VIRY.CZ

Posílám log z combofix, celkově zpomalený PC i internet.
Díky moc.

ComboFix 10-02-23.04 - Daniela - Krátká 24.02.2010 19:37:59.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.589 [GMT 1:00]
Spuštěný z: c:\documents and settings\Daniela - Krátká\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.

2030-10-03 09:25 . 2030-10-03 09:25 -------- d-----w- c:\program files\Sun
2030-10-03 09:24 . 2030-10-03 09:25 -------- d-----w- c:\program files\Java
2030-10-03 09:23 . 2030-10-03 09:23 -------- d-----w- c:\program files\Common Files\Java
2030-10-03 09:19 . 2030-10-03 09:19 -------- d-----w- c:\program files\Eee Storage
2030-10-03 09:18 . 2010-01-27 06:46 -------- d-----w- c:\program files\Atheros
2030-10-03 09:18 . 2009-11-06 20:55 1590528 ----a-w- c:\windows\system32\drivers\athw.sys
2030-10-03 09:18 . 2009-11-06 20:55 1590528 ----a-w- c:\windows\system32\athw.sys
2030-10-03 09:12 . 2030-10-03 09:12 -------- d-----w- c:\program files\Elantech
2030-10-03 09:09 . 2008-07-02 07:48 37 ----a-w- c:\windows\AUTO.BAT
2030-10-03 09:09 . 2008-02-19 09:42 256 ----a-w- c:\windows\RUN.REG
2030-10-03 09:09 . 2008-01-24 14:17 124 ----a-w- c:\windows\HW.VBS
2030-10-03 09:09 . 2007-12-14 23:00 49152 ----a-w- c:\windows\INSTALLEEE.EXE
2030-10-03 09:09 . 2007-06-13 14:39 1162 ----a-w- c:\windows\sr.VBS
2030-10-03 09:08 . 2002-11-22 00:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2030-10-03 09:08 . 2002-11-22 00:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2030-10-03 09:08 . 2002-11-22 00:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2030-10-03 09:08 . 2002-11-22 00:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\InterVideo
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\Common Files\InterVideo
2030-10-03 09:06 . 2009-10-15 16:24 -------- d-----w- c:\program files\Microsoft Works
2030-10-03 09:05 . 2009-11-10 16:57 -------- d-----w- c:\program files\Common Files\Adobe
2030-10-03 09:05 . 2030-10-03 09:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2030-10-03 09:04 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2030-10-03 09:03 . 2030-10-03 09:04 -------- d-----w- c:\program files\ASUS
2030-10-03 09:03 . 2009-08-01 10:59 534312 ----a-w- c:\windows\system32\drivers\btaudio.sys
2030-10-03 09:03 . 2009-08-01 10:59 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2030-10-03 09:03 . 2009-08-01 10:59 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2030-10-03 09:03 . 2009-08-01 10:59 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2030-10-03 09:03 . 2009-08-01 10:58 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2030-10-03 09:03 . 2009-08-01 10:58 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2030-10-03 09:03 . 2007-09-20 03:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2030-10-03 09:03 . 2030-10-03 09:03 -------- d-----w- c:\program files\WIDCOMM
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\RALINK
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\EeePC
2030-10-03 09:02 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2030-10-03 09:02 . 2010-01-27 06:41 -------- d-----w- c:\windows\system32\Atheros_L1e
2030-10-03 08:59 . 2030-10-03 09:04 -------- d-----w- c:\program files\Common Files\InstallShield
2030-10-03 08:57 . 2008-06-14 17:35 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2030-10-03 08:57 . 2008-06-14 17:35 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2030-10-03 08:51 . 2030-10-03 08:51 -------- d-----w- c:\windows\system32\URTTemp
2030-10-03 08:49 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2030-10-03 08:49 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-10 18:29 . 2010-02-11 05:27 -------- d-----w- c:\program files\trend micro
2010-02-09 18:27 . 2010-02-09 18:29 6520046 ----a-w- c:\windows\REGBK07.ZIP
2010-02-03 09:33 . 2010-02-03 09:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-27 06:46 . 2009-11-09 21:35 262217 ----a-w- c:\windows\system32\IPTests.dll
2010-01-27 06:46 . 2009-11-09 21:45 499797 ----a-w- c:\windows\system32\acs.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2030-10-03 09:00 . 2030-10-03 09:00 -------- d-----w- c:\program files\Intel
2030-10-03 09:00 . 2030-10-03 09:00 -------- d-----w- c:\program files\Realtek
2030-10-03 08:51 . 2008-09-09 11:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 03:23 . 2010-02-24 03:20 6535874 ----a-w- c:\windows\REGBK08.ZIP
