VIRY.CZ

ComboFix 12-01-10.02 - Jetyxx 11.01.2012 15:02:56.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.591 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jetyxx\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Plocha\PC Fix 2011.lnk
c:\program files\PCFix
c:\program files\PCFix\AssistPCFix.exe
c:\program files\PCFix\Loading.gif
c:\program files\PCFix\PCFix.exe
c:\program files\PCFix\rebooter.exe
c:\program files\PCFix\unins000.dat
c:\program files\PCFix\unins000.exe
c:\program files\PCFix\unins000.msg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-11 do 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-10 15:59 . 2012-01-10 16:00 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\PCFix
2012-01-09 19:32 . 2012-01-09 19:32 -------- d-----w- C:\Skrytá složka
2012-01-09 18:56 . 2012-01-09 18:56 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\TechSmith
2012-01-09 18:55 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2012-01-09 18:55 . 2012-01-09 18:55 -------- d-----w- c:\windows\system32\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-01-09 18:52 . 2012-01-09 18:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TechSmith
2012-01-09 18:52 . 2012-01-09 18:52 -------- d-----w- c:\program files\TechSmith
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCFix
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\program files\AV Music Morpher Gold
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avnex
2012-01-09 18:46 . 2012-01-10 12:50 -------- d-----w- c:\program files\AV Vcs 4.0
2012-01-09 15:48 . 2006-02-05 21:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2012-01-09 15:48 . 2006-02-05 21:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2012-01-09 15:48 . 2012-01-09 15:49 -------- d-----w- c:\program files\ScreenVCR
2012-01-07 10:08 . 2012-01-11 13:37 -------- d-----w- c:\windows\system32\NtmsData
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Avira
2012-01-07 10:02 . 2012-01-08 10:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-07 10:02 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-07 10:02 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\program files\Avira
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-01-05 23:03 . 2012-01-05 23:03 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Outlook
2012-01-05 14:09 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-05 11:11 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-01-05 11:11 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-01-05 11:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002596_.tmp
2012-01-05 11:07 . 2012-01-05 11:07 -------- d-----w- c:\windows\EHome
2011-12-29 07:04 . 2012-01-11 13:40 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\Htc
2011-12-19 08:23 . 2011-12-19 08:23 -------- d-----w- c:\documents and settings\Jetyxx\kbpki
2011-12-19 08:21 . 2011-12-19 08:21 -------- d-----w- c:\windows\Sun
2011-12-13 12:05 . 2011-12-13 12:21 -------- d-----w- c:\program files\Counter-Strike Source
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 09:56 . 2011-10-11 15:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 23:15 . 2011-12-01 23:15 137024 ----a-w- c:\documents and settings\Jetyxx\Data aplikací\1704.exe
2011-11-10 04:54 . 2011-11-09 22:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-11-09 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-27 19:41 . 2011-10-27 19:41 34064 ----a-w- c:\windows\system32\lhacm.acm
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-09_06.38.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-01-11 13:41 . 2012-01-11 13:41 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
- 2004-08-18 12:00 . 2012-01-08 23:33 60376 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2012-01-11 13:45 60376 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-01-08 23:33 71282 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-01-11 13:45 71282 c:\windows\system32\perfc005.dat
- 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2004-08-18 12:00 . 2012-01-08 23:33 399964 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2012-01-11 13:45 399964 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2012-01-08 23:33 397586 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2012-01-11 13:45 397586 c:\windows\system32\perfh005.dat
+ 2012-01-09 18:55 . 2012-01-09 18:55 680448 c:\windows\Installer\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}\IconEF5C48881.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2001-09-05 20:00 . 2001-09-05 20:00 1700352 c:\windows\system32\gdiplus.dll
+ 2012-01-09 18:55 . 2012-01-09 18:55 8747520 c:\windows\Installer\117d2f3.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7.1.2012 11:02 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.10.2011 18:23 232512]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.1.2012 11:02 86224]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 17:13 87040]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5.11.2011 17:39 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 18:01 21248]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-PCFix - c:\program files\PCFix\PCFix.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-11 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-01-11 15:10:46
ComboFix-quarantined-files.txt 2012-01-11 14:10
ComboFix2.txt 2012-01-09 06:42
ComboFix3.txt 2011-12-05 20:13
ComboFix4.txt 2011-12-05 19:40
ComboFix5.txt 2012-01-11 14:01
.
Před spuštěním: Volných bajtů: 120 143 679 488
Po spuštění: Volných bajtů: 120 123 547 648
.
- - End Of File - - 071CDE8274E1DD411D7DC0095C98F751

