HDD není naformátován + zpomalené PC Vyřešeno

[Storm!k]

Nejde mi PC restartovat do nouzového režimu. Vždy se na zlomek sekundy objeví modrá obrazovka - je v příloze, ale není moc dobře čitelná a PC se hned restartuje , normálně ale spustit jde, tak nevim

píše to tam mimo jiné něco o virech...

[Reklama]

[Damned]

Spusť tedy RunThis.bat v normálním režimu. V modrý obrazovce si přečti co píšou. A napiš samozřejmě R (R. SafeBoot Repair Key a) "Enter".

Po opravě zkus ten nouzák.

[Storm!k]

Tak tady to je:


SDFix: Version 1.240
Run by Libor Novak on Łt 29.09.2009 at 20:27

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 20:53:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Libor Novak\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\web\\prog\\Apache2\\bin\\Apache.exe"="C:\\web\\prog\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\totalcmd\\totalcmd.exe"="C:\\Program Files\\totalcmd\\totalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Disabled:Speed"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Nokia\\Tools\\Nokia_S40_Theme_Studio\\S40ThemeStudio.exe"="C:\\Program Files\\Nokia\\Tools\\Nokia_S40_Theme_Studio\\S40ThemeStudio.exe:*:Disabled:Nokia S40 Theme Studio"
"C:\\Nokia\\Update_Manager\\bin\\UMClient.exe"="C:\\Nokia\\Update_Manager\\bin\\UMClient.exe:*:Disabled:Nokia Update Manager"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Disabled:Browser download plugin"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Disabled:BitLord"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\Libor Novak\\Local Settings\\Temp\\bulanci.tmp"="C:\\Documents and Settings\\Libor Novak\\Local Settings\\Temp\\bulanci.tmp:*:Enabled:bulanci"
"C:\\Program Files\\TTD\\TTDLOADW.OVL"="C:\\Program Files\\TTD\\TTDLOADW.OVL:*:Enabled:TTDLOADW"
"C:\\Program Files\\OpenTTD\\openttd.exe"="C:\\Program Files\\OpenTTD\\openttd.exe:*:Enabled:OpenTTD"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Electronic Arts\\Need For Speed - Porsche Unleashed\\Porsche.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed - Porsche Unleashed\\Porsche.exe:*:Enabled:Porsche"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe"="C:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe:*:Enabled:Heroes of Might and MagicR III"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgdiag.exe"="C:\\Program Files\\AVG\\AVG8\\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG8\\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Disabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :


Finished!

[Damned]

Složku SDFixu a SDFix smaž.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Storm!k]

Tak tady jsou ty logy:
btw. nádhera, už zase mám obsah disku D... jsi borec...

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2871
Windows 5.1.2600 Service Pack 2

29.9.2009 22:07:22
mbam-log-2009-09-29 (22-07-22).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 169648
Uplynulý čas: 22 minute(s), 14 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\lizkavd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EA7EEL8R\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Libor Novak\Nabídka Start\Programy\Po spuštění\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



A ještě ComboFix:

