Pomalý PC

CZechBoY · Příspěvekod **CZechBoY** » 07 čer 2009 20:32

Zdravim, sestava v podpisu a MWAV našel asi 10virů...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:44, on 7.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun /autorun /autorun /autorun /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C641B42D-570A-40CD-B895-55D9E003CC32}: NameServer = 192.168.15.1,192.168.68.16
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe

--
End of file - 5986 bytes

pak sem ještě hodim ten MWAV

Reklama

Damned · Příspěvekod **Damned** » 07 čer 2009 20:43

Toto:
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

sis upravil sám????
Jinak v logu nic nevidím.

Spusť MbAM, aktualizuj ho a spusť sken. Dej sem potom log

CZechBoY · Příspěvekod **CZechBoY** » 07 čer 2009 21:31

já nic v logu nekřízkuju sám, protože kvůli blbým radám mě z tohohle fora taky vyhodili tak jsem už radši nedělal ani u mě doma :) jinak MbAM nic nenašel, to testuju skoro pořád :)

ComboFix

ComboFix 09-06-07.01 - CZechBoY 07.06.2009 21:27.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1788.1238 [GMT 2:00]
Spuštěný z: c:\documents and settings\CZechBoY\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Avira\AntiVir Desktop\avsda.dll
C:\text.txt
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-07 do 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 18:28 . 2009-06-07 18:28 -------- d-----w- C:\rsit
2009-06-05 14:44 . 2009-06-05 14:44 -------- d-sh--w- c:\documents and settings\CZechBoY\PrivacIE
2009-06-05 13:57 . 2009-06-05 13:57 -------- d-----w- c:\program files\Hamachi
2009-06-05 13:57 . 2009-06-05 13:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 13:54 . 2009-06-05 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-05 13:53 . 2009-06-05 13:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 13:39 . 2009-06-05 13:39 -------- d-sh--w- c:\documents and settings\CZechBoY\IETldCache
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\program files\Lupas Rename 2000
2009-06-04 16:26 . 2009-06-04 16:26 -------- d-----w- c:\windows\ie8updates
2009-06-04 16:21 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-03 17:04 . 2009-06-03 17:04 -------- d-----w- c:\program files\Common Files\GeoVid
2009-06-03 17:04 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-06-03 17:04 . 2004-08-18 13:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-03 17:04 . 2003-03-19 06:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-06-03 17:04 . 2003-03-19 06:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-06-03 17:04 . 2003-03-19 04:05 89088 ----a-w- c:\windows\system32\atl71.dll
2009-06-03 17:04 . 2009-06-03 17:04 -------- d-----w- c:\program files\Screen VidShot
2009-06-03 14:44 . 2009-06-03 14:44 -------- d-----w- c:\program files\AWicons Pro
2009-06-02 14:18 . 2009-06-02 14:40 -------- d-----w- c:\program files\API-Guide
2009-06-01 13:09 . 2009-06-01 15:22 -------- d-----w- C:\pokus
2009-05-27 19:10 . 2009-05-27 19:10 -------- d-----w- c:\program files\IrfanView
2009-05-26 20:03 . 2005-04-15 10:24 53248 ----a-w- c:\windows\system32\MThreadVB.dll
2009-05-26 20:03 . 1998-07-05 23:00 16896 ----a-w- c:\windows\system32\WINSKDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2009-05-26 20:03 . 2009-05-26 20:03 -------- d-----w- c:\program files\MOette
2009-05-26 20:03 . 2002-08-14 11:17 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2009-05-21 19:14 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-21 19:14 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 19:14 . 2009-05-29 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 13:54 . 2009-05-20 13:54 5117901 ----a-w- c:\windows\REGBK00.ZIP
2009-05-20 13:48 . 2009-05-20 13:48 -------- d---a-w- c:\windows\system32\runouce.exe
2009-05-20 13:46 . 2009-05-20 13:46 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-20 13:46 . 2009-05-20 13:46 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-20 13:46 . 2009-05-20 13:46 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-05-20 13:46 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-20 13:46 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-20 13:46 . 2009-05-20 13:46 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-05-14 16:20 . 2009-05-14 16:20 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2009-05-12 13:25 . 2009-05-12 13:25 -------- d-----w- c:\program files\HD Tune Pro
2009-05-11 19:24 . 2009-05-11 19:24 -------- d-----w- c:\program files\GetRight
2009-05-11 14:09 . 2009-05-25 14:45 -------- d-----w- c:\windows\system32\NtmsData
2009-05-09 09:38 . 2009-05-09 09:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-09 09:38 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-09 09:38 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-09 09:38 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-09 09:38 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-09 09:38 . 2006-05-20 14:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-09 09:38 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-09 09:38 . 2009-05-11 12:36 -------- d-----w- c:\program files\VSO ConvertXtoDVD3
2009-05-09 09:38 . 2009-05-09 09:38 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 19:30 . 2009-04-21 12:45 16608 ----a-w- c:\windows\gdrv.sys
2009-05-27 12:11 . 2009-05-27 12:09 -------- d-----w- c:\program files\Winamp
2009-05-25 14:55 . 2009-04-21 16:59 -------- d-----w- c:\program files\OO Software
2009-05-20 14:17 . 2009-04-30 15:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-18 12:27 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-05-18 12:27 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 12:00 . 2009-04-21 12:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 12:36 . 2009-05-08 16:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-08 16:27 . 2009-05-08 16:27 -------- d-----w- c:\program files\InternetTV
2009-05-07 16:20 . 2009-05-07 16:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-05-07 16:20 . 2009-05-07 15:59 -------- d-----w- c:\program files\Logitech
2009-05-07 16:01 . 2009-05-07 16:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-07 16:00 . 2009-05-07 16:00 -------- d-----w- c:\program files\Windows Media Components
2009-05-02 08:10 . 2009-05-02 08:00 -------- d-----w- c:\program files\Microsoft Bootvis
2009-05-01 17:19 . 2009-05-01 17:18 -------- d-----w- c:\program files\PF Auto-Typer
2009-04-30 15:56 . 2009-04-30 15:55 -------- d-----w- c:\program files\iTunes
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w- c:\program files\iPod