2010-02-23 17:21 . 2009-10-17 11:38 -------- d-----w- c:\program files\Spyware Doctor
2010-02-10 20:04 . 2009-07-04 05:48 -------- d-----w- c:\program files\ICQ6.5
2010-02-10 19:33 . 2009-10-17 09:58 -------- d-----w- c:\program files\PowerArchiver
2010-02-08 17:42 . 2009-07-04 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 16:38 . 2008-05-07 21:59 441324 ----a-w- c:\windows\system32\perfh005.dat
2010-02-03 16:38 . 2008-05-07 21:59 83940 ----a-w- c:\windows\system32\perfc005.dat
2010-01-27 07:53 . 2010-02-09 17:20 154092 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2010-01-27 06:53 . 2030-10-03 09:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 19:25 . 2009-08-01 07:31 -------- d-----w- c:\program files\DIFX
2010-01-07 15:07 . 2009-07-04 09:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-07-04 09:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-05-07 21:58 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 17:50 . 2030-10-03 09:00 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-25 17:50 . 2009-08-01 08:03 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 17:50 . 2030-10-03 09:00 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-25 17:50 . 2030-10-03 09:00 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-25 17:50 . 2030-10-03 09:00 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-25 17:50 . 2009-08-01 08:03 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 17:50 . 2009-08-01 08:03 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 17:50 . 2030-10-03 09:00 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-25 17:49 . 2030-10-03 09:00 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-25 17:49 . 2030-10-03 09:00 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-25 17:49 . 2030-10-03 09:00 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-25 17:26 . 2030-10-03 09:00 6039584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-12-21 19:08 . 2008-05-07 21:58 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-09-09 11:18 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 11:33 . 2030-10-03 09:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-14 07:10 . 2008-05-07 21:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-05-07 21:57 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-05-07 21:58 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2008-05-07 21:57 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-05-07 21:57 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-05-07 21:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-17 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-16 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-22 204800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2030-10-3 118784]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2030-10-3 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17.10.2009 12:39 206256]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 13:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 13:23 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4.7.2009 10:56 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4.7.2009 10:56 19160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2030 10:00 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17.10.2009 12:38 348752]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 19:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c8,70,ad,bb,48,2f,b9,8b,2c,bc,50,64,97,67,39,46,a6,e9,d4,0e,9c,
7b,b9,13,79,69,e1,e9,9f,c2,b2,14,89,09,df,c8,64,77,39,d9,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c424f9ae-1b36-473b-98e4-96924c64be59}]
@Denied: (Full) (Everyone)
"Model"=dword:00000121
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2010-02-24 19:55:01
ComboFix-quarantined-files.txt 2010-02-24 18:54

Před spuštěním: 4 632 498 176
Po spuštění: 4 877 574 144

- - End Of File - - 969514AF367800C7B32D57F257956B3D

2 položky byly smazány, zbytek logu vypadá čistý. Nastala po aplikaci CF nějaká změna?

PC i net se zrychlil,myslím že už je to v normálu.Akorát nechápu, kde se tam ty viry vzaly,pravidelně projíždím PC MBAMem, MWAVem i Spyware doctorem.

Některý vir dokáže vypnout rezident a vniknout do systému.

Tak diky.

Nemáte zač!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu