Chyba v C/Windows/system32

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 12:07

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2514
Windows 5.1.2600 Service Pack 3

28/07/2009 11:06:57
mbam-log-2009-07-28 (11-06-57).txt

Typ skenu: Rychlý sken
Objektu skenováno: 104788
Uplynulý cas: 21 minute(s), 17 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 21
Infikované hodnoty registru: 1
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 12

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{21d7135f-aee9-45e7-a0c1-791a4654bff1} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MRSoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06df596b-3170-4f07-be10-86e31456bc56} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\WINDOWS\system32\cvbybfir.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rifbybvc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boa1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully.

Reklama

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 12:38

Pri snaze o stazeni Combofix, mi to hlasi ze "We cannot rename Combofix as Combofix[1], please use another name, preferbaly made up of Alphanumeric characters".

Příspěvekod **jaro3** » 28 črc 2009 13:09

Nemáš Combofix už v PC? Pokud ano:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Pokud ne :
Zvol při ukládání Combofixu jméno :
VerTerm.exe

Pokud ani tak nepůjde stáhnout:

Zkus si zde
http://www.edisk.cz/stahni/79785/tools.rar_3.73MB.html

stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix
pokud ti pojede VerTerm, tak sem vlož z něho log.
Postupuj podle návodu pro Combofix.

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 13:48

Dekuji povedlo se, tady je log z Combofixu

ComboFix 09-07-27.04 - User 28/07/2009 12:22.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.279 [GMT 1:00]
Running from: c:\docume~1\User\LOCALS~1\Temp\7zOA.tmp\VerTerm.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc23.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc25.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc37.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc38.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc45.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccC.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\User\Local Settings\Temporary Internet Files\mccF.tmp
c:\windows\Installer\1c7ab71.msi
c:\windows\Installer\1c7ab72.msp
c:\windows\Installer\1c7ab73.msp
c:\windows\Installer\1c7ab74.msp
c:\windows\Installer\1c7ab75.msp
c:\windows\Installer\1c7ab76.msp
c:\windows\Installer\1c7ab77.msp
c:\windows\Installer\1c7ab78.msp
c:\windows\Installer\1c7ab79.msp
c:\windows\Installer\1c7ab7a.msp
c:\windows\Installer\f430f5.msi
c:\windows\system32\asfeubpg.ini
c:\windows\system32\baxsrgjq.ini
c:\windows\system32\bifbgljg.ini
c:\windows\system32\bxsdvggp.ini
c:\windows\system32\coscwllu.ini
c:\windows\system32\fsytlnej.ini
c:\windows\system32\gytfpodl.ini
c:\windows\system32\hfkgmbff.ini
c:\windows\system32\hmgonqbv.ini
c:\windows\system32\igarpewa.ini
c:\windows\system32\kqybdmlf.ini
c:\windows\system32\ldkitrte.ini
c:\windows\system32\lvcoinst.dll
c:\windows\system32\lyhtuqqy.ini
c:\windows\system32\minwxxad.ini
c:\windows\system32\qjkjehrl.ini
c:\windows\system32\qpxdyoso.ini
c:\windows\system32\RCcKQYay.ini
c:\windows\system32\RCcKQYay.ini2
c:\windows\system32\sanvyinq.ini
c:\windows\system32\tgumkptb.ini
c:\windows\system32\tyvejhda.ini
c:\windows\system32\uijtmrnt.ini
c:\windows\system32\uuuqujom.ini
c:\windows\system32\WEhiQqss.ini
c:\windows\system32\WEhiQqss.ini2
c:\windows\system32\xthqkdak.ini
c:\windows\system32\ymrnfdkc.ini

