Prosim o skontrolovanie logu

[Lukmenko]

Ahoj.Mam podozrenie že mam v počitači virus.mam spomaleny internet.
Logfile of HijackThis v1.99.1
Scan saved at 23:56:45, on 6. 7. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\rserver30\RServer3.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\System32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Lukas\Dokumenty\Preberanie\HijackThis.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\System32\rserver30\RServer3.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[Lukmenko]

Spravil som log aj s combofixom

ComboFix 10-07-06.02 - Lukas . 07. 2010 23:40:10.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1502 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukas\Dokumenty\Preberanie\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 12:15 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-06 12:13 . 2010-07-06 12:13 -------- d-----w- c:\program files\Panda Security
2010-07-06 11:41 . 2010-07-06 12:03 -------- d-----w- c:\program files\RegScrubXP
2010-07-06 11:36 . 2010-07-06 11:37 -------- d-----w- c:\program files\RegCleaner
2010-07-06 10:55 . 2010-07-06 10:55 -------- d-----w- c:\program files\CCleaner
2010-07-04 07:52 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-04 07:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-02 17:48 . 2010-07-02 17:42 720896 ----a-w- c:\windows\iun6002.exe
2010-07-02 17:42 . 2010-07-02 17:48 -------- d-----w- c:\program files\Condition Zero
2010-06-27 16:52 . 2010-06-27 16:53 -------- d-----w- c:\program files\Nero
2010-06-27 16:52 . 2010-06-27 16:53 -------- d-----w- c:\program files\Common Files\Nero
2010-06-26 12:39 . 2010-06-26 12:39 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-26 11:07 . 2010-07-02 11:25 -------- d-----w- c:\program files\diablo2
2010-06-08 12:25 . 2010-06-08 12:25 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 19:40 . 2010-02-28 13:03 -------- d-----w- c:\program files\Warcraft III
2010-07-06 11:30 . 2009-03-26 11:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 11:30 . 2010-01-03 19:15 -------- d-----w- c:\program files\18 WoS Across America
2010-07-06 07:52 . 2010-05-28 09:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-05 21:28 . 2010-04-03 12:55 -------- d-----w- c:\program files\World of Warcraft
2010-06-28 20:57 . 2010-05-15 08:39 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-15 08:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-15 08:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-15 08:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-15 08:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-15 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-15 08:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-15 13:27 . 2001-10-25 12:00 69760 ----a-w- c:\windows\system32\perfc005.dat
2010-06-15 13:27 . 2001-10-25 12:00 392842 ----a-w- c:\windows\system32\perfh005.dat
2010-06-03 17:03 . 2010-06-03 16:52 -------- d-----w- c:\program files\E.M. Free Game Capture
2010-06-02 02:55 . 2010-07-02 13:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-02 13:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-02 13:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-29 11:59 . 2010-05-29 11:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 09:22 . 2009-11-30 18:58 -------- d-----w- c:\program files\DivX
2010-05-28 09:21 . 2010-05-28 09:21 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-28 09:09 . 2009-10-01 18:38 96256 ----a-w- c:\windows\system32\drivers\sptd8733.sys
2010-05-28 09:02 . 2009-03-26 10:03 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-28 09:02 . 2009-03-26 10:03 2724 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-28 08:59 . 2009-03-26 10:03 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-26 09:41 . 2010-07-02 13:30 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-02 13:30 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-02 13:30 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-02 13:30 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-02 13:30 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-15 08:39 . 2010-05-15 08:39 -------- d-----w- c:\program files\Alwil Software
2010-05-15 07:50 . 2010-05-15 07:50 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-12 06:00 . 2010-02-28 13:04 78466 ----a-w- c:\windows\War3Unin.dat
2010-04-29 14:40 . 2010-04-29 14:40 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-04-29 14:40 . 2010-04-29 14:40 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-04-29 14:40 . 2010-04-29 14:40 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-04-29 14:40 . 2010-04-29 14:40 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Lukas\\Plocha\\muheheheh - Formule\\TmForever.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Documents and Settings\\Lukas\\Dokumenty\\Preberanie\\teamspeak3-server_win32\\ts3server_win32.exe"=
"c:\\Program Files\\Condition Zero\\hl.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6. 7. 2010 14:15 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15. 5. 2010 10:39 165456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16. 11. 2009 10:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16. 11. 2009 10:06 96408]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [9. 10. 2009 15:00 46304]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [29. 4. 2010 16:40 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4. 7. 2010 9:52 17744]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30. 3. 2010 11:16 1107336]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [9. 10. 2009 15:00 1242504]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1. 10. 2009 20:38 642560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\dragon age\bin_ship\daupdatersvc.service.exe [7. 2. 2010 14:32 25832]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [1. 10. 2009 20:39 223128]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\zhikmr2y.default\
FF - component: c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\zhikmr2y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 23:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1177238915-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-07-06 23:45:16
ComboFix-quarantined-files.txt 2010-07-06 21:45
ComboFix2.txt 2010-07-06 21:20

