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\APPS\Firebird\bin\fbserver.exe [2007-01-31 01:05]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 11:46]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S2 ANGELUSB;Identcode Usb AngelKey;C:\WINDOWS\system32\DRIVERS\angelusb.sys [2007-10-24 13:45]
S3 angkeyu;Usb AngelKey;C:\WINDOWS\system32\Drivers\angkeyu.sys [2007-10-25 09:50]
S3 CyLoad;Suprema USB Driver Loader;C:\WINDOWS\system32\Drivers\CyLoad.sys [2005-10-11 13:16]
S3 CyUsb;Suprema USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-10-11 13:17]
S3 IKOSAGENT;Agent IKOS;C:\Program Files\APPS\Doch3\agent.exe [2007-12-12 13:24]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;C:\WINDOWS\system32\DRIVERS\ipwpnet.sys [2003-12-18 18:51]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S4 ZNXGOYSXF;ZNXGOYSXF;D:\TEMP\Martinf\ZNXGOYSXF.exe []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 08:19:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 8:19:42
ComboFix-quarantined-files.txt 2008-04-01 06:19:27
ComboFix2.txt 2008-03-31 23:03:45
Adresářů: 8, Volných bajtů: 11,913,535,488
Adresářů: 12, Volných bajtů: 11,895,848,960
.
2008-03-25 05:54:42 --- E O F ---
Nahoru
quido
Nováček
Nováček
Registrován: 23. bře 2008

Příspěvek od quido »

Tak už je to vyřešené, chybka byla zde:

D:\TEMP\Martinf\ZNXGOYSXF.exe
Nahoru
Odpovědět

Zpět na „Viry, antiviry a bezpečnost“