ComboFix 09-09-28.01 - Libor Novak 29.09.2009 22:20.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1488 [GMT 2:00]
Spuštěný z: c:\documents and settings\Libor Novak\Plocha\ComboFix.exe
AV: AVG Internet Security SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\hemeluhogu.pif
c:\documents and settings\All Users\Dokumenty\odenoli.exe
c:\program files\Common Files\kadukuwar.vbs
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\atydipija.dl
c:\windows\darap._dl
c:\windows\ipymo.scr
c:\windows\lukityxa.exe
c:\windows\system32\config\systemprofile\Local Settings\Data aplikacˇ\kuwamyma.bat
c:\windows\system32\drivers\gasfkycbodswgc.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gasfkyaiqjoyxu.dll
c:\windows\system32\gasfkyivmynmqw.dll
c:\windows\system32\gasfkyuyxepltf.dat
c:\windows\system32\gasfkyylklohsn.dat
c:\windows\system32\ieuinit.inf
c:\windows\system32\kyjusut.bat
c:\windows\system32\Packet.dll
c:\windows\system32\pibiqolu._dl
c:\windows\system32\pthreadVC.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\uqulunekis.vbs
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\yzit.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyvxehtkkw
-------\Legacy_NPF
-------\Service_gasfkyvxehtkkw
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-28 do 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 18:21 . 2009-09-29 20:09 -------- d-----w- c:\windows\ERUNT
2009-09-29 15:15 . 2009-09-29 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-29 13:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 13:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 13:29 . 2009-09-29 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 15:24 . 2009-09-23 15:24 13252 ----a-w- c:\windows\alityrewi.dat
2009-09-23 15:24 . 2009-09-23 15:24 10048 ----a-w- c:\windows\tysyf.dat
2009-09-05 10:10 . 2009-09-05 10:17 -------- d-----w- c:\program files\Mozilla Sunbird
2009-09-05 08:54 . 2009-09-29 14:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-04 14:51 . 2009-09-17 21:29 -------- d-----w- c:\program files\Subdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 15:15 . 2006-04-17 10:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\ACD Systems
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-03 15:06 . 2006-12-11 16:29 -------- d-----w- c:\program files\SpeedFan
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Freeze.com
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-14 17:11 . 2009-05-22 13:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 17:11 . 2009-05-22 13:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 17:11 . 2009-05-22 13:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2006-04-17 13:07 . 2006-04-17 11:30 21 ----a-w- c:\program files\Common Files\appop.log
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-05 491008]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-23 113664]
Monitor Apache Servers.lnk - c:\web\prog\Apache2\bin\ApacheMonitor.exe [2005-10-9 41042]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 17:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopRock"=c:\docume~1\LIBORN~1\LOCALS~1\Temp\b.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"pdfFactory Dispatcher v1"=c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\web\\prog\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\totalcmd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Download Express\\dep.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed - Porsche Unleashed\\Porsche.exe"=
"c:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9998:TCP"= 9998:TCP:BitComet 9998 TCP
"9998:UDP"= 9998:UDP:BitComet 9998 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [22.5.2009 15:36 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.5.2009 15:36 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.5.2009 15:36 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 11:42 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22.5.2009 15:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22.5.2009 15:36 297752]
S2 aabslklsahrfsx;aabslklsahrfsx;\??\c:\windows\system32\drivers\dlmxfkrt.sys --> c:\windows\system32\drivers\dlmxfkrt.sys [?]
S2 aawserviceAlerter;Lavasoft Ad-Aware Service aawserviceAlerter;c:\windows\TEMP\cqhtopdbyw.exe service --> c:\windows\TEMP\cqhtopdbyw.exe service [?]
S2 tkzcdgxd;tkzcdgxd;\??\c:\windows\system32\drivers\bgfroyvatxzw.sys --> c:\windows\system32\drivers\bgfroyvatxzw.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 11:42 7408]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2009-09-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost/slovicka|http://cs.sta ... s:official
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="c:\web\prog\mysql\bin\mysqld-nt --defaults-file=\"c:\web\prog\mysql\my.ini\" \"MySQL\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\±*ř
±*>]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="?\16\09"
"ReinstallString"="8.561.0.0000"
"DeviceInstanceIds"=multi:"c:\\program files\\ati\\support\\8-12agp-hotfix_xp32_dd_ccc_72281\\driver\\xp_inf\\cx_72281.inf\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1420)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\windows\system32\ati2evxx.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-09-29 22:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-29 20:31

Před spuštěním: 1 603 395 584
Po spuštění: 1 491 398 656

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=R583VY /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=R583VY-BAK

267

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\alityrewi.dat
c:\windows\tysyf.dat
c:\docume~1\LIBORN~1\LOCALS~1\Temp\b.exe
c:\windows\system32\drivers\dlmxfkrt.sys
c:\windows\TEMP\cqhtopdbyw.exe
c:\windows\system32\drivers\bgfroyvatxzw.sys

Driver::
dlmxfkrt
aabslklsahrfsx;aabslklsahrfsx
aabslklsahrfsx
aawserviceAlerter;Lavasoft Ad-Aware Service aawserviceAlerter
aawserviceAlerter
tkzcdgxd;tkzcdgxd
tkzcdgxd
bgfroyvatxzw

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopRock"=-
"NeroFilterCheck"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

Rootkit::
c:\windows\system32\drivers\bgfroyvatxzw.sys
c:\windows\system32\drivers\dlmxfkrt.sys




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Storm!k]

Je to nádhera, počítač se chová jak novej... žádné chybové hlášky po startu, disk D normálně funguje, žádný klonujícíse procesy po startu nenabíhají... počítač zdá se být opět rychlej... super


