Stáhni Gmer rozbal archiv a spusť
proběhne sken kdy po jeho ukončení na tebe vypadne výsledek
poté klikni na Save tím se log uloží, zkopíruj ho sem.
Pokud není něco jasné je ZDE návod.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosim o kontrolu logu
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-04 08:58:48
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7a62a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7a62a@0024ef1d4bd5 0x4C 0x43 0xBC 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime 0x81 0xFF 0xA9 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime 0x23 0xF1 0xA7 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@CMFStartTime 0x81 0xFF 0xA9 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@CMFLastStartTime 0x23 0xF1 0xA7 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@sk-SK 1164
Reg HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001
Reg HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\SEC524D0_00_07D9_9E^FC31119BA3F4353EEA8877F283BA3D0D@Timestamp 0x74 0xBF 0x64 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId 1193
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 328834368
Reg HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID 3ccecde8-b2eb-4cec-807d-d0bfa26
Reg HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{47c00793-c31d-47b3-9b74-d0cb2ab6ce95}
Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7a62a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7a62a@0024ef1d4bd5 0x4C 0x43 0xBC 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime ?so?, ?9 ?03 ?11, 09:08:51?????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch 11247
Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch 4604
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@LeaseObtainedTime 1315033626
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@T1 1315035426
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@T2 1315036776
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@LeaseTerminatesTime 1315037226
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,0?????????????????
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r43 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0} 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData\Roaming\.# 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 41984 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 20784 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 474 bytes
File C:\Users\Milan\AppData\Local\Opera\Opera\cache\sesn\opr002V4.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2011-09-04 08:58:48
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7a62a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7a62a@0024ef1d4bd5 0x4C 0x43 0xBC 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemStartTime 0x81 0xFF 0xA9 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@SystemLastStartTime 0x23 0xF1 0xA7 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@CMFStartTime 0x81 0xFF 0xA9 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData@CMFLastStartTime 0x23 0xF1 0xA7 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Control\CMF\SqmData\BootLanguages@sk-SK 1164
Reg HKLM\SYSTEM\ControlSet002\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001
Reg HKLM\SYSTEM\ControlSet002\Control\GraphicsDrivers\Configuration\SEC524D0_00_07D9_9E^FC31119BA3F4353EEA8877F283BA3D0D@Timestamp 0x74 0xBF 0x64 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BootId 1193
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 328834368
Reg HKLM\SYSTEM\ControlSet002\Control\Terminal Server@InstanceID 3ccecde8-b2eb-4cec-807d-d0bfa26
Reg HKLM\SYSTEM\ControlSet002\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{47c00793-c31d-47b3-9b74-d0cb2ab6ce95}
Reg HKLM\SYSTEM\ControlSet002\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7a62a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7a62a@0024ef1d4bd5 0x4C 0x43 0xBC 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\rdyboost\Parameters@LastBootPlanUserTime ?so?, ?9 ?03 ?11, 09:08:51?????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch@Epoch 11247
Reg HKLM\SYSTEM\ControlSet002\services\SharedAccess\Epoch2@Epoch 4604
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@LeaseObtainedTime 1315033626
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@T1 1315035426
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@T2 1315036776
Reg HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B2659000-6EA1-41A7-8B33-870B009ED57F}@LeaseTerminatesTime 1315037226
Reg HKLM\SYSTEM\ControlSet002\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,0?????????????????
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r43 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0} 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\r43\OTL.exe_{b2af15c9-4ed8-11e0-b873-e0cb4e203ac0}\image\Users\Milan\AppData\Roaming\.# 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 41984 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{3078ccd1-c8bd-11e0-8124-e0cb4e203ac0}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 20784 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 474 bytes
File C:\Users\Milan\AppData\Local\Opera\Opera\cache\sesn\opr002V4.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
Re: Prosim o kontrolu logu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak použij AVP Tool z mého podpisu a dej mi sem z něj výsledky.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak použij AVP Tool z mého podpisu a dej mi sem z něj výsledky.
Re: Prosim o kontrolu logu
AVP Tool nic nenasiel
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
Re: Prosim o kontrolu logu
PC vyzera byt teraz v poriadku, dakujem zatial za pomoc 
T-Cleaner ..... CCleaner ..... ATF Cleaner ..... WinXP Manager ..... RSIT ..... MBAM ..... GMER ..... HijackThis
Přispějete na provoz fóra?