VIRY.CZ

ComboFix 10-01-04.01 - Owner 07.01.2010 17:15:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1918.1518 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\ofah.inf
c:\documents and settings\Owner\Cookies\cefecike.reg
c:\documents and settings\Owner\Cookies\hutodag.dl
c:\documents and settings\Owner\Cookies\mabusadyv.scr
c:\documents and settings\Owner\Cookies\mohahig.pif
c:\documents and settings\Owner\Cookies\xifyhuni.scr
c:\documents and settings\Owner\Local Settings\Data aplikacˇ\akupy.inf
C:\Thumbs.db
c:\windows\acuti.exe
c:\windows\ciluqak.bat
c:\windows\cywyvuqega.bat
c:\windows\kodagexo.reg
c:\windows\system32\ieuinit.inf
c:\windows\system32\Thumbs.db
c:\windows\system32\uliqi.reg
c:\windows\yjexab.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.

2009-12-24 11:05 . 2010-01-04 13:18 -------- d-----w- C:\JIRKA_FILMY
2009-12-18 21:57 . 2009-12-18 21:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-18 20:00 . 2009-12-18 20:00 -------- d-----w- c:\program files\IObit
2009-12-18 19:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-18 19:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-18 19:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-18 19:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-18 19:54 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-18 19:54 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-18 19:54 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-18 19:54 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-18 19:53 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-18 19:52 . 2009-12-18 19:52 -------- d-----w- c:\program files\Alwil Software
2009-12-17 11:13 . 2010-01-07 16:17 0 ----a-w- c:\windows\system32\drivers\nwixc.sys
2009-12-17 11:13 . 2009-12-18 20:53 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 15:56 . 2009-01-07 22:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-19 07:56 . 2009-04-21 05:34 -------- d-----w- c:\program files\Google
2009-12-18 20:06 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-18 20:06 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 05:26 . 2004-08-18 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 06:31 . 2009-01-07 19:35 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-13 19:26 . 2009-10-13 19:26 17523 ----a-w- c:\program files\Common Files\kazyxo.dl
2009-10-13 19:26 . 2009-10-13 19:26 17457 ----a-w- c:\windows\qizo.bin
2009-10-13 19:26 . 2009-10-13 19:26 16630 ----a-w- c:\program files\Common Files\uvoxufo._sy
2009-10-13 19:26 . 2009-10-13 19:26 16095 ----a-w- c:\program files\Common Files\ovinyqeha.db
2009-10-13 19:26 . 2009-10-13 19:26 15978 ----a-w- c:\windows\system32\doci.dat
2009-10-13 19:26 . 2009-10-13 19:26 15784 ----a-w- c:\windows\system32\pate.exe
2009-10-13 19:26 . 2009-10-13 19:26 12534 ----a-w- c:\windows\system32\velejyn.dll
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-03-21 14:09 . 2004-08-18 12:00 161513 --sha-r- c:\windows\system32\pgyvbmqk.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Google Update"="c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-08 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5001:TCP"= 5001:TCP:vvliztd

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.12.2009 20:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.12.2009 20:54 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [18.12.2009 21:00 312592]
R3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\drivers\vmcam326av.sys [8.1.2009 20:01 104960]
R3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys [8.1.2009 20:01 480128]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.1.2009 21:13 717296]
S2 fexqwfndc;Installer Boot;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 13:00 14336]
S2 gupdate1c9c242d6603d52;Google Update Service (gupdate1c9c242d6603d52);c:\program files\Google\Update\GoogleUpdate.exe [21.4.2009 6:34 133104]
S2 lsrgcb;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [18.8.2004 13:00 14336]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - nwixc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lsrgcb
fexqwfndc
.
Obsah adresáře 'Naplánované úlohy'

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B08C613D-93E2-4707-B13A-0A1F1D97E8FE} = 217.197.150.168,217.197.152.145
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ActiveSetup-ccc-core-static - msiexec
AddRemove-Adobe Acrobat Connect Add-in - c:\documents and settings\Owner\Data aplikac?acromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 17:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fexqwfndc]
"ServiceDll"="c:\windows\system32\pgyvbmqk.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lsrgcb]
"ServiceDll"="c:\windows\system32\pgyvbmqk.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nwixc]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-07 17:18:20
ComboFix-quarantined-files.txt 2010-01-07 16:18

