Neustaly upload

[raskar89]

mam dotaz: kdyz to spustim, tak se objevi moznost bud instalace windows, nebo opravit pc, dam opravit, a vyhleda to OS, nepta se me na heslo oproti navodu, objevi se nekolik moznosti, jako treba test pameti atd, mezi tim, je take prikazovy radek, spustim ho a je tam napsane x:\sources> napisu tam fixmbr nahlasi to chybu, ze toto tam psat nejde

[1danab]

chvilku strpení, něco k tomu dohledám

[1danab]

tak zkusíme tohle, mělo by to jít

stahnete MBR

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log

[raskar89]

nic napsal sem, napsalo se ze se to povedlo otevrit ale ze se objevila chyba pri cteni, otevrel sem znovu mbr naskoci na zlomek vteriny cerne okno ktere pak hned zase zmizi

[1danab]

zkuste to v nouzovém režimu

[raskar89]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[raskar89]

ale porad to nekam neco posila

[1danab]

potřebuju, abyste znovu aplikoval Combofix a vložil mi sem výsledný log

pokuste se ve firewallu dohledat co a kam komunikuje

[raskar89]

ComboFix 10-06-18.03 - Eduard Palíšek 19.06.2010 23:09:57.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.1951 [GMT 2:00]
Spuštěný z: c:\users\xxx\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\localsys64.exe
c:\windows\system32\64dlls.exe
c:\windows\system32\intel64.exe
c:\windows\system32\lsjdfh.exe
c:\windows\system32\ntos.exe
c:\windows\system32\oembios.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sdra73.exe
c:\windows\system32\swin32.exe
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe
c:\windows\system32\wsnpoema.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-19 do 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\users\EDUARD~2\AppData\Local\temp
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-19 16:21 . 2010-06-19 16:21 -------- d-----w- C:\VritualRoot
2010-06-19 16:20 . 2010-06-19 16:22 -------- d-----w- c:\programdata\COMODO
2010-06-19 16:18 . 2010-06-19 16:18 -------- d-----w- c:\program files\COMODO
2010-06-19 16:16 . 2010-06-19 16:17 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-18 21:04 . 2010-06-18 21:04 -------- d-----w- c:\program files\ESET
2010-06-13 13:42 . 2010-06-13 13:42 -------- d-----w- c:\programdata\McAfee
2010-06-11 21:44 . 1996-04-03 19:33 5248 ----a-w- c:\windows\system32\drivers\giveio.sys
2010-06-09 06:44 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 06:44 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 06:44 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 06:44 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 06:44 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 21:30 . 2010-06-01 21:30 -------- d-----w- c:\program files\GeoVid
2010-06-01 20:41 . 2010-06-01 21:41 -------- d-----w- c:\program files\Free Screen Recorder
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-31 20:59 . 2010-05-31 20:59 -------- d---a-w- c:\windows\rundll16.exe
2010-05-31 20:59 . 2010-05-31 20:59 -------- d---a-w- c:\windows\logo1_.exe
2010-05-30 16:34 . 2010-05-30 16:34 -------- d-----w- c:\program files\Common Files\lightning group shared files
2010-05-30 16:06 . 2010-05-30 16:06 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-30 15:54 . 2010-06-06 09:52 -------- d-----w- c:\program files\Bethesda Softworks
2010-05-29 19:45 . 2010-05-29 19:45 -------- d---a-w- c:\windows\VDLL.DLL
2010-05-29 19:45 . 2010-05-29 19:45 -------- d---a-w- c:\windows\system32\runouce.exe
2010-05-29 19:45 . 2010-05-29 19:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-05-29 19:45 . 2010-05-29 19:45 -------- d---a-w- c:\windows\logo_1.exe
2010-05-29 19:44 . 2010-05-29 19:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 19:44 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 19:41 . 2010-05-29 19:41 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-05-29 19:41 . 2010-05-29 19:41 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-05-29 19:41 . 2010-05-29 19:41 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-05-29 19:41 . 2010-05-29 19:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-05-29 19:41 . 2010-05-29 19:41 -------- d-----w- c:\programdata\MicroWorld
2010-05-26 09:30 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 20:44 . 2010-05-24 20:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-24 20:44 . 2010-06-13 13:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-22 15:01 . 2010-05-22 15:01 -------- d-----w- C:\$AVG
2010-05-22 12:09 . 2010-05-22 12:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-22 11:58 . 2010-05-22 12:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-22 11:58 . 2010-06-01 06:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-22 11:58 . 2010-05-22 12:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-22 11:58 . 2010-06-19 20:34 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-22 11:58 . 2010-06-01 06:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-22 11:58 . 2010-05-22 12:05 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-05-22 11:57 . 2010-05-22 11:57 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-22 11:55 . 2010-06-19 20:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-21 20:38 . 2010-05-21 20:38 -------- d-----w- c:\windows\system32\Wat
2010-05-21 18:48 . 2010-06-18 20:50 -------- d-----w- c:\program files\trend micro
2010-05-21 18:48 . 2010-05-21 18:55 -------- d-----w- C:\rsit
2010-05-21 16:00 . 2010-05-21 16:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-21 15:55 . 2010-05-21 22:53 -------- d-----w- c:\programdata\Lavasoft
2010-05-21 10:48 . 2010-05-21 10:48 -------- d-----w- c:\users\EDUARD~2\AppData\Roaming\Vidalia
2010-05-21 10:48 . 2010-05-21 10:48 -------- d-----w- c:\users\xxx