2009-04-29 16:30 . 2009-04-29 14:15 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w- c:\program files\Hex Workshop v6
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\UltraISO
2009-04-29 14:31 . 2009-04-29 14:31 -------- d-----w- c:\program files\Burn4Free
2009-04-28 12:57 . 2009-04-28 11:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-28 12:18 . 2009-04-28 12:18 -------- d-----w- c:\program files\VideoLAN
2009-04-28 11:53 . 2009-04-27 14:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 16:04 . 2009-04-27 16:03 -------- d-----w- c:\program files\MediaCoder
2009-04-27 13:46 . 2009-04-23 15:45 97480 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-04-27 13:46 . 2009-04-23 15:45 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 13:46 . 2009-04-21 15:12 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 16:11 . 2009-04-21 13:53 -------- d-----w- c:\program files\CamStudio
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w- c:\program files\Web Publish
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\O0MHBX3F.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\YA7HBZR7.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\K7RFZZFP.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\4PBV3NR5.DAT
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w- c:\program files\Desktop Sidebar
2009-04-22 14:22 . 2009-04-22 14:21 -------- d-----w- c:\program files\3DMark2001 SE
2009-04-22 14:21 . 2009-04-21 12:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 17:01 . 2009-04-21 17:00 -------- d-----w- c:\program files\Scorpions WinCheater
2009-04-21 16:38 . 2009-04-21 16:38 -------- d-----w- c:\program files\Lavalys
2009-04-21 16:36 . 2009-04-21 16:36 -------- d-----w- c:\program files\Microsoft Works
2009-04-21 15:12 . 2009-04-21 15:12 -------- d-----w- c:\program files\Avira
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----r- c:\program files\Skype
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w- c:\program files\CCleaner
2009-04-21 13:58 . 2009-04-21 13:54 -------- d-----w- c:\program files\QIP Infium
2009-04-21 13:53 . 2009-04-21 13:53 -------- d-----w- c:\program files\Opera
2009-04-21 13:39 . 2009-04-21 12:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 13:39 . 2009-04-21 12:35 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-21 13:12 . 2009-04-21 12:35 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-21 12:54 . 2009-04-21 12:50 -------- d-----w- c:\program files\Realtek
2009-04-21 12:50 . 2009-04-21 12:50 319488 ----a-w- c:\windows\HideWin.exe
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\Intel
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\GIGABYTE
2009-04-21 12:35 . 2009-04-21 12:35 -------- d-----w- c:\program files\microsoft frontpage
2009-04-21 12:33 . 2009-04-21 12:33 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-02 13:21 . 2009-05-08 16:33 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-19 14:32 . 2009-04-30 15:56 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 12:18 . 2009-04-24 16:55 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-24 16:55 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-27 1573104]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-02-23 1911568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-5-11 4628752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0DfSDKBt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Strong DC++(2.22)\\StrongDC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Hry\\Chmat-MystiX\\chmatakov15.exe"=
"c:\\Documents and Settings\\CZechBoY\\Plocha\\muj server\\SERVER01.exe"=
"c:\\Program Files\\MOette\\Wake On Lan Tool\\wol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23.4.2009 17:45 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23.4.2009 17:45 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.4.2009 17:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.4.2009 17:45 432897]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.4.2009 14:46 80392]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23.4.2009 17:45 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.4.2009 14:50 110080]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.4.2009 17:45 194817]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {C641B42D-570A-40CD-B895-55D9E003CC32} = 192.168.15.1,192.168.68.16
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 21:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="CB64B3230251822DD7D42EB5253E0DA1A92585FD462074982E72B430782E48CA1C93D12AA62CC278D070900E37E9C7F7C92C442E5314F503219D74CCA4D4C15DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7A841F1834E6936B9668F689EE8E8A63961329AA731E88E1CD976C905371C8B0504A7E4980CC2B4A7CBA3E1B20F6CA7A867D490D5A2E335122C1BE444FE59C6E2F3D7BB289DA370D7FE1F2120D6F8EEE28699CB070DE748E63A6608D863E05A2043AA1C31BC8AA74777F594BBB06C882DA5A358012B561F61851D382CF93586A9CEE096227653FF91C06B31956DD35A9602CA75BC4C8541CAC9C9F3127133393B05FC5E541126FC78B3CCBC1AAAC4E0D5F888E14ADC3EAC2EEBCCD99ADFA749F55E0F49D24437CBEC73F6DFD2B3CD7086271867298E587E594376EAE25A2BE460A9E36C92A83EA70347EE8FC6C6CD42D57BB32B07382D03233E414D876EEF9F12D98AD1E57ED02A61B3E15E02AAD10BE129036FDD28030094673D373AEDE5040049F0245CE354E5CAA94473F400716B6C66BBD7E6CDAD4802EE5C850FB013284B65BDF5B589E1F4074EFDF22B2923841119EF5C79BA13061AD1113B1B3FAD04550C5757263040AB5EB0EBC08A47F0BBE70CE0FE45E7878A9EC9F54CFCC03A53D4330788E7FD1E5D4EC0343E2E20FE744C472C055D895A78AF58DB257E268EAD9E3BA1FA8E189CFE9B2375C975A196C99D659438C5144FB6A392ED968B6881FBF6A5D252EE2BFA7F26065F4011C85F8BB5023D4F0B26478E10AA678972C5906C2F162C980009E91247A9FFCEDDE54B35B3EC336DE8B69613FA07140EACA61A66F7B69D1F3DAE2F4E4E9C6E99F7B96855C9405AEA38FD9C203165C67DFBEBF4C03EBE405D2B6DE7E517D14B3CC71F39AD7A903868215526A63EA872A66572285F00C9AADD77CF59F39E514571EE2A5E59937AF0CB21800E9CA046A47E2094F265F86261D363B248B9E3825D5B2937A1A235C4F9160B5A89654264E7FAB6B1DC5296E762592A1F3B83A6EFA339BEE54B2A89AF86B29B1210CD37F519B0EBA78BE5C354E9E84068866F6659E776002AA6B13D89CF3207356A8CE9CE4644B57E2AF3CB544E59A5F1692F3DEEAB1797F8546FD61F7884D06468D7C73CE2A95C3EE7CBE2AC2D8D54DE5828600106FD5BD85873AE2A10B2B9606A1CC5A28BE1529C6CC0E350A5C2A0ED63DB453124757B45B394C6F0160A8F93B0FDF8BDFF8E552250B89D9AA578188580F3B44C8D15484CD286D7ED4F32826A1438CA8373319B05AE643010D353945EF0A87255EAB166DB66509E82C32823689EF5BB3444C31564BD381766AE7A0F038FEBE2C54F45BD606C640"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(5208)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-07 21:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-07 19:31