Před spuštěním: Volných bajtů: 28 259 794 944
Po spuštění: Volných bajtů: 28 261 261 312

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6DA9D8E207B5E9C9E63489ED937A2663

Prvni scan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-07 17:54:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxddipow.sys

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D699C8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] fexqwfndc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] lsrgcb <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] nwixc <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

www.virustotal.com mi nejde zobrazit tak jsem zkousel www.virscan.org a tam mi pri nahravani souboru napise ze soubor nelze najit takze nevim jak to zkontrolovat. Jinak ten druhy sken davam sem :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-07 18:30:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxddipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB00536B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB0053574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB0053A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB005314C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB005364E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB005308C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB00530F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB005376E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB005372E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB00538AE] <-- ROOTKIT !!!

Code \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D699C8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] fexqwfndc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] lsrgcb <-- ROOTKIT !!!
Service (*** hidden *** ) [BOOT] nwixc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@DisplayName Installer Boot
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc@Description Udr?uje synchronizaci data a ?asu u v?ech klient? a server? v s?ti. Pokud bude tato slu?ba ukon?ena, synchronizace data a ?asu nebude k dispozici. Jestli?e je tato slu?ba zak?z?na, nezda?? se spu?t?n? ??dn?ch slu?eb, kter? na t?to slu?b? z?vis?.
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\fexqwfndc\Parameters@ServiceDll C:\WINDOWS\system32\pgyvbmqk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@DisplayName Universal Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb@Description Udr?uje synchronizaci data a ?asu u v?ech klient? a server? v s?ti. Pokud bude tato slu?ba ukon?ena, synchronizace data a ?asu nebude k dispozici. Jestli?e je tato slu?ba zak?z?na, nezda?? se spu?t?n? ??dn?ch slu?eb, kter? na t?to slu?b? z?vis?.
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\lsrgcb\Parameters@ServiceDll C:\WINDOWS\system32\pgyvbmqk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\nwixc@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\nwixc@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\nwixc@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\nwixc@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x79 0x5D 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x34 0xAD 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0xDF 0x1F 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@DisplayName Installer Boot
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc@Description Udr?uje synchronizaci data a ?asu u v?ech klient? a server? v s?ti. Pokud bude tato slu?ba ukon?ena, synchronizace data a ?asu nebude k dispozici. Jestli?e je tato slu?ba zak?z?na, nezda?? se spu?t?n? ??dn?ch slu?eb, kter? na t?to slu?b? z?vis?.
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\fexqwfndc\Parameters@ServiceDll C:\WINDOWS\system32\pgyvbmqk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@DisplayName Universal Driver
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb@Description Udr?uje synchronizaci data a ?asu u v?ech klient? a server? v s?ti. Pokud bude tato slu?ba ukon?ena, synchronizace data a ?asu nebude k dispozici. Jestli?e je tato slu?ba zak?z?na, nezda?? se spu?t?n? ??dn?ch slu?eb, kter? na t?to slu?b? z?vis?.
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\lsrgcb\Parameters@ServiceDll C:\WINDOWS\system32\pgyvbmqk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\nwixc@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\nwixc@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\nwixc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\nwixc@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA4 0x79 0x5D 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0x34 0xAD 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0xDF 0x1F 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\nwixc.sys (size mismatch) 763904/0 bytes executable

---- EOF - GMER 1.0.15 ----

Provedu to zitra neni to muj komp a uz nejsem na navsteve, predem dekuji za rychlou odpoved

zasilam log z avangeru a zazipovanou slozku avangeru v priloze
jak jsem se dival tak jde o ty soubory co se mazaly.... zbirate je

?
jinak z registru to asi nesmazalo tak ted nevim jestli to mam smazat rucne jestli by to slo?

