Prosím o kontrolu logu

[mrawenec]

ComboFix 10-03-22.03 - Sobi 23.03.2010 14:28:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1546 [GMT 1:00]
Spuštěný z: c:\documents and settings\Sobi\Plocha\cokoliv.com.exe
AV: avast! antivirus 4.8.1368 [VPS 100323-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-22 14:54 . 2010-03-23 09:18 -------- d-----w- c:\program files\Sunbelt Software
2010-03-22 14:18 . 2010-03-22 14:18 -------- d-----w- c:\program files\CCleaner
2010-03-22 11:33 . 2010-03-22 11:44 -------- d-----w- C:\Root
2010-03-22 11:33 . 2010-03-22 11:33 -------- d-----w- c:\program files\Activision
2010-03-22 10:58 . 2010-03-22 10:58 -------- d-----w- c:\windows\system32\xlive
2010-03-22 10:58 . 2010-03-22 10:58 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-22 09:56 . 2010-03-23 09:21 -------- d-----w- c:\program files\GSC World Publishing
2010-03-13 13:43 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-13 13:43 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-13 13:43 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-13 13:43 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-13 13:43 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-13 13:43 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-13 13:43 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-10 18:09 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 13:27 . 2008-06-29 18:55 9 ----a-w- c:\windows\mvraidver.dat
2010-03-22 11:44 . 2008-06-25 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 10:17 . 2006-03-02 12:00 80450 ----a-w- c:\windows\system32\perfc005.dat
2010-03-13 10:17 . 2006-03-02 12:00 435932 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 12:55 . 2008-06-29 18:47 -------- d-----w- c:\program files\uTorrent
2010-02-14 19:43 . 2008-12-24 20:08 -------- d-----w- c:\program files\WM Converter
2010-02-14 11:06 . 2010-02-14 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 16:56 . 2009-06-03 20:04 -------- d-----w- c:\program files\iTunes
2010-02-02 16:56 . 2009-06-03 20:04 -------- d-----w- c:\program files\iPod
2010-02-02 16:56 . 2008-08-07 18:38 -------- d-----w- c:\program files\Common Files\Apple
2010-01-16 15:26 . 2008-06-27 15:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-04 318256]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"Seznam Postak"="c:\documents and settings\Sobi\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-21 17:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Status Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 12:01 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 -c--a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-05-17 15:42 933888 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 12:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 12:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 12:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 16:02 49152 ------w- c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 08:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vietcong\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [25.5.2007 4:35 137728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.6.2008 12:11 114768]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21.7.2009 18:14 108552]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [16.12.2009 22:39 2944]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.6.2008 12:11 20560]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [10.1.2007 8:17 20539]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [25.6.2008 21:51 38656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.6.2008 16:29 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21.7.2009 18:14 335752]
S2 avg8wd;AVG Free8 WatchDog;c:\docume~1\Sobi\Plocha\NOVSLO~1\avgwdsvc.exe --> c:\docume~1\Sobi\Plocha\NOVSLO~1\avgwdsvc.exe [?]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [20.4.2007 23:40 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {C7475F4B-047C-4388-9429-DF5954259878} = 192.168.107.1
FF - ProfilePath - c:\documents and settings\Sobi\Data aplikací\Mozilla\Firefox\Profiles\kk24ktpz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-AVG8_TRAY - c:\docume~1\Sobi\Plocha\NOVSLO~1\avgtray.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-963894560-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-963894560-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c3,1b,45,9a,01,8e,dd,e2,50,dd,ca,c9,e1,2c,62,d1,54,db,74,5d,20,fc,48,
82,74,24,47,e1,f9,8b,17,9d,65,b5,63,bf,4d,03,b9,8c,67,9e,84,fd,30,a4,29,c4,\
"??"=hex:f0,a8,19,69,3e,63,3a,51,e5,93,78,6c,57,33,f3,29

[HKEY_USERS\S-1-5-21-1960408961-963894560-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,fc,94,90,be,23,29,5b,16,10,8b,b8,da,ca,26,55,35,02,cd,ea,26,
a4,e9,8d,56,65,db,ea,1a,7c,23,ce,c1,d8,f3,87,95,ae,51,d5,d0,da,e3,ea,28,2f,\
"rkeysecu"=hex:60,52,df,bf,78,75,75,3b,84,06,dc,fb,a9,ac,ec,03

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="6C7EB93DB41862752B36F893ADA6909066687EC1A7E1BCF11E95D8EAD0FEFEA89CE6F1B31FEF0C7DD1A694A4AE4686FD36928EDA2C68654F47F251075996E0D9868A373E983CFB411453459E8A998E2E56888BB83D357064AA820AD4ED21A6AC36683283CE8CA48CB0276C7A722EA3D152C030C9AEF283E5486838599F863AF9BB6FB13AB8A45A7F66FE0F46DD42A2EDBC285D1295FB23DDA03E32AD48DFECF1A98524B10C7CD70C7BADD6A5824DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA6171C11EC38DE3D4395EBE139CCB1B793475CBFD1B60CC457E829C9AA5BD1916F1F9A275FB62103681912B735D92F48BA55E98B244729419FA153B8F5A41DB36FF5D16CE9BEFD4D9A9C41E07456AC79242EE9158A421B863DD2A95C745D7719DE6229B3C3CBEFEF0347227B4208F8FB62BBB765054232404A4DD9C98314538900B8BE43C102A970AD93E6190AC429B268BEB479BBF305CE46B6160FA06C6583F9A53552DA98230B8ACF403C5D7D143491CAC6C4F79B6B47910794A8EE1E29B858A3338B2C5E172C6E9FE8E17032D64D994854ADA50E83F1748B8D8B3572DB0D0B87639074B083F612F81B731D77517DA3F24A0CD836ADCA98E3409DDE4A001CE47474749806AD4211279654DE7729F634D89BAF471210830B87EC3AF9195B339E6599C09FE49A196CC89E58D7EE4323B35F3AD94AB39300403CD9AFBAE5F85351A7896FB56B17B888CF7A484DAFCE1C713F21C1DFC264580E20D1C1764CA5B17DDD7DF12BC8B095AE05F762A61EBA321E014B8FA9F7F3D9AEA4202828F9F5B708FCB42B73423C53098164D671B4BA67CE873963ED227904408C970CF0343D04B5CEF37426AE4F4FAA3415CB5F0048F5FC85F04D97A36A0D45F20F0F90D096E6B3F1FE1900F9C79705E0E0D7C3211F4786027AD432F287DBA443DDC1F03C616690D7A1D960A6416C739DA28A99CD3EFB2CD9E1F2F099500E28BEE32B1AF33EBCC0452AE8CB4721C6B0D4BB647B4E6A67933C39162A3709F2FDF980C8BD8D94569AD4EB7069850E505CC50FD82C822D10C6AD13A0D77C3C103ADD1C082DAE0E555975BC0C061CF2E7FC0304521058CF3232048A6816B0371E51A61E4B5E94988E9D67F8C98F5C7F9F79F386ADAF57E5BD27EDB9B629AD0A891E6674EA6E0B658CE93FFC309C29A6BD1F53063CB61840D5DCE843CAF5618A71608091B09B78EB0C26E92D37E37D1F3E9DAF7642F848F9D16AC9CBD585CFD1ACB8AE6B5DC753E6001D23EE48BFE2E34D0A6ACFF869286DBDCE387AFD070DBC42AE7C7AA2FA26D28C7EFD2EC5B27A354FDBBB0D8DA18EBAD86B2F7C5E4CC46C6EAB4C3D275F12730BDDDED8035F7995DAEFAE"
.
Celkový čas: 2010-03-23 14:33:35
ComboFix-quarantined-files.txt 2010-03-23 13:33

Před spuštěním: Volných bajtů: 45 314 211 840
Po spuštění: Volných bajtů: 45 271 748 608

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 0895DA2DBDA1BAA0B0BA451F2FDE267B

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[mrawenec]

Možnost uninstall zvolit nejde

[Caroprd111]

V tom případě SPTD vynechte.

[mrawenec]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

OK, ještě Gmer.

[mrawenec]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-23 14:57:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Sobi\LOCALS~1\Temp\kgdoapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Ještě druhý log.

[mrawenec]

Při druhém scanu se mi vždy PC restartuje

[Caroprd111]

Zkuste Gmer přejmenovat (cokoliv.com) a spustit v nouzovém režimu.

[mrawenec]

To nepomohlo

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[mrawenec]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3904
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.3.2010 17:47:41
mbam-log-2010-03-23 (17-47-41).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 222321
Uplynulý čas: 37 minute(s), 30 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Caroprd111]

S PC pořád stejný problém

[mrawenec]

Ano