ComboFix 09-09-28.01 - Libor Novak 29.09.2009 23:30.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1524 [GMT 2:00]
Spuštěný z: c:\documents and settings\Libor Novak\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Libor Novak\Plocha\CFScript.txt
AV: AVG Internet Security SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\LIBORN~1\LOCALS~1\Temp\b.exe"
"c:\windows\alityrewi.dat"
"c:\windows\system32\drivers\bgfroyvatxzw.sys"
"c:\windows\system32\drivers\dlmxfkrt.sys"
"c:\windows\TEMP\cqhtopdbyw.exe"
"c:\windows\tysyf.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\alityrewi.dat
c:\windows\system32\config\systemprofile\Local Settings\Data aplikacˇ\kuwamyma.bat
c:\windows\tysyf.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AABSLKLSAHRFSX
-------\Legacy_AAWSERVICEALERTER
-------\Legacy_TKZCDGXD
-------\Service_aabslklsahrfsx
-------\Service_aawserviceAlerter
-------\Service_tkzcdgxd


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-28 do 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 18:21 . 2009-09-29 20:09 -------- d-----w- c:\windows\ERUNT
2009-09-29 15:15 . 2009-09-29 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-29 13:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 13:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 13:29 . 2009-09-29 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 10:10 . 2009-09-05 10:17 -------- d-----w- c:\program files\Mozilla Sunbird
2009-09-05 08:54 . 2009-09-29 20:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-04 14:51 . 2009-09-17 21:29 -------- d-----w- c:\program files\Subdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 15:15 . 2006-04-17 10:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\ACD Systems
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-03 15:06 . 2006-12-11 16:29 -------- d-----w- c:\program files\SpeedFan
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Freeze.com
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-14 17:11 . 2009-05-22 13:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 17:11 . 2009-05-22 13:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 17:11 . 2009-05-22 13:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2006-04-17 13:07 . 2006-04-17 11:30 21 ----a-w- c:\program files\Common Files\appop.log
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-05 491008]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-23 113664]
Monitor Apache Servers.lnk - c:\web\prog\Apache2\bin\ApacheMonitor.exe [2005-10-9 41042]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 17:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"pdfFactory Dispatcher v1"=c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\web\\prog\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\totalcmd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Download Express\\dep.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed - Porsche Unleashed\\Porsche.exe"=
"c:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9998:TCP"= 9998:TCP:BitComet 9998 TCP
"9998:UDP"= 9998:UDP:BitComet 9998 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [22.5.2009 15:36 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.5.2009 15:36 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.5.2009 15:36 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 11:42 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22.5.2009 15:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22.5.2009 15:36 297752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 11:42 7408]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2009-09-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Cz\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost/slovicka|http://cs.sta ... s:official
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 23:37
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="c:\web\prog\mysql\bin\mysqld-nt --defaults-file=\"c:\web\prog\mysql\my.ini\" \"MySQL\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\±*ř
±*>]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="?\16\09"
"ReinstallString"="8.561.0.0000"
"DeviceInstanceIds"=multi:"c:\\program files\\ati\\support\\8-12agp-hotfix_xp32_dd_ccc_72281\\driver\\xp_inf\\cx_72281.inf\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3512)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\windows\system32\ati2evxx.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\web\prog\mysql\bin\mysqld-nt.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-09-29 23:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-29 21:41

Před spuštěním: 1 495 404 544
Po spuštění: 1 465 532 416

222


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:33, on 29.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\web\prog\Apache2\bin\Apache.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\web\prog\Apache2\bin\Apache.exe
C:\web\prog\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\web\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Libor Novak\Dokumenty\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - S-1-5-18 Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User 'Default user')
O4 - .DEFAULT Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\web\prog\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5286058125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5287333328
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\web\prog\Apache2\bin\Apache.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\web\prog\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 7711 bytes

[Damned]

Ještě zbytky těch rootkitů.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
C:\Program Files\WinPcap

Driver::
mchInjDrv
Remote Packet Capture Protocol v.0 (experimental) (rpcapd)
rpcapd




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Storm!k]

Už to nechám na zejtra...

[Damned]

Ale sto pro to udělej, protože ty drivery určitě nejsou košer. A pak mi sem dej logy. Jinak kdyby si proved tak za 15 min by to bylo echt!

