Facebook vir pres chat...

[motji]

Dobře, pak se ozvěte. Náhradní soubor už mám .
Máte docela těžce zavirovaný pc, proto nám to tak trvá.

[Zeron]

Tak jsem zase zpět ...můžeme pokračovat

[motji]

Fajn, budeme pokračovat. Ten počítač po dobu Vaší dovolené nebyl používán?

[Zeron]

Ne, nebyl používán

[motji]

Z přílohy stahněte soubor v raru a rozbalte. Uložte ho přímo do rootu tak, aby cesta k němu byla c:\cdrom.sys

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

Begin copying here:
Files to move:
c:\cdrom.sys | c:\windows\system32\drivers\cdrom.sys

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem


A pak spustte znovu tdss killer a vložte zde log

[Zeron]

Dobré ráno

Zde je log z Avenger :

------------------------------------------------------------
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\cdrom.sys|c:\windows\system32\drivers\cdrom.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

----------------------------------------------------------------

A Zde je log ze tdss killera :


------------------------------------------------------------------------
2011/08/04 09:03:21.0578 3328 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 09:03:21.0656 3328 ================================================================================
2011/08/04 09:03:21.0656 3328 SystemInfo:
2011/08/04 09:03:21.0656 3328
2011/08/04 09:03:21.0656 3328 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/04 09:03:21.0656 3328 Product type: Workstation
2011/08/04 09:03:21.0656 3328 ComputerName: DOMA-42D291BF18
2011/08/04 09:03:21.0656 3328 UserName: Jakub
2011/08/04 09:03:21.0656 3328 Windows directory: C:\WINDOWS
2011/08/04 09:03:21.0656 3328 System windows directory: C:\WINDOWS
2011/08/04 09:03:21.0656 3328 Processor architecture: Intel x86
2011/08/04 09:03:21.0656 3328 Number of processors: 2
2011/08/04 09:03:21.0656 3328 Page size: 0x1000
2011/08/04 09:03:21.0656 3328 Boot type: Normal boot
2011/08/04 09:03:21.0656 3328 ================================================================================
2011/08/04 09:03:23.0156 3328 Initialize success
2011/08/04 09:03:30.0781 3672 ================================================================================
2011/08/04 09:03:30.0781 3672 Scan started
2011/08/04 09:03:30.0781 3672 Mode: Manual;
2011/08/04 09:03:30.0781 3672 ================================================================================
2011/08/04 09:03:31.0765 3672 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/04 09:03:31.0859 3672 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/04 09:03:31.0875 3672 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/04 09:03:31.0953 3672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/04 09:03:31.0968 3672 AFD (e840fd588cd9da721500e2cc3c0efca2) C:\WINDOWS\System32\drivers\afd.sys
2011/08/04 09:03:32.0171 3672 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/08/04 09:03:32.0468 3672 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/04 09:03:32.0500 3672 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/04 09:03:32.0593 3672 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/04 09:03:32.0812 3672 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/04 09:03:32.0984 3672 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/04 09:03:33.0093 3672 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/04 09:03:33.0281 3672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/04 09:03:33.0359 3672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/04 09:03:33.0453 3672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/04 09:03:33.0500 3672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/04 09:03:33.0531 3672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/04 09:03:33.0625 3672 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/08/04 09:03:33.0656 3672 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/04 09:03:33.0781 3672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/04 09:03:33.0828 3672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/04 09:03:33.0875 3672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/04 09:03:33.0906 3672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/04 09:03:33.0953 3672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/04 09:03:34.0015 3672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/04 09:03:34.0093 3672 CnxtHdAudService (61175c2375a19725fc1b7ea38f9f5bb2) C:\WINDOWS\system32\drivers\CHDAU32.sys
2011/08/04 09:03:34.0109 3672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/04 09:03:34.0234 3672 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/04 09:03:34.0296 3672 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/04 09:03:34.0359 3672 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/08/04 09:03:34.0375 3672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/04 09:03:34.0421 3672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/04 09:03:34.0500 3672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/04 09:03:34.0515 3672 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
2011/08/04 09:03:34.0546 3672 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/04 09:03:34.0578 3672 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/08/04 09:03:34.0609 3672 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/04 09:03:34.0671 3672 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
2011/08/04 09:03:34.0718 3672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/04 09:03:34.0765 3672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/04 09:03:34.0796 3672 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/04 09:03:34.0828 3672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/04 09:03:34.0875 3672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/04 09:03:34.0890 3672 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/04 09:03:34.0937 3672 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/04 09:03:35.0000 3672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/04 09:03:35.0078 3672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/04 09:03:35.0109 3672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/04 09:03:35.0156 3672 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/04 09:03:35.0234 3672 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/04 09:03:35.0281 3672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/04 09:03:35.0359 3672 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/04 09:03:35.0390 3672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/04 09:03:35.0421 3672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/04 09:03:35.0437 3672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/04 09:03:35.0453 3672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/04 09:03:35.0515 3672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/04 09:03:35.0578 3672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/04 09:03:35.0656 3672 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/04 09:03:35.0687 3672 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/04 09:03:35.0718 3672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/04 09:03:35.0750 3672 