Před spuštěním: Volných bajtů: 11 108 392 960
Po spuštění: Volných bajtů: 11 098 640 384

248 --- E O F --- 2009-05-31 01:01

Damned · Příspěvekod **Damned** » 07 čer 2009 21:42

Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

CZechBoY · Příspěvekod **CZechBoY** » 08 čer 2009 06:58

ComboFix je už v předchozím :))

ComboFix 09-06-07.01 - CZechBoY 07.06.2009 21:27.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1788.1238 [GMT 2:00]
Spuštěný z: c:\documents and settings\CZechBoY\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Avira\AntiVir Desktop\avsda.dll
C:\text.txt
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-07 do 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 18:28 . 2009-06-07 18:28 -------- d-----w- C:\rsit
2009-06-05 14:44 . 2009-06-05 14:44 -------- d-sh--w- c:\documents and settings\CZechBoY\PrivacIE
2009-06-05 13:57 . 2009-06-05 13:57 -------- d-----w- c:\program files\Hamachi
2009-06-05 13:57 . 2009-06-05 13:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 13:54 . 2009-06-05 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-05 13:53 . 2009-06-05 13:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 13:39 . 2009-06-05 13:39 -------- d-sh--w- c:\documents and settings\CZechBoY\IETldCache
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\program files\Lupas Rename 2000
2009-06-04 16:26 . 2009-06-04 16:26 -------- d-----w- c:\windows\ie8updates
2009-06-04 16:21 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-03 17:04 . 2009-06-03 17:04 -------- d-----w- c:\program files\Common Files\GeoVid
2009-06-03 17:04 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-06-03 17:04 . 2004-08-18 13:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-03 17:04 . 2003-03-19 06:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-06-03 17:04 . 2003-03-19 06:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-06-03 17:04 . 2003-03-19 04:05 89088 ----a-w- c:\windows\system32\atl71.dll
2009-06-03 17:04 . 2009-06-03 17:04 -------- d-----w- c:\program files\Screen VidShot
2009-06-03 14:44 . 2009-06-03 14:44 -------- d-----w- c:\program files\AWicons Pro
2009-06-02 14:18 . 2009-06-02 14:40 -------- d-----w- c:\program files\API-Guide
2009-06-01 13:09 . 2009-06-01 15:22 -------- d-----w- C:\pokus
2009-05-27 19:10 . 2009-05-27 19:10 -------- d-----w- c:\program files\IrfanView
2009-05-26 20:03 . 2005-04-15 10:24 53248 ----a-w- c:\windows\system32\MThreadVB.dll
2009-05-26 20:03 . 1998-07-05 23:00 16896 ----a-w- c:\windows\system32\WINSKDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2009-05-26 20:03 . 2009-05-26 20:03 -------- d-----w- c:\program files\MOette
2009-05-26 20:03 . 2002-08-14 11:17 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 16384 ----a-w- c:\windows\system32\INETDE.DLL
2009-05-26 20:03 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2009-05-21 19:14 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-21 19:14 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 19:14 . 2009-05-29 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 13:54 . 2009-05-20 13:54 5117901 ----a-w- c:\windows\REGBK00.ZIP
2009-05-20 13:48 . 2009-05-20 13:48 -------- d---a-w- c:\windows\system32\runouce.exe
2009-05-20 13:46 . 2009-05-20 13:46 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-20 13:46 . 2009-05-20 13:46 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-20 13:46 . 2009-05-20 13:46 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-05-20 13:46 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-20 13:46 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-20 13:46 . 2009-05-20 13:46 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-05-14 16:20 . 2009-05-14 16:20 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2009-05-12 13:25 . 2009-05-12 13:25 -------- d-----w- c:\program files\HD Tune Pro
2009-05-11 19:24 . 2009-05-11 19:24 -------- d-----w- c:\program files\GetRight
2009-05-11 14:09 . 2009-05-25 14:45 -------- d-----w- c:\windows\system32\NtmsData
2009-05-09 09:38 . 2009-05-09 09:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-09 09:38 . 2007-03-18 18:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-05-09 09:38 . 2006-09-29 10:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-05-09 09:38 . 2006-09-29 10:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-05-09 09:38 . 2006-09-29 10:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-05-09 09:38 . 2006-05-20 14:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-05-09 09:38 . 2002-12-10 00:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-05-09 09:38 . 2009-05-11 12:36 -------- d-----w- c:\program files\VSO ConvertXtoDVD3
2009-05-09 09:38 . 2009-05-09 09:38 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 19:30 . 2009-04-21 12:45 16608 ----a-w- c:\windows\gdrv.sys
2009-05-27 12:11 . 2009-05-27 12:09 -------- d-----w- c:\program files\Winamp
2009-05-25 14:55 . 2009-04-21 16:59 -------- d-----w- c:\program files\OO Software
2009-05-20 14:17 . 2009-04-30 15:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-18 12:27 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-05-18 12:27 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 12:00 . 2009-04-21 12:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 12:36 . 2009-05-08 16:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-08 16:27 . 2009-05-08 16:27 -------- d-----w- c:\program files\InternetTV
2009-05-07 16:20 . 2009-05-07 16:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-05-07 16:20 . 2009-05-07 15:59 -------- d-----w- c:\program files\Logitech
2009-05-07 16:01 . 2009-05-07 16:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-07 16:00 . 2009-05-07 16:00 -------- d-----w- c:\program files\Windows Media Components
2009-05-02 08:10 . 2009-05-02 08:00 -------- d-----w- c:\program files\Microsoft Bootvis
2009-05-01 17:19 . 2009-05-01 17:18 -------- d-----w- c:\program files\PF Auto-Typer
2009-04-30 15:56 . 2009-04-30 15:55 -------- d-----w- c:\program files\iTunes
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w- c:\program files\iPod
2009-04-29 16:30 . 2009-04-29 14:15 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w- c:\program files\Hex Workshop v6
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\UltraISO
2009-04-29 14:31 . 2009-04-29 14:31 -------- d-----w- c:\program files\Burn4Free