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-27 19:13 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-27 19:13 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:13 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:13 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 19:13 . 2009-07-27 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 17:17 . 2009-07-27 17:17 -------- d-----w- c:\program files\Trend Micro
2009-07-27 08:58 . 2009-07-27 09:16 -------- d-----w- c:\documents and settings\User\Application Data\Error Fix
2009-07-18 07:40 . 2006-06-22 20:51 4770 ----a-r- c:\windows\system32\Repository.reg
2009-07-18 07:40 . 2006-06-22 22:29 38960 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-07-18 07:40 . 2006-06-22 22:29 513584 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-07-18 07:40 . 2006-06-22 22:29 210480 ----a-r- c:\windows\system32\LVUI2.dll
2009-07-18 07:39 . 2006-06-22 22:29 263728 ----a-r- c:\windows\system32\lvcodec2.dll
2009-07-18 07:39 . 2006-06-22 22:29 293808 ----a-r- c:\windows\system32\drivers\LV561AV.SYS
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-07-18 07:29 . 2009-07-18 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-17 19:01 . 2009-07-28 11:37 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-07-17 19:01 . 2009-07-17 19:01 -------- d-----w- c:\program files\Common Files\Skype
2009-07-07 08:28 . 2009-07-07 08:28 -------- d-----w- c:\program files\Common Files\scanner
2009-07-07 08:28 . 2009-07-07 08:28 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 19:12 . 1994-12-06 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-04 19:12 . 1995-01-30 00:00 92208 ----a-w- c:\windows\system32\WING.DLL
2009-07-04 18:43 . 2009-07-04 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-07-04 18:42 . 2009-07-04 18:46 -------- d-----w- c:\program files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 10:22 . 2008-02-02 20:26 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-07-28 09:55 . 2006-12-27 23:42 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-28 09:00 . 2007-11-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-27 19:08 . 2007-10-14 17:36 -------- d-----w- c:\program files\Logitech
2009-07-27 18:00 . 2008-07-21 20:42 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-22 10:07 . 2009-03-23 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 11:24 . 2008-05-18 18:47 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-07-18 07:29 . 2007-10-14 17:36 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-17 19:01 . 2006-12-26 23:23 -------- d-----r- c:\program files\Skype
2009-07-17 19:00 . 2006-12-26 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-07 08:29 . 2006-12-26 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-25 15:07 . 2009-06-25 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 07:24 . 2009-06-25 07:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-25 07:22 . 2008-11-02 10:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 07:22 . 2008-11-02 10:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 07:22 . 2008-11-02 10:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 15:43 . 2006-12-22 17:34 15224 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 11:32 . 2006-12-26 12:41 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:31 . 2009-06-24 11:21 -------- d-----w- c:\program files\BT Home Hub
2009-06-24 11:31 . 2009-06-24 11:30 -------- d-----w- c:\program files\BT Broadband Talk Softphone
2009-06-24 11:23 . 2009-06-24 11:23 -------- d-----w- c:\program files\btbb_wcm
2009-06-24 11:23 . 2009-06-24 11:22 -------- d-----w- c:\program files\Common Files\Motive
2009-06-24 11:22 . 2009-06-24 11:21 -------- d-----w- c:\program files\Motive
2009-06-24 11:05 . 2006-12-26 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-21 18:31 . 2009-06-21 18:31 1744 ----a-w- c:\documents and settings\User\Local Settings\Application Data\d3d9caps.tmp
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 15:07 . 2009-06-25 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-11 16:43 . 2009-06-11 16:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trusteer
2009-06-10 10:49 . 2009-06-10 10:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2009-06-09 19:53 . 2009-06-09 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2009-06-09 19:53 . 2009-06-09 19:53 -------- d-----w- c:\documents and settings\User\Application Data\Trusteer
2009-06-09 19:52 . 2009-06-09 19:52 -------- d-----w- c:\program files\Trusteer
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 11:26 . 2009-06-05 19:22 4969808 ----a-w- c:\documents and settings\User\Application Data\TomTom\HOME\Profiles\hkq2rlat.default\extensions\Navcore.8.351.9982@tomtom.com\8-351-9982-1.dll
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 18:21 . 2008-11-02 10:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2008-05-24 18:51 . 2008-05-24 18:51 1252367 --sha-w- c:\windows\system32\mprnarwh.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Motive SmartBridge"="c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Home Hub\Help\bin\matcli.exe [2009-6-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 07:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"9c74ef72"=rundll32.exe "c:\windows\system32\ffbmgkfh.dll",b
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"RemoteControl"=c:\windows\system32\rmctrl.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7751:TCP"= 7751:TCP:BitComet 7751 TCP
"7751:UDP"= 7751:UDP:BitComet 7751 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/11/2008 11:23 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/11/2008 11:23 108552]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [09/06/2009 20:52 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [09/06/2009 20:52 239080]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/11/2008 11:22 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/11/2008 11:22 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23/03/2009 20:14 55152]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26/12/2008 13:23 222456]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [09/06/2009 20:52 664808]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/09/2008 21:23 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/09/2008 21:23 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:09]