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 20:16 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 20:16 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-06-09 22:40 . 2010-03-19 21:17 -------- d-----w- c:\program files\ICQ7.0
2010-06-09 12:27 . 2009-12-25 13:44 -------- d-----w- c:\programdata\Microsoft Help
2010-06-06 19:58 . 2009-12-25 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 05:40 . 2010-01-04 11:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-01 05:40 . 2010-01-04 11:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-30 16:06 . 2009-12-25 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 19:53 . 2010-01-05 14:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-29 19:44 . 2009-12-30 13:51 -------- d-----w- c:\program files\Java
2010-05-27 20:34 . 2009-12-25 14:44 -------- d-----w- c:\program files\CCleaner
2010-05-26 09:48 . 2009-12-25 19:29 -------- d-----w- c:\program files\Microsoft
2010-05-24 20:43 . 2009-12-25 14:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-22 11:57 . 2009-12-25 14:22 -------- d-----w- c:\programdata\avg9
2010-05-21 23:07 . 2009-12-25 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 04:58 . 2009-12-25 14:48 -------- d-----w- c:\program files\uTorrent
2010-05-17 18:16 . 2009-12-29 11:47 -------- d-----w- c:\program files\Google
2010-05-15 13:44 . 2010-05-15 13:44 -------- d-sh--w- c:\programdata\SecuROM
2010-05-15 13:43 . 2010-05-15 13:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-13 10:39 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-04-29 18:06 . 2010-01-30 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 17:39 . 2010-04-29 17:39 -------- d-----w- c:\program files\Core Design
2010-04-29 10:19 . 2010-01-30 22:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 10:19 . 2010-01-30 22:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-29 06:15 . 2010-03-29 06:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-10-12 03:09 . 2009-12-25 17:06 94208 --sh--w- c:\windows\System32\SalaatTime.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-12-25 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-12-25 33136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
.lnk - c:\program files\AVG\AVG9\avgtray.exe [2010-6-1 2065248]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 10:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-13 13:36 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-25 23:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-01 691696]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 62464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-22 52872]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 232472]
S0 NIAPBootClean;NIAPBootClean;c:\windows\system32\Drivers\niapbc.sys [2010-02-05 11776]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-22 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-05-22 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-01 242896]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-27 67656]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-22 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-22 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-01 2331544]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
Obsah adresáře 'Naplánované úlohy'

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:47]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:47]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ljl9jlb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?client=firefox-a&rls=org.mozilla:cs:official&hl=cs&tab=wn
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-06-19 23:22:15
ComboFix-quarantined-files.txt 2010-06-19 21:22
ComboFix2.txt 2010-06-19 15:55
ComboFix3.txt 2010-05-30 21:23

Před spuštěním: Volných bajtů: 35 919 929 344
Po spuštění: Volných bajtů: 35 857 866 752

- - End Of File - - D279AB01B421FD9C988B5CB8E9062B7B



kazdou 2.sekundu je upload 208B/s, obcas se je aji vic, upload je vicemene neustale, nevim kam a nedokazu zjistit odkud to de, tim ze je to tak "male"

[raskar89]

ted to samo od sebe prestalo... tak nevim cim to je..

[1danab]

Combofix nám ještě nějaké svinstvo smazal, nicméně nevidím jak je na tom MBR, proto je potřeba udělat sken z CureIt
http://www.viry.cz/forum/viewtopic.php?f=29&t=47721 zde najdete link ke stažení a návod
nahlašte pak výsledky

[raskar89]

tak nic to nenaslo

[1danab]

probíhá v současné chvíli odesílání dat? jak se tváří pc?

[raskar89]

vypada to mnohem lip nez predtim, ted to posila jenom obcas a casem se to ustali na zhruba 3 odeslani za minutu, akorat dlouho po restartu pc blika kontrolka HDD, ikdyz uz je treba 20 minut po startu a vsechno je nactene, programu po spusteni mam malo a jen to, co chcu. nepoustim zbytecnosti.

[1danab]

potřebovala bych ještě, abyste znovu spustil Combofix a vložil mi sem log
restartujte pc a vložte sem i nový log z RSITu