2009-04-28 12:57 . 2009-04-28 11:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-28 12:18 . 2009-04-28 12:18 -------- d-----w- c:\program files\VideoLAN
2009-04-28 11:53 . 2009-04-27 14:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 16:04 . 2009-04-27 16:03 -------- d-----w- c:\program files\MediaCoder
2009-04-27 13:46 . 2009-04-23 15:45 97480 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-04-27 13:46 . 2009-04-23 15:45 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 13:46 . 2009-04-21 15:12 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 16:11 . 2009-04-21 13:53 -------- d-----w- c:\program files\CamStudio
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w- c:\program files\Web Publish
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\O0MHBX3F.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\YA7HBZR7.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\K7RFZZFP.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\4PBV3NR5.DAT
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w- c:\program files\Desktop Sidebar
2009-04-22 14:22 . 2009-04-22 14:21 -------- d-----w- c:\program files\3DMark2001 SE
2009-04-22 14:21 . 2009-04-21 12:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 17:01 . 2009-04-21 17:00 -------- d-----w- c:\program files\Scorpions WinCheater
2009-04-21 16:38 . 2009-04-21 16:38 -------- d-----w- c:\program files\Lavalys
2009-04-21 16:36 . 2009-04-21 16:36 -------- d-----w- c:\program files\Microsoft Works
2009-04-21 15:12 . 2009-04-21 15:12 -------- d-----w- c:\program files\Avira
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----r- c:\program files\Skype
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w- c:\program files\CCleaner
2009-04-21 13:58 . 2009-04-21 13:54 -------- d-----w- c:\program files\QIP Infium
2009-04-21 13:53 . 2009-04-21 13:53 -------- d-----w- c:\program files\Opera
2009-04-21 13:39 . 2009-04-21 12:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 13:39 . 2009-04-21 12:35 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-21 13:12 . 2009-04-21 12:35 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-21 12:54 . 2009-04-21 12:50 -------- d-----w- c:\program files\Realtek
2009-04-21 12:50 . 2009-04-21 12:50 319488 ----a-w- c:\windows\HideWin.exe
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\Intel
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\GIGABYTE
2009-04-21 12:35 . 2009-04-21 12:35 -------- d-----w- c:\program files\microsoft frontpage
2009-04-21 12:33 . 2009-04-21 12:33 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-02 13:21 . 2009-05-08 16:33 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-19 14:32 . 2009-04-30 15:56 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 12:18 . 2009-04-24 16:55 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-24 16:55 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-27 1573104]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-02-23 1911568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\CZechBoY\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-6-5 625952]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-5-11 4628752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0DfSDKBt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Strong DC++(2.22)\\StrongDC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Hry\\Chmat-MystiX\\chmatakov15.exe"=
"c:\\Documents and Settings\\CZechBoY\\Plocha\\muj server\\SERVER01.exe"=
"c:\\Program Files\\MOette\\Wake On Lan Tool\\wol.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23.4.2009 17:45 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23.4.2009 17:45 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.4.2009 17:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.4.2009 17:45 432897]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.4.2009 14:46 80392]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23.4.2009 17:45 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.4.2009 14:50 110080]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.4.2009 17:45 194817]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {C641B42D-570A-40CD-B895-55D9E003CC32} = 192.168.15.1,192.168.68.16
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 21:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="CB64B3230251822DD7D42EB5253E0DA1A92585FD462074982E72B430782E48CA1C93D12AA62CC278D070900E37E9C7F7C92C442E5314F503219D74CCA4D4C15DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7A841F1834E6936B9668F689EE8E8A63961329AA731E88E1CD976C905371C8B0504A7E4980CC2B4A7CBA3E1B20F6CA7A867D490D5A2E335122C1BE444FE59C6E2F3D7BB289DA370D7FE1F2120D6F8EEE28699CB070DE748E63A6608D863E05A2043AA1C31BC8AA74777F594BBB06C882DA5A358012B561F61851D382CF93586A9CEE096227653FF91C06B31956DD35A9602CA75BC4C8541CAC9C9F3127133393B05FC5E541126FC78B3CCBC1AAAC4E0D5F888E14ADC3EAC2EEBCCD99ADFA749F55E0F49D24437CBEC73F6DFD2B3CD7086271867298E587E594376EAE25A2BE460A9E36C92A83EA70347EE8FC6C6CD42D57BB32B07382D03233E414D876EEF9F12D98AD1E57ED02A61B3E15E02AAD10BE129036FDD28030094673D373AEDE5040049F0245CE354E5CAA94473F400716B6C66BBD7E6CDAD4802EE5C850FB013284B65BDF5B589E1F4074EFDF22B2923841119EF5C79BA13061AD1113B1B3FAD04550C5757263040AB5EB0EBC08A47F0BBE70CE0FE45E7878A9EC9F54CFCC03A53D4330788E7FD1E5D4EC0343E2E20FE744C472C055D895A78AF58DB257E268EAD9E3BA1FA8E189CFE9B2375C975A196C99D659438C5144FB6A392ED968B6881FBF6A5D252EE2BFA7F26065F4011C85F8BB5023D4F0B26478E10AA678972C5906C2F162C980009E91247A9FFCEDDE54B35B3EC336DE8B69613FA07140EACA61A66F7B69D1F3DAE2F4E4E9C6E99F7B96855C9405AEA38FD9C203165C67DFBEBF4C03EBE405D2B6DE7E517D14B3CC71F39AD7A903868215526A63EA872A66572285F00C9AADD77CF59F39E514571EE2A5E59937AF0CB21800E9CA046A47E2094F265F86261D363B248B9E3825D5B2937A1A235C4F9160B5A89654264E7FAB6B1DC5296E762592A1F3B83A6EFA339BEE54B2A89AF86B29B1210CD37F519B0EBA78BE5C354E9E84068866F6659E776002AA6B13D89CF3207356A8CE9CE4644B57E2AF3CB544E59A5F1692F3DEEAB1797F8546FD61F7884D06468D7C73CE2A95C3EE7CBE2AC2D8D54DE5828600106FD5BD85873AE2A10B2B9606A1CC5A28BE1529C6CC0E350A5C2A0ED63DB453124757B45B394C6F0160A8F93B0FDF8BDFF8E552250B89D9AA578188580F3B44C8D15484CD286D7ED4F32826A1438CA8373319B05AE643010D353945EF0A87255EAB166DB66509E82C32823689EF5BB3444C31564BD381766AE7A0F038FEBE2C54F45BD606C640"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(5208)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-07 21:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-07 19:31