2009-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;2
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
Trusted Zone: microsoft.com\www.update
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6776)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\progra~1\BTHOME~1\Help\SMARTB~1\SBHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Trusteer\Rapport\bin\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\BT Home Hub\Help\bin\mpbtn.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2009-07-28 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 11:43

Pre-Run: 18,058,440,704 bytes free
Post-Run: 18,292,166,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

434 --- E O F --- 2009-07-22 09:51

Příspěvekod **jaro3** » 28 črc 2009 14:28

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
c:\documents and settings\User\Local Settings\Application Data\d3d9caps.tmp
c:\windows\system32\mprnarwh.tmp
c:\windows\system32\ffbmgkfh.dll

DirLook::
c:\documents and settings\User\Application Data\Error Fix
c:\program files\Common Files\scanner

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"9c74ef72"=- 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
Vlož sem pak odkaz výsledku.

Kolem 16:00 se podívám..

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 16:53

Ja se omlouvam, ale nemuzu ten ComboFix nikde naji. Otevrel jsem ho pres VerTerm.exe
a nikde na plose ani v C: ho nemuzu najit.

Příspěvekod **jaro3** » 28 črc 2009 16:55

Je tam , kam sis ho uložil , vidím v hlavičce Combofixu:
Running from: c:\docume~1\User\LOCALS~1\Temp\7zOA.tmp\VerTerm.exe

Přetáhni si ho odsud na plochu a udělej ten script.

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 17:05

Opravdu ho tam nemam. Dal jsem to i do vyhledavace a neni nic nalezeno

Příspěvekod **jaro3** » 28 črc 2009 17:30

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

popř. smaž:
C:\327882R2FWJFW
C:\ComboFix
C:\qoobox

Vypni rez. ochranu u AVG8

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a postupuj, jak je napsáno výše se scriptem, tedy CFScript přetáhnout nad ten stažený Combofix.exe.

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 18:00

Smazal jsem C:\qoobox, ty ostatni polozky jsem nenasel a zase mi to pise pri snaze o stazeni Combofix
"We cannot rename Combofix as Combofix[1], please use another name, preferbaly made up of Alphanumeric characters".

Příspěvekod **jaro3** » 28 črc 2009 18:22

Nemáš na ploše jestě jeden Combofix či VerTerm?

Udělej toto:
stáhni si do dokumentů:
http://www.edisk.cz/stahni/79785/tools.rar_3.73MB.html

Rozbal a ze z této složky program (ikonu) VerTerm přetáhni myší na plochu , pak na ní přetáhni ten CFScipt atd.

davidhighend · Příspěvekod **davidhighend** » 28 črc 2009 18:56

ComboFix 09-07-27.04 - User 28/07/2009 17:31.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.150 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\VerTerm.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\User\Local Settings\Application Data\d3d9caps.tmp"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ffbmgkfh.dll"
"c:\windows\system32\mprnarwh.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Local Settings\Application Data\d3d9caps.tmp
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mprnarwh.tmp