[Storm!k]

Jsem už fakt musel jít spát... ráno brzo vstávat, fuj...
Dneska jsem to znova projel ComboFixem a HJT.
Jinak nevim, jak bych se ti odvděčil, protože PC teď jede jak nové, hlavně jsem díky tobě nepřišel o obsah celého druhého disku a nemusel přeinstalovat celé PC, což jsem už jednou dělal na notebooku a podruhé už bych to asi nepřežil . Fakt díky...


ComboFix 09-09-28.01 - Libor Novak 30.09.2009 17:07.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1541 [GMT 2:00]
Spuštěný z: c:\documents and settings\Libor Novak\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Libor Novak\Plocha\CFScript.txt
AV: AVG Internet Security SBS Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Local Settings\Data aplikacˇ\kuwamyma.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
-------\Service_rpcapd


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-28 do 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-29 18:21 . 2009-09-29 20:09 -------- d-----w- c:\windows\ERUNT
2009-09-29 15:15 . 2009-09-29 15:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-29 13:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 13:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 13:29 . 2009-09-29 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 10:10 . 2009-09-05 10:17 -------- d-----w- c:\program files\Mozilla Sunbird
2009-09-05 08:54 . 2009-09-29 20:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-04 14:51 . 2009-09-17 21:29 -------- d-----w- c:\program files\Subdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 15:15 . 2006-04-17 10:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\ACD Systems
2009-09-20 21:28 . 2008-03-26 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-03 15:06 . 2006-12-11 16:29 -------- d-----w- c:\program files\SpeedFan
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Freeze.com
2009-08-24 10:10 . 2009-08-24 10:10 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-14 17:11 . 2009-05-22 13:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 17:11 . 2009-05-22 13:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 17:11 . 2009-05-22 13:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2006-04-17 13:07 . 2006-04-17 11:30 21 ----a-w- c:\program files\Common Files\appop.log
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2002-07-05 491008]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-23 113664]
Monitor Apache Servers.lnk - c:\web\prog\Apache2\bin\ApacheMonitor.exe [2005-10-9 41042]

c:\documents and settings\Libor Novak\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2005-8-15 830976]
MySQL System Tray Monitor.lnk - c:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe [2006-2-16 986624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-14 17:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"pdfFactory Dispatcher v1"=c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\web\\prog\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\totalcmd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Download Express\\dep.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed - Porsche Unleashed\\Porsche.exe"=
"c:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9998:TCP"= 9998:TCP:BitComet 9998 TCP
"9998:UDP"= 9998:UDP:BitComet 9998 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [22.5.2009 15:36 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.5.2009 15:36 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.5.2009 15:36 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.9.2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.9.2009 11:42 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22.5.2009 15:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22.5.2009 15:36 297752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.9.2009 11:42 7408]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2009-09-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
IE: Stáhnout pomocí Download &Express - c:\program files\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost/slovicka|http://cs.sta ... s:official
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Libor Novak\Data aplikací\Mozilla\Firefox\Profiles\0e2j9d29.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 17:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="c:\web\prog\mysql\bin\mysqld-nt --defaults-file=\"c:\web\prog\mysql\my.ini\" \"MySQL\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\±*ř
±*>]
"DisplayName"="?\11"
"DeviceDesc"="?\11"
"ProviderName"="?\11???\11\08"
"MFG"="?\16\09"
"ReinstallString"="8.561.0.0000"
"DeviceInstanceIds"=multi:"c:\\program files\\ati\\support\\8-12agp-hotfix_xp32_dd_ccc_72281\\driver\\xp_inf\\cx_72281.inf\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3480)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\windows\system32\ati2evxx.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\web\prog\Apache2\bin\Apache.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-09-30 17:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-30 15:17
ComboFix2.txt 2009-09-29 21:41

Před spuštěním: 1 383 763 968
Po spuštění: 1 352 232 960



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:37, on 30.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\web\prog\Apache2\bin\Apache.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\web\prog\Apache2\bin\Apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\web\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Libor Novak\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Libor Novak\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Libor Novak\Dokumenty\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - S-1-5-18 Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User 'Default user')
O4 - .DEFAULT Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: MySQL System Tray Monitor.lnk = C:\web\prog\mysql_monitor\MySQLSystemTrayMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\web\prog\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Stáhnout pomocí Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5286058125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5287333328
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\web\prog\Apache2\bin\Apache.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\web\prog\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[Damned]

Logy jsou čisté.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.