Před spuštěním: Volných bajtů: 11 108 392 960
Po spuštění: Volných bajtů: 11 098 640 384

248 --- E O F --- 2009-05-31 01:01

Damned · Příspěvekod **Damned** » 08 čer 2009 08:56

Sorry, asi sem koukal po ženských....

Co je to Moette?

Spusť si HJT a fixni:
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

**************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\REGBK00.ZIP
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe
c:\windows\HideWin.exe
c:\windows\system32\emptyregdb.dat

Folder::
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

CZechBoY · Příspěvekod **CZechBoY** » 08 čer 2009 15:52

moette co to je ? já nevim :)) ale ten vir je asi ve Webkameře takže co s tim :-/

Damned · Příspěvekod **Damned** » 08 čer 2009 16:03

c:\program files\MOette

Pokud tam je nějaký vir, tak jen proto, že sis ho nainstalaval. Fixni, udělej CFScript.txt a dej sem logy.

CZechBoY · Příspěvekod **CZechBoY** » 08 čer 2009 16:08

Jenom ten z minula:
a ta složka Moette v program files není, ani když dám zobrazit skrytý soubory a složky ... pak udělám ten CFScript

ComboFix 09-06-07.01 - CZechBoY 08.06.2009 15:47.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1788.1088 [GMT 2:00]
Spuštěný z: c:\documents and settings\CZechBoY\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\CZechBoY\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FILE ::
"c:\windows\HideWin.exe"
"c:\windows\REGBK00.ZIP"
"c:\windows\system32\eEmpty.exe"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\runouce.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\AssArray.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\Blowfish.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\FunctionEggtimer.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\ifelse.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\IsoGrd2.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\KcBoxB.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\KcButton.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kcclock.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kcedit.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kcffunct.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kcfile.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kcini.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\kclist.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\MagicDeque.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\mmfs2.dll
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\mooclick.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\nvar.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\parser.mfx
c:\docume~1\CZechBoY\LOCALS~1\Temp\mrt195.tmp\pathfind.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\AssArray.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\Blowfish.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\FunctionEggtimer.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\ifelse.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\IsoGrd2.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\KcBoxB.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\KcButton.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kcclock.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kcedit.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kcffunct.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kcfile.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kcini.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\kclist.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\MagicDeque.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\mmfs2.dll
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\mooclick.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\nvar.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\parser.mfx
c:\documents and settings\CZechBoY\Local Settings\Temp\mrt195.tmp\pathfind.mfx
c:\windows\HideWin.exe
c:\windows\REGBK00.ZIP
c:\windows\regedit.com
c:\windows\system32\eEmpty.exe
c:\windows\system32\emptyregdb.dat
c:\windows\system32\runouce.exe
c:\windows\system32\taskmgr.com
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-08 do 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-07 19:36 . 2009-06-07 19:36 -------- d-sh--w- c:\documents and settings\CZechBoY\IECompatCache
2009-06-07 18:28 . 2009-06-07 18:28 -------- d-----w- C:\rsit
2009-06-05 14:44 . 2009-06-05 14:44 -------- d-sh--w- c:\documents and settings\CZechBoY\PrivacIE
2009-06-05 13:57 . 2009-06-05 13:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 13:54 . 2009-06-05 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-05 13:53 . 2009-06-05 13:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 13:39 . 2009-06-05 13:39 -------- d-sh--w- c:\documents and settings\CZechBoY\IETldCache
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\program files\Lupas Rename 2000
2009-06-04 16:26 . 2009-06-04 16:26 -------- d-----w- c:\windows\ie8updates
2009-06-04 16:21 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-03 17:04 . 2009-06-03 17:04 -------- d-----w- c:\program files\Common Files\GeoVid
