VIRY se kterými si nevím rady

[Farter]

Tady je LOG z ComboFix:
ComboFix 09-01-01.02 - A 2009-01-04 15:28:12.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.282 [GMT 1:00]
Running from: c:\documents and settings\A\Plocha\ComboFix-1.exe
AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A\Data aplikací\inst.exe
c:\windows\system32\drivers\e03bd3c3.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_ICF
-------\Service_e03bd3c3


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 14:24 . 2009-01-04 14:24 <DIR> d-------- c:\program files\Recuva
2009-01-04 11:03 . 2009-01-04 11:03 <DIR> d-------- C:\_OTMoveIt
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2008-12-27 15:31 . 2007-07-06 21:09 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2008-12-27 15:31 . 2007-07-06 23:02 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2008-12-27 15:31 . 2008-12-27 15:31 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 11:39 . 2008-12-27 11:39 <DIR> d-------- c:\documents and settings\A\Data aplikací\Talkback
2008-12-27 09:43 . 2008-12-27 09:43 <DIR> d--h----- c:\windows\PIF
2008-12-26 20:31 . 2008-12-26 20:31 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-26 20:30 . 2008-12-28 21:51 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-26 20:30 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-12-26 20:30 . 2009-01-04 14:25 <DIR> d-------- c:\documents and settings\A\Data aplikací\Spyware Terminator
2008-12-26 20:09 . 2009-01-04 15:34 112,364 --a------ c:\windows\system32\drivers\661a622f.sys
2008-12-25 22:15 . 2008-12-25 22:16 111 --a------ c:\windows\sremcon.dat
2008-12-25 21:09 . 2008-12-25 21:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\CrucialSoft Ltd
2008-12-25 21:09 . 2009-01-04 15:34 112,364 --a------ c:\windows\system32\drivers\33283cca.sys
2008-12-24 10:07 . 2004-08-17 14:49 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-24 09:57 . 2008-12-24 09:57 <DIR> d-------- c:\windows\system32\cs
2008-12-24 09:57 . 2008-12-24 09:57 <DIR> d-------- c:\windows\system32\bits
2008-12-24 09:57 . 2008-12-24 09:57 <DIR> d-------- c:\windows\l2schemas
2008-12-24 09:55 . 2008-12-24 09:55 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-15 18:10 . 2008-12-19 13:13 <DIR> d-------- c:\documents and settings\A\Data aplikací\DivX
2008-12-15 17:46 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-12-15 17:46 . 2008-12-15 17:46 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-15 17:46 . 2008-12-15 17:46 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2008-12-15 16:52 . 2007-12-10 14:22 110,632 --a------ c:\windows\system32\drivers\s3017mdm.sys
2008-12-15 16:52 . 2007-12-10 14:22 110,120 --a------ c:\windows\system32\drivers\s3017unic.sys
2008-12-15 16:52 . 2007-12-10 14:22 104,616 --a------ c:\windows\system32\drivers\s3017mgmt.sys
2008-12-15 16:52 . 2007-12-10 14:22 100,648 --a------ c:\windows\system32\drivers\s3017obex.sys
2008-12-15 16:52 . 2007-12-10 14:22 83,880 --a------ c:\windows\system32\drivers\s3017bus.sys
2008-12-15 16:52 . 2007-12-10 14:22 25,512 --a------ c:\windows\system32\drivers\s3017nd5.sys
2008-12-15 16:52 . 2007-12-10 14:22 15,016 --a------ c:\windows\system32\drivers\s3017mdfl.sys
2008-12-15 16:52 . 2007-12-10 14:22 12,200 --a------ c:\windows\system32\drivers\s3017whnt.sys
2008-12-15 16:52 . 2007-12-10 14:22 12,200 --a------ c:\windows\system32\drivers\s3017wh.sys
2008-12-15 16:52 . 2007-12-10 14:22 12,200 --a------ c:\windows\system32\drivers\s3017cmnt.sys
2008-12-15 16:52 . 2007-12-10 14:22 12,200 --a------ c:\windows\system32\drivers\s3017cm.sys
2008-12-15 16:52 . 2007-12-10 14:22 10,792 --a------ c:\windows\system32\drivers\s3017cr.sys
2008-12-15 16:51 . 2008-12-15 16:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2008-12-15 15:56 . 2008-12-15 15:56 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2008-12-15 15:56 . 2008-12-15 15:56 22,368 --a------ c:\windows\system32\drivers\ggsemc.sys
2008-12-15 15:56 . 2008-12-15 15:56 10,976 --a------ c:\windows\system32\drivers\ggflt.sys
2008-12-15 13:17 . 2009-01-04 15:34 93,420 --a------ c:\windows\system32\drivers\a5874ee8.sys
2008-12-12 18:34 . 2008-12-12 18:34 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-12 18:14 . 2008-12-12 18:14 0 --a------ c:\windows\ativpsrm.bin
2008-12-12 17:56 . 2008-12-12 17:56 <DIR> d-------- c:\program files\iXi Tools
2008-12-07 15:36 . 2008-12-07 15:36 <DIR> d-------- c:\program files\Common Files\GTK
2008-12-07 15:36 . 2008-12-16 17:33 <DIR> d-------- c:\documents and settings\A\.gimp-2.6
2008-12-07 15:36 . 2008-12-07 15:36 <DIR> d-------- c:\documents and settings\A\.gegl-0.0
2008-12-07 11:05 . 2008-12-07 11:05 56 --ah----- c:\windows\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 13:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sports Interactive