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/04 09:03:35.0781 3672 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/08/04 09:03:35.0859 3672 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/08/04 09:03:35.0890 3672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/04 09:03:35.0937 3672 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/04 09:03:35.0953 3672 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/04 09:03:36.0000 3672 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/04 09:03:36.0031 3672 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/04 09:03:36.0078 3672 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/04 09:03:36.0125 3672 MRxSmb (0af15a971f120246c9eef2c46e290539) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/04 09:03:36.0171 3672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/04 09:03:36.0218 3672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/04 09:03:36.0234 3672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/04 09:03:36.0250 3672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/04 09:03:36.0281 3672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/04 09:03:36.0312 3672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/04 09:03:36.0328 3672 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/04 09:03:36.0359 3672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/04 09:03:36.0406 3672 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/04 09:03:36.0421 3672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/04 09:03:36.0453 3672 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/04 09:03:36.0468 3672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/04 09:03:36.0484 3672 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/04 09:03:36.0500 3672 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/04 09:03:36.0531 3672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/04 09:03:36.0546 3672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/04 09:03:36.0609 3672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/04 09:03:36.0656 3672 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/04 09:03:36.0703 3672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/04 09:03:36.0906 3672 nv (87e3d99c51dcf2ab859ea1d903b9809c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/04 09:03:37.0093 3672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/04 09:03:37.0109 3672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/04 09:03:37.0171 3672 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/04 09:03:37.0187 3672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/04 09:03:37.0218 3672 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/04 09:03:37.0234 3672 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/04 09:03:37.0265 3672 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/04 09:03:37.0296 3672 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/04 09:03:37.0343 3672 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/08/04 09:03:37.0484 3672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/04 09:03:37.0515 3672 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/04 09:03:37.0531 3672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/04 09:03:37.0562 3672 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/04 09:03:37.0781 3672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/04 09:03:37.0843 3672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/04 09:03:37.0890 3672 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/04 09:03:37.0906 3672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/04 09:03:37.0937 3672 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/04 09:03:37.0953 3672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/04 09:03:38.0015 3672 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/04 09:03:38.0046 3672 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/04 09:03:38.0093 3672 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/04 09:03:38.0171 3672 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/08/04 09:03:38.0234 3672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/04 09:03:38.0343 3672 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/04 09:03:38.0484 3672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/04 09:03:38.0531 3672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/04 09:03:38.0593 3672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/04 09:03:38.0656 3672 SR (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/04 09:03:38.0734 3672 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/04 09:03:38.0796 3672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/04 09:03:38.0812 3672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/04 09:03:38.0875 3672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/04 09:03:38.0984 3672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/04 09:03:39.0031 3672 Tcpip (51e41f16acd80b8b39c0ae703a213f09) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/04 09:03:39.0062 3672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/04 09:03:39.0078 3672 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/04 09:03:39.0109 3672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/04 09:03:39.0187 3672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/04 09:03:39.0250 3672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/04 09:03:39.0281 3672 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/04 09:03:39.0328 3672 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/04 09:03:39.0359 3672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/04 09:03:39.0375 3672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/04 09:03:39.0406 3672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/04 09:03:39.0421 3672 usbvideo (ee1c82338f2b831b2a863935c831db21) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/04 09:03:39.0468 3672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/04 09:03:39.0500 3672 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/04 09:03:39.0546 3672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/04 09:03:39.0593 3672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/04 09:03:39.0656 3672 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/04 09:03:39.0703 3672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/04 09:03:39.0734 3672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/04 09:03:39.0750 3672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/04 09:03:39.0812 3672 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
2011/08/04 09:03:40.0109 3672 Boot (0x1200) (c484bbc0c9b81cb0e78c8387d949458f) \Device\Harddisk0\DR0\Partition0
2011/08/04 09:03:40.0109 3672 Boot (0x1200) (282967e879206622bcffdb25ef242626) \Device\Harddisk0\DR0\Partition1
2011/08/04 09:03:40.0125 3672 ================================================================================
2011/08/04 09:03:40.0125 3672 Scan finished
2011/08/04 09:03:40.0125 3672 ================================================================================
2011/08/04 09:03:40.0140 1484 Detected object count: 0
2011/08/04 09:03:40.0140 1484 Actual detected object count: 0