2009-06-03 17:04 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-06-03 17:04 . 2004-08-18 13:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-03 17:04 . 2003-03-19 06:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-06-03 17:04 . 2003-03-19 06:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-06-03 17:04 . 2003-03-19 04:05 89088 ----a-w- c:\windows\system32\atl71.dll
2009-06-03 14:44 . 2009-06-03 14:44 -------- d-----w- c:\program files\AWicons Pro
2009-06-02 14:18 . 2009-06-02 14:40 -------- d-----w- c:\program files\API-Guide
2009-06-01 13:09 . 2009-06-01 15:22 -------- d-----w- C:\pokus
2009-05-27 19:10 . 2009-05-27 19:10 -------- d-----w- c:\program files\IrfanView
2009-05-21 19:14 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-21 19:14 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 19:14 . 2009-05-29 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 13:46 . 2009-05-20 13:46 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-20 13:46 . 2009-05-20 13:46 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-05-20 13:46 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2009-05-20 13:46 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2009-05-20 13:46 . 2009-05-20 13:46 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-05-14 16:20 . 2009-05-14 16:20 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2009-05-12 13:25 . 2009-05-12 13:25 -------- d-----w- c:\program files\HD Tune Pro
2009-05-11 19:24 . 2009-05-11 19:24 -------- d-----w- c:\program files\GetRight
2009-05-11 14:09 . 2009-05-25 14:45 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 13:51 . 2009-04-21 12:45 16608 ----a-w- c:\windows\gdrv.sys
2009-06-08 13:15 . 2009-05-07 16:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-06-08 13:15 . 2009-05-07 15:59 -------- d-----w- c:\program files\Logitech
2009-05-27 12:11 . 2009-05-27 12:09 -------- d-----w- c:\program files\Winamp
2009-05-25 14:55 . 2009-04-21 16:59 -------- d-----w- c:\program files\OO Software
2009-05-20 14:17 . 2009-04-30 15:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-18 12:27 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-05-18 12:27 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 12:00 . 2009-04-21 12:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 12:36 . 2009-05-09 09:38 -------- d-----w- c:\program files\VSO ConvertXtoDVD3
2009-05-11 12:36 . 2009-05-08 16:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-09 09:38 . 2009-05-09 09:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-09 09:38 . 2009-05-09 09:38 -------- d-----w- c:\program files\VSO
2009-05-08 16:44 . 2009-05-08 16:44 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-08 16:27 . 2009-05-08 16:27 -------- d-----w- c:\program files\InternetTV
2009-05-07 16:01 . 2009-05-07 16:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-05-07 16:00 . 2009-05-07 16:00 -------- d-----w- c:\program files\Windows Media Components
2009-05-02 08:10 . 2009-05-02 08:00 -------- d-----w- c:\program files\Microsoft Bootvis
2009-05-01 17:19 . 2009-05-01 17:18 -------- d-----w- c:\program files\PF Auto-Typer
2009-04-30 15:56 . 2009-04-30 15:55 -------- d-----w- c:\program files\iTunes
2009-04-30 15:55 . 2009-04-30 15:55 -------- d-----w- c:\program files\iPod
2009-04-29 16:30 . 2009-04-29 14:15 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-04-29 15:57 . 2009-04-29 15:57 -------- d-----w- c:\program files\Hex Workshop v6
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-04-29 14:39 . 2009-04-29 14:39 -------- d-----w- c:\program files\UltraISO
2009-04-29 14:31 . 2009-04-29 14:31 -------- d-----w- c:\program files\Burn4Free
2009-04-28 12:57 . 2009-04-28 11:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-28 12:18 . 2009-04-28 12:18 -------- d-----w- c:\program files\VideoLAN
2009-04-28 11:53 . 2009-04-27 14:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-27 16:04 . 2009-04-27 16:03 -------- d-----w- c:\program files\MediaCoder
2009-04-27 13:46 . 2009-04-23 15:45 97480 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-04-27 13:46 . 2009-04-23 15:45 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 13:46 . 2009-04-21 15:12 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 16:11 . 2009-04-21 13:53 -------- d-----w- c:\program files\CamStudio
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w- c:\program files\Web Publish
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\O0MHBX3F.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\YA7HBZR7.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\K7RFZZFP.DAT
2009-04-23 19:15 . 2009-04-23 19:15 2678 ----a-w- c:\windows\java\Packages\Data\4PBV3NR5.DAT
2009-04-23 14:09 . 2009-04-23 14:09 -------- d-----w- c:\program files\Desktop Sidebar
2009-04-22 14:22 . 2009-04-22 14:21 -------- d-----w- c:\program files\3DMark2001 SE
2009-04-22 14:21 . 2009-04-21 12:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 17:01 . 2009-04-21 17:00 -------- d-----w- c:\program files\Scorpions WinCheater
2009-04-21 16:38 . 2009-04-21 16:38 -------- d-----w- c:\program files\Lavalys