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Jan 08 11:14:45 2010

11:14:00: Error: Invalid registry syntax in command:
""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List|5001:TCP""
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "fexqwfndc" deleted successfully.
Driver "lsrgcb" deleted successfully.
Driver "nwixc" deleted successfully.
File "C:\WINDOWS\system32\pgyvbmqk.dll" deleted successfully.
File "c:\windows\system32\drivers\nwixc.sys" deleted successfully.
File "c:\windows\system32\fjhdyfhsn.bat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

novy vypis z combofixu

ComboFix 10-01-04.01 - Owner 08.01.2010 11:32:37.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1918.1486 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\ofah.inf
c:\documents and settings\Owner\Local Settings\Data aplikacˇ\akupy.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 10:23 . 2010-01-08 10:23 757748 ----a-w- C:\Avenger.zip
2010-01-08 10:14 . 2010-01-08 10:14 0 ----a-w- C:\backup.reg
2010-01-07 16:29 . 2010-01-07 16:29 -------- d-----w- c:\program files\Opera
2009-12-24 11:05 . 2010-01-04 13:18 -------- d-----w- C:\JIRKA_FILMY
2009-12-18 21:57 . 2009-12-18 21:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-18 20:00 . 2009-12-18 20:00 -------- d-----w- c:\program files\IObit
2009-12-18 19:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-18 19:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-18 19:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-18 19:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-18 19:54 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-18 19:54 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-18 19:54 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-18 19:54 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-18 19:53 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-18 19:52 . 2009-12-18 19:52 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 17:57 . 2009-01-07 22:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-19 07:56 . 2009-04-21 05:34 -------- d-----w- c:\program files\Google
2009-12-18 20:06 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-18 20:06 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 05:26 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 06:31 . 2009-01-07 19:35 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-10-13 19:26 . 2009-10-13 19:26 17523 ----a-w- c:\program files\Common Files\kazyxo.dl
2009-10-13 19:26 . 2009-10-13 19:26 17457 ----a-w- c:\windows\qizo.bin
2009-10-13 19:26 . 2009-10-13 19:26 16630 ----a-w- c:\program files\Common Files\uvoxufo._sy
2009-10-13 19:26 . 2009-10-13 19:26 16095 ----a-w- c:\program files\Common Files\ovinyqeha.db
2009-10-13 19:26 . 2009-10-13 19:26 15978 ----a-w- c:\windows\system32\doci.dat
2009-10-13 19:26 . 2009-10-13 19:26 15784 ----a-w- c:\windows\system32\pate.exe
2009-10-13 19:26 . 2009-10-13 19:26 12534 ----a-w- c:\windows\system32\velejyn.dll
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-07_16.17.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-08 10:31 . 2010-01-08 10:31 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2010-01-08 10:31 . 2010-01-08 10:31 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2010-01-07 16:29 . 2010-01-07 16:29 2226688 c:\windows\Installer\1042ac.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Google Update"="c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-08 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5001:TCP"= 5001:TCP:vvliztd

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.12.2009 20:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.12.2009 20:54 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [18.12.2009 21:00 312592]
R3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\drivers\vmcam326av.sys [8.1.2009 20:01 104960]
R3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys [8.1.2009 20:01 480128]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.1.2009 21:13 717296]
S2 gupdate1c9c242d6603d52;Google Update Service (gupdate1c9c242d6603d52);c:\program files\Google\Update\GoogleUpdate.exe [21.4.2009 6:34 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lsrgcb
fexqwfndc
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B08C613D-93E2-4707-B13A-0A1F1D97E8FE} = 217.197.150.168,217.197.152.145
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 11:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-08 11:36:01
ComboFix-quarantined-files.txt 2010-01-08 10:36
ComboFix2.txt 2010-01-07 16:18

Před spuštěním: Volných bajtů: 28 132 499 456
Po spuštění: Volných bajtů: 28 101 513 216