Před spuštěním: Volných bajtů: 120 139 530 240
Po spuštění: Volných bajtů: 120 127 754 240

- - End Of File - - 5F1CD928476E2C4BE0A3C0849B1A82A5

[motji]

Hezké odpoledne
Změnilo se něco po použití combofixu?

Ještě poprosím o log ze rsitu, viz můj podpis. Jinak si přečtte varování o použití combofixu v mém podpise .

[Lukmenko]

chvilu po použiti combofixu zamrzl počitač nedal sa ani vypnut musel som ho vypnut zozadu.ale potom mi nabehlo zas vsetko normalne internet mi uz vobec nespomaluje akorat ked hram daku online hru tak mi to skoro stale hadze disconect.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Lukas at 2010-07-08 13:20:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 114 GB (37%) free of 305 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:13, on 8. 7. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lukas\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\Lukas.exe
C:\WINDOWS\system32\wscntfy.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 2744 bytes

======Registry dump======

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Lukas\Plocha\muheheheh - Formule\TmForever.exe"="C:\Documents and Settings\Lukas\Plocha\muheheheh - Formule\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Lukas\Dokumenty\Preberanie\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Lukas\Dokumenty\Preberanie\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\Condition Zero\hl.exe"="C:\Program Files\Condition Zero\hl.exe:*:Disabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-08 13:20:42 ----D---- C:\Program Files\trend micro
2010-07-08 13:20:41 ----D---- C:\rsit
2010-07-07 00:04:35 ----SHD---- C:\RECYCLER
2010-07-06 23:45:18 ----D---- C:\WINDOWS\temp
2010-07-06 23:45:16 ----A---- C:\ComboFix.txt
2010-07-06 23:13:57 ----RASHD---- C:\cmdcons
2010-07-06 23:09:33 ----A---- C:\WINDOWS\PEV.exe
2010-07-06 23:09:33 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-06 23:09:33 ----A---- C:\WINDOWS\MBR.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\zip.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\SWSC.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\SWREG.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\sed.exe
2010-07-06 23:09:32 ----A---- C:\WINDOWS\grep.exe
2010-07-06 23:09:21 ----D---- C:\WINDOWS\ERDNT
2010-07-06 23:04:50 ----D---- C:\Qoobox
2010-07-06 22:59:09 ----D---- C:\Documents and Settings\Lukas\Data aplikací\QuickScan
2010-07-06 14:13:27 ----D---- C:\Program Files\Panda Security
2010-07-06 13:41:23 ----D---- C:\Program Files\RegScrubXP
2010-07-06 13:36:04 ----D---- C:\Program Files\RegCleaner
2010-07-06 12:55:34 ----D---- C:\Program Files\CCleaner
2010-07-02 19:48:13 ----A---- C:\WINDOWS\iun6002.exe
2010-07-02 19:42:14 ----D---- C:\Program Files\Condition Zero
2010-07-02 15:30:52 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-07-02 15:30:52 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-07-02 15:30:52 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-07-02 15:30:52 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-07-02 15:30:52 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-07-02 15:30:51 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-07-02 15:30:50 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-07-02 15:30:50 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-07-02 15:30:50 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-07-02 15:30:48 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-07-02 15:30:48 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-07-02 15:30:48 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-07-02 15:30:48 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-07-02 15:28:02 ----HD---- C:\WINDOWS\msdownld.tmp
2010-06-27 18:53:58 ----D---- C:\Documents and Settings\Lukas\Data aplikací\Nero
2010-06-27 18:52:31 ----D---- C:\Program Files\Nero
2010-06-27 18:52:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Nero
2010-06-27 18:52:20 ----D---- C:\Program Files\Common Files\Nero
2010-06-26 14:39:27 ----D---- C:\Program Files\LogMeIn Hamachi
2010-06-26 13:07:28 ----D---- C:\Program Files\diablo2