2009-04-21 16:36 . 2009-04-21 16:36 -------- d-----w- c:\program files\Microsoft Works
2009-04-21 15:12 . 2009-04-21 15:12 -------- d-----w- c:\program files\Avira
2009-04-21 14:45 . 2009-04-21 14:45 -------- d-----r- c:\program files\Skype
2009-04-21 14:32 . 2009-04-21 14:32 -------- d-----w- c:\program files\CCleaner
2009-04-21 13:58 . 2009-04-21 13:54 -------- d-----w- c:\program files\QIP Infium
2009-04-21 13:53 . 2009-04-21 13:53 -------- d-----w- c:\program files\Opera
2009-04-21 13:39 . 2009-04-21 12:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 13:39 . 2009-04-21 12:35 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-21 13:12 . 2009-04-21 12:35 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-21 12:54 . 2009-04-21 12:50 -------- d-----w- c:\program files\Realtek
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\Intel
2009-04-21 12:46 . 2009-04-21 12:46 -------- d-----w- c:\program files\GIGABYTE
2009-04-21 12:35 . 2009-04-21 12:35 -------- d-----w- c:\program files\microsoft frontpage
2009-04-02 13:21 . 2009-05-08 16:33 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-19 14:32 . 2009-04-30 15:56 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 12:18 . 2009-04-24 16:55 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-24 16:55 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-24 16:55 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-07_19.31.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 13:51 . 2009-06-08 13:51 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat
+ 2009-06-08 13:51 . 2009-06-08 13:51 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-27 1573104]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-02-23 1911568]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2009-5-11 4628752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0DfSDKBt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Strong DC++(2.22)\\StrongDC.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Hry\\Chmat-MystiX\\chmatakov15.exe"=
"c:\\Documents and Settings\\CZechBoY\\Plocha\\muj server\\SERVER01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23.4.2009 17:45 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23.4.2009 17:45 388865]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.4.2009 17:45 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.4.2009 17:45 432897]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.4.2009 14:46 80392]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23.4.2009 17:45 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [21.4.2009 14:50 110080]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.4.2009 17:45 194817]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{D785F48D-46C9-46A8-BC5F-DEB20F13DA13}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {C641B42D-570A-40CD-B895-55D9E003CC32} = 192.168.15.1,192.168.68.16
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 15:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="CB64B3230251822DD7D42EB5253E0DA1A92585FD462074982E72B430782E48CA1C93D12AA62CC278D070900E37E9C7F7C92C442E5314F503219D74CCA4D4C15DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7A841F1834E6936B9668F689EE8E8A63961329AA731E88E1CD976C905371C8B0504A7E4980CC2B4A7CBA3E1B20F6CA7A867D490D5A2E335122C1BE444FE59C6E2F3D7BB289DA370D7FE1F2120D6F8EEE28699CB070DE748E63A6608D863E05A2043AA1C31BC8AA74777F594BBB06C882DA5A358012B561F61851D382CF93586A9CEE096227653FF91C06B31956DD35A9602CA75BC4C8541CAC9C9F3127133393B05FC5E541126FC78B3CCBC1AAAC4E0D5F888E14ADC3EAC2EEBCCD99ADFA749F55E0F49D24437CBEC73F6DFD2B3CD7086271867298E587E594376EAE25A2BE460A9E36C92A83EA70347EE8FC6C6CD42D57BB32B07382D03233E414D876EEF9F12D98AD1E57ED02A61B3E15E02AAD10BE129036FDD28030094673D373AEDE5040049F0245CE354E5CAA94473F400716B6C66BBD7E6CDAD4802EE5C850FB013284B65BDF5B589E1F4074EFDF22B2923841119EF5C79BA13061AD1113B1B3FAD04550C5757263040AB5EB0EBC08A47F0BBE70CE0FE45E7878A9EC9F54CFCC03A53D4330788E7FD1E5D4EC0343E2E20FE744C472C055D895A78AF58DB257E268EAD9E3BA1FA8E189CFE9B2375C975A196C99D659438C5144FB6A392ED968B6881FBF6A5D252EE2BFA7F26065F4011C85F8BB5023D4F0B26478E10AA678972C5906C2F162C980009E91247A9FFCEDDE54B35B3EC336DE8B69613FA07140EACA61A66F7B69D1F3DAE2F4E4E9C6E99F7B96855C9405AEA38FD9C203165C67DFBEBF4C03EBE405D2B6DE7E517D14B3CC71F39AD7A903868215526A63EA872A66572285F00C9AADD77CF59F39E514571EE2A5E59937AF0CB21800E9CA046A47E2094F265F86261D363B248B9E3825D5B2937A1A235C4F9160B5A89654264E7FAB6B1DC5296E762592A1F3B83A6EFA339BEE54B2A89AF86B29B1210CD37F519B0EBA78BE5C354E9E84068866F6659E776002AA6B13D89CF3207356A8CE9CE4644B57E2AF3CB544E59A5F1692F3DEEAB1797F8546FD61F7884D06468D7C73CE2A95C3EE7CBE2AC2D8D54DE5828600106FD5BD85873AE2A10B2B9606A1CC5A28BE1529C6CC0E350A5C2A0ED63DB453124757B45B394C6F0160A8F93B0FDF8BDFF8E552250B89D9AA578188580F3B44C8D15484CD286D7ED4F32826A1438CA8373319B05AE643010D353945EF0A87255EAB166DB66509E82C32823689EF5BB3444C31564BD381766AE7A0F038FEBE2C54F45BD606C640"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-08 15:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-08 13:52
ComboFix2.txt 2009-06-07 19:31