[motji]

Fajn, výměna se podařila , poprosím o aktuální log z combofixu, prosím stahněte si nový .

[Zeron]

Zde log z Combofixu :

----------------------------------------------------
ComboFix 11-08-04.01 - Jakub 04.08.2011 19:11:01.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3037.2454 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jakub\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre6\core.zip
c:\program files\Java\jre6\patchjre.exe
c:\program files\Java\jre6\zipper.exe
c:\windows\$NtUninstallKB11960$
c:\windows\$NtUninstallKB11960$\1004989089\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB11960$\1004989089\click.tlb
c:\windows\$NtUninstallKB11960$\1004989089\L\kxwnlbnf
c:\windows\$NtUninstallKB11960$\1004989089\loader.tlb
c:\windows\$NtUninstallKB11960$\1004989089\U\@00000001
c:\windows\$NtUninstallKB11960$\1004989089\U\@000000c0
c:\windows\$NtUninstallKB11960$\1004989089\U\@000000cb
c:\windows\$NtUninstallKB11960$\1004989089\U\@000000cf
c:\windows\$NtUninstallKB11960$\1004989089\U\@80000000
c:\windows\$NtUninstallKB11960$\1004989089\U\@800000c0
c:\windows\$NtUninstallKB11960$\1004989089\U\@800000cb
c:\windows\$NtUninstallKB11960$\1004989089\U\@800000cf
c:\windows\$NtUninstallKB11960$\3715359679
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
.
Nakažená kopie c:\windows\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-04 do 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-07-23 19:21 . 2011-07-23 19:21 -------- d-----w- c:\program files\AVAST Software
2011-07-22 13:04 . 2011-07-22 13:04 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-07-22 09:00 . 2009-10-08 09:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-22 09:00 . 2009-10-08 09:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-07-22 09:00 . 2009-10-08 09:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2011-07-22 09:00 . 2009-10-08 09:31 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-22 09:00 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-22 09:00 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-22 09:00 . 2009-09-23 14:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-22 09:00 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-22 09:00 . 2011-07-22 09:07 -------- d-----w- c:\program files\Spyware Doctor
2011-07-22 09:00 . 2011-07-22 09:00 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-22 09:00 . 2011-07-22 09:00 -------- d-----w- c:\documents and settings\Jakub\Data aplikací\PC Tools
2011-07-21 11:27 . 2011-07-21 11:27 -------- d-----w- c:\documents and settings\Jakub\Data aplikací\Malwarebytes
2011-07-21 09:37 . 2011-07-21 09:48 -------- d-----w- C:\potvůrka.com
2011-07-20 15:22 . 2011-07-20 15:22 -------- d-----w- C:\rsit
2011-07-20 15:22 . 2011-07-20 15:22 -------- d-----w- c:\program files\trend micro
2011-07-20 13:41 . 2011-07-20 13:41 512 ----a-w- C:\PhysicalMBR.bin
2011-07-20 08:15 . 2011-07-20 08:15 -------- d--h--w- c:\windows\PIF
2011-07-19 09:31 . 2011-07-19 09:31 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2011-07-19 09:31 . 2011-07-19 09:31 -------- d-----w- c:\program files\Common Files\Yahoo!
2011-07-19 09:29 . 2011-07-19 15:47 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-18 19:15 . 2011-07-18 19:15 -------- d-----w- c:\windows\system32\LogFiles
2011-07-18 17:16 . 2008-04-14 11:00 9728 -c----w- c:\windows\system32\dllcache\rwnh.dll
2011-07-18 17:15 . 2008-04-14 11:00 8192 -c----w- c:\windows\system32\dllcache\staxmem.dll
2011-07-18 17:12 . 2008-04-14 11:00 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2011-07-18 17:12 . 2008-04-14 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-07-18 17:02 . 2011-01-25 08:18 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-18 17:02 . 2011-01-25 08:18 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-18 17:02 . 2011-01-25 08:16 117760 ------w- c:\windows\system32\COMACF.tmp
2011-07-18 17:02 . 2011-01-25 08:16 594432 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-18 17:02 . 2011-01-25 08:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-18 17:02 . 2011-01-25 08:18 1676288 ------w- c:\windows\system32\COMACB.tmp