2009-01-04 13:33 --------- d-----w c:\program files\Sony Ericsson
2009-01-02 19:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-01-02 19:34 --------- d-----w c:\program files\Canon
2009-01-02 17:29 --------- d-----w c:\documents and settings\A\Data aplikací\skypePM
2008-12-25 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 10:24 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-12-16 16:32 --------- d-----w c:\documents and settings\A\Data aplikací\gtk-2.0
2008-12-12 17:38 --------- d-----w c:\program files\ATI Technologies
2008-12-10 16:45 --------- d-----w c:\documents and settings\A\Data aplikací\Canon
2008-12-08 21:03 --------- d-----w c:\documents and settings\A\Data aplikací\uTorrent
2008-11-30 20:26 --------- d-----w c:\program files\FastStone Capture
2008-11-30 15:15 --------- d-----w c:\documents and settings\A\Data aplikací\Sports Interactive
2008-11-23 15:51 --------- d-----w c:\program files\Spectrum Software
2008-11-23 11:11 --------- d-----w c:\documents and settings\A\Data aplikací\Zoner
2008-11-23 11:09 --------- d-----w c:\program files\Zoner
2008-11-15 18:02 --------- d-----w c:\program files\CCleaner
2008-11-09 19:11 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-04-12 19:53 47,360 ----a-w c:\documents and settings\A\Data aplikací\pcouffin.sys
2008-03-16 09:10 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-01-23 15:47 22,328 ----a-w c:\documents and settings\A\Data aplikací\PnkBstrK.sys
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_14.21.04,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-02 12:44:45 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 17:33:35 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 12:44:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 17:33:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 12:44:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 17:33:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-04 14:33:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ccdcdbeaad]
2006-04-14 13:15 313871 c:\windows\system32\ccdcdbeaad.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dfdfdff]
2006-04-12 13:15 312847 c:\windows\system32\dfdfdff.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2vbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18778:TCP"= 18778:TCP:BitComet 18778 TCP
"18778:UDP"= 18778:UDP:BitComet 18778 UDP
"9139:TCP"= 9139:TCP:BitComet 9139 TCP
"9139:UDP"= 9139:UDP:BitComet 9139 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-29 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-29 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2007-07-06 9446]
S0 ati2vbxx;ati2vbxx;c:\windows\system32\Drivers\ati2vbxx.sys []
S1 spyemrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys []
S2 spyemrgsrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-15 10976]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-12-15 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-12-15 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-12-15 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-12-15 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-12-15 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-12-15 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-12-15 110120]
S3 spyemrgaccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys []
S3 spyemrgguard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a1425ec-395c-11dc-a9a9-001617907690}]
\shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ares.mp3.es/start.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {1765DE23-EAFB-4851-9979-67608D2C64FF} = 195.47.116.110,81.30.225.2
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 15:33:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\2f4e6629da1d7e5e65e384c13066dc9b.sys 36864 bytes executable
c:\windows\system32\_2f4e6629da1d7e5e65e384c13066dc9b.sys_.vir 36864 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\2f4e6629da1d7e5e65e384c13066dc9b]
"ImagePath"="system32\2f4e6629da1d7e5e65e384c13066dc9b.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\33283cca]
"ImagePath"="\SystemRoot\System32\drivers\33283cca.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\661a622f]
"ImagePath"="\SystemRoot\System32\drivers\661a622f.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\a5874ee8]
"ImagePath"="\SystemRoot\System32\drivers\a5874ee8.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-1060284298-1637723038-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\s-1-5-21-1060284298-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\ccdcdbeaad.dll
c:\windows\system32\dfdfdff.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-04 15:38:09 - machine was rebooted [A]
ComboFix-quarantined-files.txt 2009-01-04 14:37:59
ComboFix2.txt 2009-01-02 13:21:48

Pre-Run: Volných bajtů: 129,840,701,440
Post-Run: Volných bajtů: 129,751,502,848

266 --- E O F --- 2008-12-25 10:02:23

[Farter]

MBAM asi také nestáhnu poněvadž se prohlížeč vypne při kliknutí na odkaz.
Teď jsem se zkusil proklikat po stránce www.viry.cz a pustilo mě to takže mám stažený HijackThis poté zkusím MBAM

[jansv]

OK, MBAM by byl důležitý. Nachází se:

Obsah fóra » Software » Antiviry, Antispyware, Antirootkity » Návody, recenze

[Farter]

Hijack a MBAM dela stejne blbosti jako Avenger proste jen problikne

[jansv]

Jasně. Zkus tedy ještě jednou toto (uvidíme, jestli ještě něco smaže a budeme pokračovat):


Zapoj do PC všechny USB klíče (Flash disk, extérni HDD, MP3 přehrávač, ...)

Citace:
Pokuď jste tak ještě neučinil, přesuňte ComboFix na Plochu.
Otevřete si Poznámkový Blok.
Do něj zkopírujte skript z následujícího okna.

Kód: Vybrat vše

KillAll::

File::
c:\windows\7AC6E81B3D03F57AA1B9698C66B8E62.exe
c:\windows\system32\drivers\661a622f.sys
c:\windows\system32\sremcon.exe
c:\windows\system32\drivers\spyemrg_access.sys
c:\windows\system32\drivers\spyemrg_guard.sys
c:\windows\system32\drivers\spyemrg.sys
c:\windows\system32\drivers\33283cca.sys
c:\windows\system32\tyshb36rfjdf.dll
C:\uyrte.exe
c:\windows\system32\drivers\e03bd3c3.sys
c:\windows\C214BA44347915AE38C7DC696CCD1AA.exe
c:\windows\FAA135E141C4991D58EA9CE69ECCA35.exe
c:\windows\system32\drivers\a5874ee8.sys
c:\windows\unvise32.exe
c:\windows\system32\drivers\ethrqcfk.sys
c:\windows\iun6002.exe
c:\windows\system32\ccdcdbeaad.dll
c:\windows\system32\dfdfdff.dll
c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
E:\m.exe
c:\docume~1\A\LOCALS~1\Temp\winloggn.exe
c:\system32\drivers\TDSSpqlt.sys

Folder::
c:\program files\NETGATE
c:\documents and settings\All Users\Data aplikací\NETGATE
c:\documents and settings\A\Data aplikací\Spy Emergency

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ccdcdbeaad]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dfdfdff]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ICF]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\2f4e6629da1d7e5e65e384c13066dc9b]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDSSserv.sys]
"imagepath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\33283cca]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\661a622f]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\a5874ee8]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\e03bd3c3]
"ImagePath"=-

Driver::
661a622f
spyemrg_access
spyemrg_guard
spyemrg
33283cca
e03bd3c3
a5874ee8
ethrqcfk
TDSSpqlt

RootKit::
c:\windows\system32\svchost.exe:ext.exe

ADS::
c:\windows\system32\svchost.exe

Uložte Vámi vytvořený textový soubor s názvem CFScript.txt na plochu (Dávejte pozor, aby jste tam neměli dvakrát .txt).
Po uložení uchopte Vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad niž skript upusťte:



Po apllikaci by na Vás měl vybafnout další log, vložte jej prosím sem.