Před spuštěním: Volných bajtů: 10 986 741 760
Po spuštění: Volných bajtů: 11 045 412 864

272 --- E O F --- 2009-05-31 01:01

Damned · Příspěvekod **Damned** » 08 čer 2009 16:43

Hmm, Moette už tam není. Pokud budeš stále něco instalovat a pak zas odinstalovávat výsledku se nedopídíme.

Vypni body obnovení a spusť MWAV a pak ulož někam celý log. Stáhnu si ho a podívám se na něj.

CZechBoY · Příspěvekod **CZechBoY** » 08 čer 2009 16:50

Instalovat a odinstalovávat ? :) jsem dal pryč jen ten logitech, snad už to bude dobrý.
Mám vypnout body obnovení a zapnout MWAV a proč vypnout body obnovení ?

Damned · Příspěvekod **Damned** » 08 čer 2009 17:21

Všechno co ComboFix smazal pochází ze dočasných složek. Většinou se to obnoví do těchto složek po spuštění PC. Obnoví se to ze složky System Volume Information. SVI je systémová složka s body obnovení, do které se i zapisují všechny spouštěné soubory.
Tedy pokud vypneš Body obnovení a my potom smažeme infekci ze složky C:\...... a až poté se zapnou Body obnovení nákaza se již neobjeví.
Takže: Vypnout Body obnovení, spustit sken MWAV (aktualizovat). Podle logu zjistím zda tam je šmejd v systému, nebo jen chybný zápis v registru. Odstraníme a pakud to bude bez závad, body Obnovení se zas zapnou a PC bude čisté.(bez šmejdů).

Pomalý PC

Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Re: Pomalý PC

Kdo je online