2011-07-18 17:02 . 2011-01-25 08:18 575488 ------w- c:\windows\system32\COMACD.tmp
2011-07-18 17:02 . 2011-01-25 08:15 89088 ------w- c:\windows\system32\Spool\prtprocs\w32x86\COMAA5.tmp
2011-07-18 17:02 . 2011-01-25 08:16 594432 ------w- c:\windows\system32\Spool\prtprocs\w32x86\COMAA3.tmp
2011-07-18 17:01 . 2011-01-25 08:17 934792 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2011-07-18 17:01 . 2011-01-25 08:17 239496 -c----w- c:\windows\system32\dllcache\wgaLogon.dll
2011-07-18 17:01 . 2011-01-25 08:15 922112 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-07-18 17:01 . 2011-01-25 08:15 426496 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-07-18 17:00 . 2011-01-25 08:13 293376 -c----w- c:\windows\system32\dllcache\browserchoice.exe
2011-07-18 16:50 . 2008-04-14 11:00 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2011-07-18 16:50 . 2008-04-14 11:00 13312 ------w- c:\windows\system32\irclass.dll
2011-07-18 16:50 . 2008-04-14 11:00 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2011-07-18 16:50 . 2008-04-14 11:00 24661 ------w- c:\windows\system32\spxcoins.dll
2011-07-18 10:08 . 2011-07-18 10:08 -------- d-----w- c:\windows\ufa
2011-07-18 10:08 . 2011-07-18 10:10 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 10:08 . 2011-07-18 10:08 180224 ----a-w- c:\program files\Windows NT\dwm.exe
2011-07-18 10:08 . 2011-07-18 10:08 180224 ----a-w- c:\program files\Windows NT\Windows NT\dwm.exe
2011-07-18 10:06 . 2011-07-18 10:06 -------- d-----w- c:\windows\Options
2011-07-18 10:06 . 2009-06-22 10:59 1574112 ------w- c:\windows\system32\drivers\athw.sys
2011-07-18 10:06 . 2009-06-22 10:59 1574112 ------w- c:\windows\system32\athw.sys
2011-07-18 10:06 . 2011-07-18 10:06 -------- d-----w- C:\temp
2011-07-18 08:45 . 2011-07-18 08:45 -------- d-----w- c:\windows\av_ico
2011-07-18 08:44 . 2011-07-18 08:44 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 08:34 . 2011-07-18 08:34 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 08:34 . 2011-07-18 08:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-07-18 08:33 . 2011-07-18 08:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-17 15:44 . 2011-07-17 15:45 -------- d-----w- c:\program files\Kodek CZ
2011-07-16 19:48 . 2011-07-16 19:48 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Media Get LLC
2011-07-16 19:47 . 2011-07-18 09:20 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\MediaGet2
2011-07-16 19:45 . 2005-09-23 20:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2011-07-16 19:45 . 2011-07-16 19:45 -------- d-----w- c:\program files\Common Files\Pinnacle
2011-07-16 19:45 . 2011-07-16 19:45 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Downloaded Installations
2011-07-16 19:45 . 2011-07-16 19:45 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Pinnacle
2011-07-16 19:44 . 2011-07-19 20:34 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2011-07-16 19:41 . 2011-07-19 09:31 -------- d-----w- c:\program files\Pinnacle
2011-07-16 19:32 . 2011-07-16 19:32 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Adobe
2011-07-16 19:32 . 2011-07-16 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-16 18:40 . 2011-07-16 19:32 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Temp
2011-07-16 18:40 . 2011-07-16 18:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-07-16 18:40 . 2011-07-16 18:45 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Google
2011-07-16 18:40 . 2011-07-16 18:40 -------- d-----w- c:\program files\Google
2011-07-16 18:40 . 2011-07-18 10:09 -------- d-----w- c:\program files\DivX
2011-07-16 18:36 . 2011-08-04 07:13 -------- d-----w- c:\documents and settings\Jakub\Data aplikací\skypePM
2011-07-16 18:36 . 2011-08-04 14:34 -------- d-----w- c:\documents and settings\Jakub\Data aplikací\Skype
2011-07-16 18:36 . 2011-07-16 18:36 -------- d-----w- c:\program files\Common Files\Skype
2011-07-16 18:35 . 2011-07-16 18:36 -------- d-----r- c:\program files\Skype
2011-07-16 18:12 . 2011-08-04 16:25 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Mirillis
2011-07-16 18:12 . 2011-07-16 18:12 -------- d-----w- c:\documents and settings\Jakub\Data aplikací\Mirillis
