Smazala jsem to, ale řeklo mi to, že 4 soubory nebylo možné smazat a že se to smaže po restartu. Takže restart, ale po pár vteřinách BSOD a restart. Než naběhla přihlašovací obrazovka do Windows, zase BSOD a restart, to se neustále opakovalo, tak jsem to vzala přes nouzový režim, tam jsem to ještě jednou spustila, jestli se to fakt smazalo. Nesmazalo, takže se to dopromázlo v nouzovém režimu.
Po prvním spuštění Combofix opět BSOD. Druhý pokus vyšel. Ale hlásilo mi to, že AVG stále běží, i když jsem ho zavřela (vpravo u hodin), asi ho tedy neumím vypnout
Viditelné změny dvě - na ploše se mi zničehonic objevila ikona Internet Explorer a obrázek na ploše se sám od sebe roztáhl (byl na středu).
Log z Combofix:
ComboFix 09-06-09.01 - Hanka 09.06.2009 20:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.655 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hanka\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\regedit.com
c:\windows\system32\drivers\2785aad9.sys
c:\windows\system32\drivers\a53a6da7.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\e55b926d.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sysmwwod.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-09 do 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 18:31 . 2001-10-25 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-06-09 18:19 . 2009-06-09 18:19 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-06-09 18:19 . 2009-06-09 18:19 -------- d--h--w- c:\documents and settings\Administrator\Data aplikací
2009-06-09 18:19 . 2009-06-09 18:19 -------- d-----w- c:\documents and settings\Administrator
2009-06-09 18:19 . 2009-06-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Nabídka Start
2009-06-09 15:03 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 15:03 . 2009-06-09 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 15:03 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 12:01 . 2009-06-09 12:02 -------- d-----w- c:\program files\trend micro
2009-06-09 12:01 . 2009-06-09 12:02 -------- d-----w- C:\rsit
2009-06-09 11:05 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 11:05 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 11:05 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 10:55 . 2009-06-09 11:08 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-09 10:55 . 2009-06-09 11:06 -------- d-----w- c:\program files\Spyware Doctor
2009-06-08 20:00 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-08 20:00 . 2009-06-08 20:00 -------- d-----w- c:\program files\AML Products
2009-06-08 19:55 . 2009-06-08 19:55 33888 ----a-w- c:\windows\system32\drivers\llt30ae.sys
2009-05-22 08:45 . 2009-05-22 08:45 -------- d-sh--w- c:\documents and settings\Hanka\PrivacIE
2009-05-22 07:42 . 2009-05-22 07:42 -------- d-sh--w- c:\documents and settings\Hanka\IETldCache
2009-05-21 21:30 . 2009-02-20 17:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-21 21:30 . 2009-02-20 17:13 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 18:18 . 2007-09-09 13:14 90112 ----a-w- c:\windows\DUMP7407.tmp
2009-06-09 18:15 . 2007-09-09 13:14 90112 ----a-w- c:\windows\DUMP75bc.tmp
2009-06-09 18:15 . 2007-09-09 13:14 90112 ----a-w- c:\windows\DUMP7678.tmp
2009-06-08 20:15 . 2007-09-09 12:12 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-06 19:43 . 2008-07-01 13:41 -------- d-----w- c:\program files\AVIConverter
2009-05-09 20:18 . 2007-10-14 14:34 -------- d-----w- c:\program files\SpeedFan
2009-05-02 07:59 . 2009-03-13 11:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 07:59 . 2009-03-13 11:33 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 07:59 . 2009-03-13 11:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 07:59 . 2009-03-13 11:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 21:13 . 2009-04-30 20:31 -------- d-----w- c:\program files\Mp3 File Editor
2009-04-15 16:33 . 2001-10-25 12:00 69114 ----a-w- c:\windows\system32\perfc005.dat
2009-04-15 16:33 . 2001-10-25 12:00 390176 ----a-w- c:\windows\system32\perfh005.dat
2009-04-12 20:22 . 2008-07-31 15:14 -------- d-----w- c:\program files\Burn4Free
2009-04-11 09:43 . 2007-09-22 17:02 -------- d-----w- c:\program files\audiograbber
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-03-27 644368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\Hanka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
rncsys32.exe [2008-4-14 29184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\G6 FTP Server\\G6FTPSrv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Smart PC Solutions\\1-2-3 Spyware Free\\SpywareFree.exe"=
"c:\\Documents and Settings\\Hanka\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\WIP Miranda IM 1.7\\miranda32.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9.6.2009 13:05 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.3.2009 13:33 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.3.2009 13:33 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.3.2009 13:33 298776]
S0 cpzte;cpzte;c:\windows\system32\drivers\ckojz.sys --> c:\windows\system32\drivers\ckojz.sys [?]
S1 llt30ae;llt30ae;c:\windows\system32\drivers\llt30ae.sys [8.6.2009 21:55 33888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9.6.2009 13:05 348752]
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PMCRemote - (no file)
SafeBoot-procexp90.Sys
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/uInternet Settings,ProxyServer = proxy.mlp.cz:3128
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos-be ... canner.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-09 20:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PromoReg"="c:\\WINDOWS\\System32\\svchost.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,08,c0,4c,bd,97,
04,2b,14,e2,63,26,f1,3f,c8,ff,68,43,37,07,14,1b,d3,17,6b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,b8,64,43,4d,c8,
0d,08,68,6a,9c,d6,61,af,45,84,18,88,04,e8,d3,8d,27,97,d4,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,58,a7,88,8d,b4,
f5,24,d6,ff,7c,85,e0,43,d4,0e,fe,9b,42,69,37,57,78,ae,64,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,4e,00,6b,8e,
9a,f1,bc,86,8c,21,01,be,91,eb,e7,d8,7f,15,19,24,85,bc,48,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,57,7d,d2,bb,56,
5a,88,88,f5,1d,4d,73,a8,13,5c,05,6c,c4,55,33,7f,6f,a4,ae,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,e7,b9,71,c0,fe,
b7,ef,70,df,20,58,62,78,6b,cf,c8,40,cb,c1,ee,f0,bd,fb,3f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,79,c8,79,28,ab,
0f,a0,42,fb,a7,78,e6,12,2f,9a,ea,95,9f,48,5c,40,d6,9f,6d,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,21,fd,0e,d1,a9,
bb,33,52,01,3a,48,fc,e8,04,4a,f1,a4,ad,6b,49,f7,d6,66,3f,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,89,79,a2,ed,42,
35,f3,99,f6,0f,4e,58,98,5b,89,c9,0a,4a,d0,54,ff,05,1b,24,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ae,7c,b5,93,a6,
25,b7,fe,3d,ce,ea,26,2d,45,aa,78,bf,45,12,e2,05,c7,d3,a2,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,58,f2,90,3b,c6,
15,20,09,2a,b7,cc,b5,b9,7f,41,e7,f4,61,dc,b5,7e,b6,8b,e8,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,cb,e0,0f,99,5e,
9d,21,ae,6c,43,2d,1e,aa,22,2f,9c,d9,bd,ad,4c,0b,d3,ec,06,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1664)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-06-09 20:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-09 18:51
Před spuštěním: Volných bajtů: 55 278 108 672
Po spuštění: Volných bajtů: 55 308 058 624
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT
254 --- E O F --- 2009-05-21 21:31
Přihlásit se
Registrovat
FAQ
Hledat
stiahnes z mojho podpisu Malwarebytes -MBAM-sprav rychly skan log vloz sem,pozriem sa na log a az potom ked ti to napisem pokracujes combofixom,ok 