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-27 19:13 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-27 19:13 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 19:13 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 19:13 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 19:13 . 2009-07-27 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 17:17 . 2009-07-27 17:17 -------- d-----w- c:\program files\Trend Micro
2009-07-27 08:58 . 2009-07-27 09:16 -------- d-----w- c:\documents and settings\User\Application Data\Error Fix
2009-07-18 07:40 . 2006-06-22 20:51 4770 ----a-r- c:\windows\system32\Repository.reg
2009-07-18 07:40 . 2006-06-22 22:29 38960 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-07-18 07:40 . 2006-06-22 22:29 513584 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-07-18 07:40 . 2006-06-22 22:29 210480 ----a-r- c:\windows\system32\LVUI2.dll
2009-07-18 07:39 . 2006-06-22 22:29 263728 ----a-r- c:\windows\system32\lvcodec2.dll
2009-07-18 07:39 . 2006-06-22 22:29 293808 ----a-r- c:\windows\system32\drivers\LV561AV.SYS
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
2009-07-18 07:31 . 2009-07-18 07:31 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-07-18 07:29 . 2009-07-18 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-17 19:01 . 2009-07-28 16:30 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-07-17 19:01 . 2009-07-17 19:01 -------- d-----w- c:\program files\Common Files\Skype
2009-07-07 08:28 . 2009-07-07 08:28 -------- d-----w- c:\program files\Common Files\scanner
2009-07-07 08:28 . 2009-07-07 08:28 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-04 19:12 . 1994-12-06 00:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-07-04 19:12 . 1995-01-30 00:00 92208 ----a-w- c:\windows\system32\WING.DLL
2009-07-04 18:43 . 2009-07-04 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-07-04 18:42 . 2009-07-04 18:46 -------- d-----w- c:\program files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 16:22 . 2008-02-02 20:26 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-07-28 09:00 . 2007-11-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-27 19:08 . 2007-10-14 17:36 -------- d-----w- c:\program files\Logitech
2009-07-22 10:07 . 2009-03-23 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 11:24 . 2008-05-18 18:47 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-07-18 07:29 . 2007-10-14 17:36 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-17 19:01 . 2006-12-26 23:23 -------- d-----r- c:\program files\Skype
2009-07-17 19:00 . 2006-12-26 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-07 08:29 . 2006-12-26 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-25 15:07 . 2009-06-25 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 07:24 . 2009-06-25 07:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-25 07:22 . 2008-11-02 10:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 07:22 . 2008-11-02 10:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 07:22 . 2008-11-02 10:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 15:43 . 2006-12-22 17:34 15224 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 11:32 . 2006-12-26 12:41 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:31 . 2009-06-24 11:21 -------- d-----w- c:\program files\BT Home Hub
2009-06-24 11:31 . 2009-06-24 11:30 -------- d-----w- c:\program files\BT Broadband Talk Softphone
2009-06-24 11:23 . 2009-06-24 11:23 -------- d-----w- c:\program files\btbb_wcm
2009-06-24 11:23 . 2009-06-24 11:22 -------- d-----w- c:\program files\Common Files\Motive
2009-06-24 11:22 . 2009-06-24 11:21 -------- d-----w- c:\program files\Motive
2009-06-24 11:05 . 2006-12-26 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 15:07 . 2009-06-25 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-11 16:43 . 2009-06-11 16:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trusteer
2009-06-10 10:49 . 2009-06-10 10:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2009-06-09 19:53 . 2009-06-09 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2009-06-09 19:53 . 2009-06-09 19:53 -------- d-----w- c:\documents and settings\User\Application Data\Trusteer
2009-06-09 19:52 . 2009-06-09 19:52 -------- d-----w- c:\program files\Trusteer
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 11:26 . 2009-06-05 19:22 4969808 ----a-w- c:\documents and settings\User\Application Data\TomTom\HOME\Profiles\hkq2rlat.default\extensions\Navcore.8.351.9982@tomtom.com\8-351-9982-1.dll
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 18:21 . 2008-11-02 10:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\User\Application Data\Error Fix ----