- - End Of File - - 6FB2ADF5DE18D54BD91554E0A3F5F5A9

zasilam log z combofixu

ComboFix 10-01-04.01 - Owner 08.01.2010 13:22:44.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1918.1443 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100107-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 11:39 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-08 11:39 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-08 11:39 . 2010-01-08 11:39 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-08 11:38 . 2010-01-08 11:38 -------- d-----w- C:\Nová složka (2)
2010-01-08 11:35 . 2003-08-07 07:42 6528 ----a-w- c:\windows\system32\drivers\gflmouhid.sys
2010-01-08 11:35 . 2003-01-29 06:52 7894 ----a-w- c:\windows\system32\drivers\GMFILTR.SYS
2010-01-08 11:35 . 2010-01-08 11:35 -------- d-----w- c:\program files\Genius NetScroll+ Optical Mouse
2010-01-08 11:34 . 2010-01-08 11:35 -------- d-----w- C:\Ovladace pro mys Genius
2010-01-08 10:23 . 2010-01-08 10:23 757748 ----a-w- C:\Avenger.zip
2010-01-08 10:14 . 2010-01-08 10:14 0 ----a-w- C:\backup.reg
2010-01-07 16:29 . 2010-01-07 16:29 -------- d-----w- c:\program files\Opera
2009-12-24 11:05 . 2010-01-04 13:18 -------- d-----w- C:\JIRKA_FILMY
2009-12-18 21:57 . 2009-12-18 21:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-18 20:00 . 2009-12-18 20:00 -------- d-----w- c:\program files\IObit
2009-12-18 19:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-18 19:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-18 19:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-18 19:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-18 19:54 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-18 19:54 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-18 19:54 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-18 19:54 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-18 19:53 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-18 19:52 . 2009-12-18 19:52 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 17:57 . 2009-01-07 22:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-19 07:56 . 2009-04-21 05:34 -------- d-----w- c:\program files\Google
2009-12-18 20:06 . 2004-08-18 12:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2009-12-18 20:06 . 2004-08-18 12:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 05:26 . 2004-08-18 12:00 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 06:31 . 2009-01-07 19:35 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-10-13 19:26 . 2009-10-13 19:26 17523 ----a-w- c:\program files\Common Files\kazyxo.dl
2009-10-13 19:26 . 2009-10-13 19:26 17457 ----a-w- c:\windows\qizo.bin
2009-10-13 19:26 . 2009-10-13 19:26 16630 ----a-w- c:\program files\Common Files\uvoxufo._sy
2009-10-13 19:26 . 2009-10-13 19:26 16095 ----a-w- c:\program files\Common Files\ovinyqeha.db
2009-10-13 19:26 . 2009-10-13 19:26 15978 ----a-w- c:\windows\system32\doci.dat
2009-10-13 19:26 . 2009-10-13 19:26 15784 ----a-w- c:\windows\system32\pate.exe
2009-10-13 19:26 . 2009-10-13 19:26 12534 ----a-w- c:\windows\system32\velejyn.dll
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-07_16.17.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-08 12:24 . 2010-01-08 12:24 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
+ 2010-01-08 12:24 . 2010-01-08 12:24 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2010-01-08 12:21 . 2010-01-08 12:21 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat
+ 2010-01-08 11:35 . 2008-04-14 06:36 23040 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\mouclass.sys
+ 2010-01-08 11:35 . 2008-04-14 06:51 52096 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\i8042prt.sys
+ 2010-01-08 11:38 . 2010-01-08 11:38 26624 c:\windows\Installer\1ac981.msi
+ 2010-01-08 11:39 . 2010-01-08 11:39 317952 c:\windows\Installer\1ac985.msi
+ 2010-01-07 16:29 . 2010-01-07 16:29 2226688 c:\windows\Installer\1042ac.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Google Update"="c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-08 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5001:TCP"= 5001:TCP:vvliztd

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.1.2009 21:13 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.12.2009 20:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.12.2009 20:54 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [18.12.2009 21:00 312592]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
R3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\drivers\vmcam326av.sys [8.1.2009 20:01 104960]
R3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys [8.1.2009 20:01 480128]
S2 gupdate1c9c242d6603d52;Google Update Service (gupdate1c9c242d6603d52);c:\program files\Google\Update\GoogleUpdate.exe [21.4.2009 6:34 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:34]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B08C613D-93E2-4707-B13A-0A1F1D97E8FE} = 217.197.150.168,217.197.152.145
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 13:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spss.sys >>UNKNOWN [0x89D2A938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9e22b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d2bbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d38a21
SendHandler -> NDIS.sys @ 0xb9d1687b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3280)
c:\progra~1\GENIUS~1\WhoRU.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-01-08 13:26:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-08 12:26
ComboFix2.txt 2010-01-08 10:36
ComboFix3.txt 2010-01-07 16:18

Před spuštěním: Volných bajtů: 27 914 534 912
Po spuštění: Volných bajtů: 27 902 844 928

- - End Of File - - 2AD5A6BBF998A9943AB0D7E478AAC583

VIRY.CZ

Prosim o kontrolu logu po combofixu

Prosim o kontrolu logu po combofixu

Re: Prosim o kontrolu logu po combofixu

zdravim

Re: Prosim o kontrolu logu po combofixu

Re: Prosim o kontrolu logu po combofixu