2011-07-16 18:10 . 2011-07-16 18:10 -------- d-----w- c:\program files\Mirillis
2011-07-16 17:58 . 2011-07-16 17:58 -------- d-----w- c:\program files\DsNET Corp
2011-07-16 17:37 . 2011-07-16 17:37 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Data aplikací\Mozilla
2011-07-16 17:32 . 2011-07-19 09:22 -------- d-----w- c:\documents and settings\All Users\Studio14Trial
2011-07-16 16:03 . 2011-07-16 16:03 -------- d-sh--w- c:\documents and settings\Jakub\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 10:49 . 2011-07-04 10:50 73728 ------w- c:\windows\system32\javacpl.cpl
2011-07-04 10:49 . 2011-07-04 10:50 472808 ------w- c:\windows\system32\deployJava1.dll
2011-06-02 17:53 . 2011-06-02 17:53 94208 ------w- c:\windows\system32\dpl100.dll
2011-07-08 07:29 . 2011-07-16 17:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 8F41FD1CC693054347C6FB7B0E618B07 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-20_16.16.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-04-14 11:00 . 2011-08-04 07:05 87344 c:\windows\system32\perfc009.dat
- 2008-04-14 11:00 . 2011-07-20 07:21 87344 c:\windows\system32\perfc009.dat
- 2011-01-25 08:09 . 2011-01-25 08:09 62976 c:\windows\system32\drivers\cdrom.sys
+ 2011-01-25 08:09 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2011-08-03 11:51 . 2011-08-03 11:51 22016 c:\windows\Installer\1022b94.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-07-04 10:32 . 2011-01-25 08:17 186880 c:\windows\system32\searchprotocolhost.exe
+ 2011-07-04 10:32 . 2011-01-25 08:17 441856 c:\windows\system32\searchindexer.exe
- 2008-04-14 11:00 . 2011-07-20 07:21 501716 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-08-04 07:05 501716 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-08-04 07:05 517560 c:\windows\system32\perfh005.dat
- 2008-04-14 11:00 . 2011-07-20 07:21 517560 c:\windows\system32\perfh005.dat
- 2008-04-14 11:00 . 2011-07-20 07:21 110088 c:\windows\system32\perfc005.dat
+ 2008-04-14 11:00 . 2011-08-04 07:05 110088 c:\windows\system32\perfc005.dat
+ 2011-08-04 07:07 . 2011-08-04 07:07 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2011-07-21 20:25 . 2011-07-21 20:25 228352 c:\windows\Installer\d9032.msi
+ 2011-07-23 19:22 . 2011-07-23 19:22 219648 c:\windows\Installer\89597.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2006-10-26 434528]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"nwiz"="nwiz.exe" [2009-03-11 1657376]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"KB976002-v5"="advpack.dll" [2011-01-25 128512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2011-7-4 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-01-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"d:\\HRY\\Battlefield 2\\BF2.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.7.2011 11:00 207280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 94360]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [22.7.2011 11:00 112592]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4.7.2011 13:45 39424]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [25.1.2011 10:15 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4.7.2011 12:35 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.7.2011 20:40 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.7.2011 20:40 135664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22.7.2011 11:00 358600]
S3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe -k WinRM [25.1.2011 10:12 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPFFontCache_v0400.exe [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 18:40]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 18:40]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\gc73v2we.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55333
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\NOTEPAD.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-04 19:23:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-04 17:23
ComboFix2.txt 2011-07-21 09:48
ComboFix3.txt 2011-07-20 16:18
.
Před spuštěním: Volných bajtů: 142 567 960 576
Po spuštění: Volných bajtů: 142 576 504 832
.
- - End Of File - - BD78FD317706B5167EC6B7124596AE56