2009-07-27 09:16 . 2009-07-27 09:16 52 ----a-w- c:\documents and settings\User\Application Data\Error Fix\spy_ignore.db
2009-07-27 09:11 . 2009-07-27 09:11 240 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-103.db
2009-07-27 09:11 . 2009-07-27 09:11 240 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-101.db
2009-07-27 09:11 . 2009-07-27 09:11 244 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-102.db
2009-07-27 09:11 . 2009-07-27 09:11 188 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-100.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-99.db
2009-07-27 09:11 . 2009-07-27 09:11 260 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-98.db
2009-07-27 09:11 . 2009-07-27 09:11 268 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-97.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-96.db
2009-07-27 09:11 . 2009-07-27 09:11 276 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-94.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-95.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-93.db
2009-07-27 09:11 . 2009-07-27 09:11 276 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-92.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-91.db
2009-07-27 09:11 . 2009-07-27 09:11 276 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-90.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-89.db
2009-07-27 09:11 . 2009-07-27 09:11 276 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-88.db
2009-07-27 09:11 . 2009-07-27 09:11 272 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-87.db
2009-07-27 09:11 . 2009-07-27 09:11 272 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-85.db
2009-07-27 09:11 . 2009-07-27 09:11 268 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-86.db
2009-07-27 09:11 . 2009-07-27 09:11 300 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-83.db
2009-07-27 09:11 . 2009-07-27 09:11 268 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-84.db
2009-07-27 09:11 . 2009-07-27 09:11 144 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-82.db
2009-07-27 09:11 . 2009-07-27 09:11 144 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-81.db
2009-07-27 09:11 . 2009-07-27 09:11 144 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-80.db
2009-07-27 09:11 . 2009-07-27 09:11 200 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-79.db
2009-07-27 09:11 . 2009-07-27 09:11 192 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-78.db
2009-07-27 09:11 . 2009-07-27 09:11 188 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-77.db
2009-07-27 09:11 . 2009-07-27 09:11 216 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-75.db
2009-07-27 09:11 . 2009-07-27 09:11 244 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-76.db
2009-07-27 09:11 . 2009-07-27 09:11 188 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-73.db
2009-07-27 09:11 . 2009-07-27 09:11 176 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-74.db
2009-07-27 09:11 . 2009-07-27 09:11 200 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-71.db
2009-07-27 09:11 . 2009-07-27 09:11 208 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-72.db
2009-07-27 09:11 . 2009-07-27 09:11 256 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-70.db
2009-07-27 09:11 . 2009-07-27 09:11 200 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-68.db
2009-07-27 09:11 . 2009-07-27 09:11 164 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-69.db
2009-07-27 09:11 . 2009-07-27 09:11 176 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-67.db
2009-07-27 09:11 . 2009-07-27 09:11 236 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-66.db
2009-07-27 09:11 . 2009-07-27 09:11 260 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-65.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-64.db
2009-07-27 09:11 . 2009-07-27 09:11 276 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-63.db
2009-07-27 09:11 . 2009-07-27 09:11 236 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-62.db
2009-07-27 09:11 . 2009-07-27 09:11 132 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-60.db
2009-07-27 09:11 . 2009-07-27 09:11 124 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-61.db
2009-07-27 09:11 . 2009-07-27 09:11 148 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-59.db
2009-07-27 09:11 . 2009-07-27 09:11 352 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-58.db
2009-07-27 09:11 . 2009-07-27 09:11 268 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-57.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-56.db
2009-07-27 09:11 . 2009-07-27 09:11 248 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-55.db
2009-07-27 09:11 . 2009-07-27 09:11 196 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-54.db
2009-07-27 09:11 . 2009-07-27 09:11 320 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-53.db
2009-07-27 09:11 . 2009-07-27 09:11 284 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-51.db
2009-07-27 09:11 . 2009-07-27 09:11 304 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-52.db
2009-07-27 09:11 . 2009-07-27 09:11 108 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-50.db
2009-07-27 09:11 . 2009-07-27 09:11 136 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-49.db
2009-07-27 09:11 . 2009-07-27 09:11 104 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-48.db
2009-07-27 09:11 . 2009-07-27 09:11 160 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-46.db
2009-07-27 09:11 . 2009-07-27 09:11 132 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-47.db
2009-07-27 09:11 . 2009-07-27 09:11 200 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-44.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-45.db
2009-07-27 09:11 . 2009-07-27 09:11 292 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-43.db
2009-07-27 09:11 . 2009-07-27 09:11 160 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-42.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-41.db
2009-07-27 09:11 . 2009-07-27 09:11 172 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-40.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-39.db
2009-07-27 09:11 . 2009-07-27 09:11 180 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-38.db
2009-07-27 09:11 . 2009-07-27 09:11 176 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-37.db
2009-07-27 09:11 . 2009-07-27 09:11 136 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-36.db
2009-07-27 09:11 . 2009-07-27 09:11 120 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-34.db
2009-07-27 09:11 . 2009-07-27 09:11 168 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-35.db
2009-07-27 09:11 . 2009-07-27 09:11 200 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-33.db
2009-07-27 09:11 . 2009-07-27 09:11 292 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-32.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-31.db
2009-07-27 09:11 . 2009-07-27 09:11 136 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-30.db
2009-07-27 09:11 . 2009-07-27 09:11 148 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-28.db
2009-07-27 09:11 . 2009-07-27 09:11 168 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-29.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-27.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-26.db
2009-07-27 09:11 . 2009-07-27 09:11 172 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-25.db
2009-07-27 09:11 . 2009-07-27 09:11 164 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-23.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-24.db
2009-07-27 09:11 . 2009-07-27 09:11 164 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-22.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-20.db
2009-07-27 09:11 . 2009-07-27 09:11 180 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-21.db
2009-07-27 09:11 . 2009-07-27 09:11 132 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-19.db
2009-07-27 09:11 . 2009-07-27 09:11 124 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-17.db
2009-07-27 09:11 . 2009-07-27 09:11 124 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-18.db
2009-07-27 09:11 . 2009-07-27 09:11 124 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-16.db
2009-07-27 09:11 . 2009-07-27 09:11 152 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-15.db
2009-07-27 09:11 . 2009-07-27 09:11 132 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-14.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-13.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-12.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-10.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-11.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-9.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-7.db
2009-07-27 09:11 . 2009-07-27 09:11 124 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-8.db
2009-07-27 09:11 . 2009-07-27 09:11 148 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-5.db
2009-07-27 09:11 . 2009-07-27 09:11 156 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-6.db
2009-07-27 09:11 . 2009-07-27 09:11 324 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-4.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-2.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-3.db
2009-07-27 09:11 . 2009-07-27 09:11 280 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-1.db
2009-07-27 09:11 . 2009-07-27 09:11 264 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\regb-0.db
2009-07-27 09:11 . 2009-07-27 09:11 4 ----a-w- c:\documents and settings\User\Application Data\Error Fix\QuarantineW\2009-07-27 10-11-260\filelist.db
2009-07-27 08:59 . 2009-07-27 09:03 7380740 ----a-w- c:\documents and settings\User\Application Data\Error Fix\Results\Evidence.db
2009-07-27 08:59 . 2009-07-27 09:03 3260 ----a-w- c:\documents and settings\User\Application Data\Error Fix\Results\Update.db
2009-07-27 08:59 . 2009-07-27 09:03 8376 ----a-w- c:\documents and settings\User\Application Data\Error Fix\Results\Junk.db
2009-07-27 08:59 . 2009-07-27 09:03 187444 ----a-w- c:\documents and settings\User\Application Data\Error Fix\Results\Registry.db
2009-07-27 08:58 . 2009-07-27 09:11 141871 ----a-w- c:\documents and settings\User\Application Data\Error Fix\Logs\2009-07-27 09-58-380.log