======List of files/folders modified in the last 1 months======

2010-07-08 13:20:57 ----D---- C:\WINDOWS\Prefetch
2010-07-08 13:20:42 ----RD---- C:\Program Files
2010-07-08 13:16:40 ----D---- C:\Program Files\Warcraft III
2010-07-08 10:45:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-08 10:42:27 ----D---- C:\WINDOWS\system32\drivers
2010-07-08 10:07:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-08 10:04:46 ----SHD---- C:\WINDOWS\Installer
2010-07-08 10:04:46 ----D---- C:\WINDOWS\system32\rserver30
2010-07-08 10:04:45 ----D---- C:\WINDOWS
2010-07-07 12:40:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2010-07-06 23:44:03 ----A---- C:\WINDOWS\system.ini
2010-07-06 23:42:47 ----D---- C:\WINDOWS\system32
2010-07-06 23:42:47 ----D---- C:\WINDOWS\AppPatch
2010-07-06 23:42:45 ----D---- C:\Program Files\Common Files
2010-07-06 23:14:00 ----RASH---- C:\boot.ini
2010-07-06 14:15:44 ----HD---- C:\WINDOWS\inf
2010-07-06 13:30:07 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-06 13:30:03 ----D---- C:\Program Files\18 WoS Across America
2010-07-06 12:57:20 ----D---- C:\WINDOWS\Minidump
2010-07-06 12:57:20 ----D---- C:\WINDOWS\Debug
2010-07-05 23:28:03 ----D---- C:\Program Files\World of Warcraft
2010-07-03 16:29:52 ----D---- C:\WINDOWS\system32\DirectX
2010-06-28 22:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-06-28 15:29:48 ----D---- C:\Program Files\Mozilla Firefox
2010-06-28 10:42:03 ----D---- C:\Documents and Settings\Lukas\Data aplikací\Mumble
2010-06-15 15:27:59 ----D---- C:\WINDOWS\system32\wbem
2010-06-15 15:27:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-15 15:27:41 ----SD---- C:\Documents and Settings\Lukas\Data aplikací\Microsoft
2010-06-15 15:08:50 ----D---- C:\Program Files\WinRAR
2010-06-15 15:04:09 ----D---- C:\ALFA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-04-29 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-11-16 116520]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2009-10-01 223128]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\Lukas\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 mirrorv3;mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [2009-10-09 3328]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 vncmirror;vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [2008-10-14 4608]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-05-16 159812]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]

-----------------EOF-----------------

[motji]

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Lukmenko]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4293

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8. 7. 2010 22:07:45
mbam-log-2010-07-08 (22-07-45).txt

Typ skenu: Úplný sken (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Skenované objekty: 291294
Uplynulý čas: 47 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

Jak to vypadá s počítačem? Lagy pořád a jinak bez problémů?

[Lukmenko]

no myslim ze uz to akosi pominulo hh. lagy presly disconecty to uz tiez nehadze. dakjume za kontrolu tich logou

[motji]

Ještě uklidíme

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[Lukmenko]

nemozem si ten combofix nechat ? cc cleaner mam .

[motji]

Nemůžete
Nedoporučuje se ho používat bez dozoru, navíc je velmi často aktualizován, je potřeba stahnout nový.