[motji]

Zkuste ještě jednou rozběhnout gmer v nouzovém režimu, pořád se mi něco nezdá

[Zeron]

gmer v nouzovém režimu fungoval i hloubkový sken vyšel...

zde je malý sken :

---------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-05 12:07:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9320423AS rev.0002SDM1
Running: gmer.exe; Driver: C:\DOCUME~1\Jakub\LOCALS~1\Temp\afadrkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------------

A zde je velký sken :

---------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-05 11:51:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9320423AS rev.0002SDM1
Running: gmer.exe; Driver: C:\DOCUME~1\Jakub\LOCALS~1\Temp\afadrkog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7459E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF743ACDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF743AECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745A610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745A8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7458B14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745AD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745A0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF743A982]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\All Users\Dokumenty\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\windows\av_ico
c:\windows\update.tray-2-0-lnk
c:\windows\ufa

File::
c:\windows\system32\FlashPlayerCPLApp.cpl
c:\windows\unrar.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Zeron]

Tak to asi nepůjde...Log má v microsoft office s řádkováním 1 a velikostí písma 8 bodů 400 stránek...to bych na forum musel kopírovat do nekonečna...a do přílohy to nejde taky dát...nepodporuje to .txt a .doc/.docx...tak jsem to aspoň zazipoval O:-)

[cernohous13]

Sorry, nepoužitelné

log sem dej do více odpovědí, případně vynech položku SnapShot

[Zeron]

a jak tu mam asi natahat log s kapacitou 400 stran když kapacita 1 příspěvku je 80.000 znaků ...

Mimochodem...SnapShot je přesněji prosim co ?

[motji]

Nechte to tak, nechám si to jako pohádku před spaním