---- Directory of c:\program files\Common Files\scanner ----

2007-09-21 20:45 . 2007-09-21 20:45 812296 ----a-w- c:\program files\Common Files\scanner\ppctl.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Motive SmartBridge"="c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-08 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Home Hub\Help\bin\matcli.exe [2009-6-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 07:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"RemoteControl"=c:\windows\system32\rmctrl.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7751:TCP"= 7751:TCP:BitComet 7751 TCP
"7751:UDP"= 7751:UDP:BitComet 7751 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/11/2008 11:23 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/11/2008 11:23 108552]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [09/06/2009 20:52 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [09/06/2009 20:52 239080]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/11/2008 11:22 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/11/2008 11:22 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23/03/2009 20:14 55152]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26/12/2008 13:23 222456]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [09/06/2009 20:52 664808]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/09/2008 21:23 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/09/2008 21:23 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:09]

2009-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 19:19]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/cust ... _side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;2
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
Trusted Zone: microsoft.com\www.update
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7160)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\progra~1\BTHOME~1\Help\SMARTB~1\SBHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Trusteer\Rapport\bin\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\BT Home Hub\Help\bin\mpbtn.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-28 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 16:53
ComboFix2.txt 2009-07-28 14:29

Pre-Run: 18,329,440,256 bytes free
Post-Run: 18,325,823,488 bytes free

374 --- E O F --- 2009-07-22 09:51

Chyba v C/Windows/system32 Vyřešeno

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Re: Chyba v C/Windows/system32

Kdo je online