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\documents and settings\Jetyxx\Data aplikací\PCFix
  c:\documents and settings\All Users\Data aplikací\PCFix
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-01-10.02 - Jetyxx 11.01.2012 22:41:29.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.679 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jetyxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jetyxx\Plocha\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-11 do 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-10 15:59 . 2012-01-10 16:00 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\PCFix
2012-01-09 19:32 . 2012-01-09 19:32 -------- d-----w- C:\Skrytá složka
2012-01-09 18:56 . 2012-01-09 18:56 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\TechSmith
2012-01-09 18:55 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2012-01-09 18:55 . 2012-01-09 18:55 -------- d-----w- c:\windows\system32\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-01-09 18:52 . 2012-01-09 18:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TechSmith
2012-01-09 18:52 . 2012-01-09 18:52 -------- d-----w- c:\program files\TechSmith
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCFix
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\program files\AV Music Morpher Gold
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avnex
2012-01-09 18:46 . 2012-01-10 12:50 -------- d-----w- c:\program files\AV Vcs 4.0
2012-01-09 15:48 . 2006-02-05 21:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2012-01-09 15:48 . 2006-02-05 21:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2012-01-09 15:48 . 2012-01-09 15:49 -------- d-----w- c:\program files\ScreenVCR
2012-01-07 10:08 . 2012-01-11 13:37 -------- d-----w- c:\windows\system32\NtmsData
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Avira
2012-01-07 10:02 . 2012-01-08 10:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-07 10:02 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-07 10:02 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\program files\Avira
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-01-05 23:03 . 2012-01-05 23:03 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Outlook
2012-01-05 14:09 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-05 11:11 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-01-05 11:11 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-01-05 11:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002596_.tmp
2012-01-05 11:07 . 2012-01-05 11:07 -------- d-----w- c:\windows\EHome
2011-12-29 07:04 . 2012-01-11 21:48 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\Htc
2011-12-19 08:23 . 2011-12-19 08:23 -------- d-----w- c:\documents and settings\Jetyxx\kbpki
2011-12-19 08:21 . 2011-12-19 08:21 -------- d-----w- c:\windows\Sun
2011-12-13 12:05 . 2011-12-13 12:21 -------- d-----w- c:\program files\Counter-Strike Source
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 09:56 . 2011-10-11 15:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 23:15 . 2011-12-01 23:15 137024 ----a-w- c:\documents and settings\Jetyxx\Data aplikací\1704.exe
2011-11-10 04:54 . 2011-11-09 22:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-11-09 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-27 19:41 . 2011-10-27 19:41 34064 ----a-w- c:\windows\system32\lhacm.acm
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-11_14.08.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 21:48 . 2012-01-11 21:48 16384 c:\windows\temp\Perflib_Perfdata_290.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 60376 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 60376 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 71282 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 71282 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 399964 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 399964 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 397586 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 397586 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

Co nas pacient

ComboFix 12-01-10.02 - Jetyxx 11.01.2012 22:41:29.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.679 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jetyxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jetyxx\Plocha\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-11 do 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-10 15:59 . 2012-01-10 16:00 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\PCFix
2012-01-09 19:32 . 2012-01-09 19:32 -------- d-----w- C:\Skrytá složka
2012-01-09 18:56 . 2012-01-09 18:56 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\TechSmith
2012-01-09 18:55 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2012-01-09 18:55 . 2012-01-09 18:55 -------- d-----w- c:\windows\system32\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\QuickTime
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-01-09 18:52 . 2012-01-09 18:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TechSmith
2012-01-09 18:52 . 2012-01-09 18:52 -------- d-----w- c:\program files\TechSmith
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCFix
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\program files\AV Music Morpher Gold
2012-01-09 18:48 . 2012-01-09 18:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avnex
2012-01-09 18:46 . 2012-01-10 12:50 -------- d-----w- c:\program files\AV Vcs 4.0
2012-01-09 15:48 . 2006-02-05 21:06 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2012-01-09 15:48 . 2006-02-05 21:01 122880 ----a-w- c:\windows\system32\ScreenSource.ax
2012-01-09 15:48 . 2012-01-09 15:49 -------- d-----w- c:\program files\ScreenVCR
2012-01-07 10:08 . 2012-01-11 13:37 -------- d-----w- c:\windows\system32\NtmsData
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Avira
2012-01-07 10:02 . 2012-01-08 10:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-07 10:02 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-07 10:02 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\program files\Avira
2012-01-07 10:02 . 2012-01-07 10:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-01-05 23:03 . 2012-01-05 23:03 -------- d-----w- c:\documents and settings\Jetyxx\Data aplikací\Outlook
2012-01-05 14:09 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-05 11:11 . 2008-04-14 07:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-01-05 11:11 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-01-05 11:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002596_.tmp
2012-01-05 11:07 . 2012-01-05 11:07 -------- d-----w- c:\windows\EHome
2011-12-29 07:04 . 2012-01-11 21:48 -------- d-----w- c:\documents and settings\Jetyxx\Local Settings\Data aplikací\Htc
2011-12-19 08:23 . 2011-12-19 08:23 -------- d-----w- c:\documents and settings\Jetyxx\kbpki
2011-12-19 08:21 . 2011-12-19 08:21 -------- d-----w- c:\windows\Sun
2011-12-13 12:05 . 2011-12-13 12:21 -------- d-----w- c:\program files\Counter-Strike Source
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 09:56 . 2011-10-11 15:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 23:15 . 2011-12-01 23:15 137024 ----a-w- c:\documents and settings\Jetyxx\Data aplikací\1704.exe
2011-11-10 04:54 . 2011-11-09 22:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-11-09 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-27 19:41 . 2011-10-27 19:41 34064 ----a-w- c:\windows\system32\lhacm.acm
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-11_14.08.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 21:48 . 2012-01-11 21:48 16384 c:\windows\temp\Perflib_Perfdata_290.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 60376 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 60376 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 71282 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 71282 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 399964 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 399964 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2012-01-11 13:45 397586 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2012-01-11 21:07 397586 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7.1.2012 11:02 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.10.2011 18:23 232512]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7.1.2012 11:02 86224]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 17:13 87040]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 18:01 21248]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5.11.2011 17:39 24576]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-11 22:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\mHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\HTC\Internet Pass-Through\htcnat.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-01-11 22:51:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-11 21:51
ComboFix2.txt 2012-01-11 14:10
ComboFix3.txt 2012-01-09 06:42
ComboFix4.txt 2011-12-05 20:13
ComboFix5.txt 2012-01-11 21:40
.
Před spuštěním: Volných bajtů: 119 383 625 728
Po spuštění: Volných bajtů: 119 371 419 648
.
- - End Of File - - 541654F3F68137F4EA834F55565FACCD


Omlouvam se ale neni moc času.

Log je OK, jak se chova PC