Poprosim o kontrolu logu - Combofix

[ajkal]

Vykonane uspesne

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\windows\system32\vsort.com
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "5985:TCP"=-
  
  Driver::
  gupdatem
  gupdate1c9bb72f45153ea
  
  File::
  c:\windows\Tasks\avast! Emergency Update.job
  c:\windows\Tasks\GlaryInitialize.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  
  RegNull::
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[ajkal]

Log z ComboFix:

ComboFix 12-11-03.02 - Lubomir Opatovsky 03.11.2012 22:13:14.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1022.556 [GMT 1:00]
Running from: c:\documents and settings\Lubomir Opatovsky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lubomir Opatovsky\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GlaryInitialize.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\vsort.com
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\vsort.com
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9BB72F45153EA
-------\Service_gupdate1c9bb72f45153ea
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 21:31 . 2012-11-03 21:31 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-11-03 20:41 . 2012-11-03 12:57 4832 ----a-w- c:\windows\system32\drivers\sfhlp01.sys
2012-11-03 20:41 . 2012-11-03 12:57 6944 ----a-w- c:\windows\system32\drivers\prosync1.sys
2012-11-03 20:41 . 2012-11-03 12:57 70400 ----a-w- c:\windows\system32\drivers\prohlp02.sys
2012-11-03 20:41 . 2012-11-03 12:57 54272 ----a-w- c:\windows\system32\drivers\prodrv06.sys
2012-11-03 20:41 . 2012-11-03 12:57 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2012-11-03 16:14 . 2012-11-03 16:17 -------- d-----w- c:\program files\trend micro
2012-11-03 16:13 . 2012-11-03 16:14 -------- d-----w- C:\rsit
2012-11-03 13:34 . 2012-11-03 13:34 -------- d-----w- c:\program files\SopCast
2012-11-03 12:57 . 2012-11-03 12:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-03 09:49 . 2012-11-03 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2012-11-03 08:54 . 2012-11-03 08:55 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2012-10-24 09:06 . 2012-10-24 09:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-24 08:31 . 2008-05-16 18:50 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-24 08:31 . 2008-04-02 13:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-10-24 08:31 . 2000-09-06 09:13 751104 ----a-w- c:\windows\system32\temp.000
2012-10-24 06:44 . 2012-10-24 06:44 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2012-10-24 06:44 . 2012-10-24 06:44 -------- d-----w- c:\program files\HWiNFO32
2012-10-24 05:47 . 2012-10-24 05:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-10-19 10:59 . 2012-11-03 17:32 -------- d-----w- c:\documents and settings\Lubomir Opatovsky\Application Data\Media Player Classic
2012-10-19 10:45 . 2012-10-19 10:45 -------- d-----w- c:\program files\Combined Community Codec Pack
2012-10-18 04:23 . 2012-10-18 04:23 -------- d-----w- c:\documents and settings\Lubomir Opatovsky\Application Data\Awem
2012-10-18 04:20 . 2012-10-18 04:20 -------- d-----w- c:\program files\GameTop.com
2012-10-17 22:50 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-07 10:09 . 2012-10-07 10:09 -------- d-----w- c:\program files\Microids
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-08-01 10:03 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2008-10-15 11:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2008-10-15 11:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2008-10-15 11:33 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2008-10-15 11:33 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2008-10-15 11:33 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2008-10-15 11:33 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2008-10-15 11:33 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-08-01 10:03 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2008-10-15 11:33 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-24 09:06 . 2008-10-15 12:24 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-20 08:10 . 2012-04-02 10:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 08:10 . 2011-08-01 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-02-22 10:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-07 12:55 . 2012-04-27 16:37 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 12:55 . 2011-02-22 08:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-03-15 18:04 . 2011-03-15 18:04 244736 ----a-w- c:\program files\C4DLL320.DLL
2011-03-15 18:03 . 2011-03-15 18:03 563200 ----a-w- c:\program files\WTRDCTM.EXE
2011-03-15 18:03 . 2011-03-15 18:03 3690496 ----a-w- c:\program files\WTRAN32.EXE
2011-03-15 18:03 . 2011-03-15 18:03 2568192 ----a-w- c:\program files\WDICT32.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2000-01-01 528384]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Lubomir Opatovsky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Garmin Lifetime Updater"=c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Lubomir Opatovsky\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.8.2011 11:03 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.10.2008 12:33 361032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 20:13 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 20:13 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [24.10.2012 7:44 21624]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [25.10.2011 14:58 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.10.2008 12:33 21256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.2.2011 11:42 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.2.2011 11:42 676936]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [16.7.2012 19:18 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [16.7.2012 19:18 10200]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 12:19 160944]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.6.2012 16:32 3048136]
S4 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [25.10.2011 14:58 587472]
.
.
------- Supplementary Scan -------
.
Trusted Zone: com\www.msi
TCP: DhcpNameServer = 193.110.186.240 217.75.71.141
FF - ProfilePath - c:\documents and settings\Lubomir Opatovsky\Application Data\Mozilla\Firefox\Profiles\f2m4i6in.default-1350718167421\
FF - prefs.js: browser.startup.homepage - zoznam.sk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-16 17:36; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox 4.0 Beta 11\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-20 09:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Lubomir Opatovsky\Application Data\Mozilla\Firefox\Profiles\f2m4i6in.default-1350718167421\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 22:30
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JD-00GBB0 rev.02.05D02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(848)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2012-11-03 22:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 21:40
ComboFix2.txt 2012-11-03 15:18
.
Pre-Run: 14 689 361 920 bytes free
Post-Run: 15 adresárov, 14 600 822 784 voľných bajtov
.
- - End Of File - - E2AFE7B50DF4A9C2AD89B102DEFBB6FB
Upload was successful

[vyosek]

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

• Ulozte nejlepe na plochu
• Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Report
• Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

[ajkal]

Log z MBR Scan

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 3 Stepping 4, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/11/05 (ISO 8601) at 12:57:24
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD1200JD-00GBB0 (02.05D02)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __WDC WD1200JD-00GBB0 (02.05D02)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	111.8 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 0B20A0437DAE9688A4A1C2678D549430
MBR_SHA1  : CF3041EDB5F633D6AED02D57FAF01C2D8DE489EE

Device\Harddisk0\Partition1	111.8 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk1\DR1	111.8 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : BDE63C965052BF7D129D0BEA8DF90A01
MBR_SHA1  : 7732E30954B9BCF4AE4F8D731CF6B292D848E87A

Device\Harddisk1\Partition1	111.8 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF4637000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF7CBB000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 0E A3 0E A3 00 00 80 01   .....,Dc.£.£....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 F8 F8 0D 00 00   ...þ..?...Áøø...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 D8 A2 D8 A2 00 00 00 01   .....,Dcآآ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 F8 F8 0D 00 00   ...þ..?...Áøø...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[vyosek]

Fajn, jak se chova PC

[ajkal]

Myslim ze je v poriadku. Dakujem za ochotu a pomoc. Nech sa dari.

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse