Problém s virem?

Zpráva

Bug123 · #1 Příspěvek od **Bug123** » 23 čer 2010 10:31

Dobrý den, CF smzal nějaké soubory, ale nedokončil se. Zde je jejich seznam:
Svazek v jednotce E nemá žádnou jmenovku.
Sériové číslo svazku je E49F-7537.

Výpis adresáře E:\Qoobox\Quarantine\E\WINDOWS\system32

30.06.2009 12:19 310 310 autorun.inf.vir
12.04.2008 18:14 187 398 d3d10core.dll.vir
12.04.2008 18:14 874 502 kernel32new.dll.vir
12.04.2008 18:17 681 478 msvcrtnew.dll.vir
14.04.2008 08:52 137 216 TASKMGR.COM.vir
10.06.2009 08:31 132 096 _004078_.tmp.dll.vir
02.03.2006 14:00 146 944 _004079_.tmp.dll.vir
02.03.2006 14:00 101 888 _004080_.tmp.dll.vir
14.08.2009 17:23 1 850 112 _004081_.tmp.dll.vir
02.03.2006 14:00 96 768 _004088_.tmp.dll.vir
02.03.2006 14:00 22 040 _004089_.tmp.dll.vir
02.03.2006 14:00 50 688 _004090_.tmp.dll.vir
02.03.2006 14:00 990 208 _004091_.tmp.dll.vir
09.02.2009 12:11 111 104 _004093_.tmp.dll.vir
25.06.2009 10:48 168 448 _004094_.tmp.dll.vir
10.06.2009 08:31 132 096 _004095_.tmp.dll.vir
02.03.2006 14:00 146 944 _004096_.tmp.dll.vir
02.03.2006 14:00 423 424 _004097_.tmp.dll.vir
02.03.2006 14:00 64 000 _004098_.tmp.dll.vir
02.03.2006 14:00 101 888 _004099_.tmp.dll.vir
02.03.2006 14:00 58 880 _004100_.tmp.dll.vir
02.03.2006 14:00 61 440 _004101_.tmp.dll.vir
02.03.2006 14:00 662 016 _004102_.tmp.dll.vir
14.08.2009 17:23 1 850 112 _004103_.tmp.dll.vir
02.03.2006 14:00 236 544 _004104_.tmp.dll.vir
02.03.2006 14:00 39 936 _004106_.tmp.dll.vir
02.03.2006 14:00 34 304 _004107_.tmp.dll.vir
02.03.2006 14:00 553 472 _004108_.tmp.dll.vir
02.03.2006 14:00 8 192 _004112_.tmp.dll.vir
09.02.2009 12:22 709 632 _004113_.tmp.dll.vir
11.09.2009 16:35 133 632 _004115_.tmp.dll.vir
02.03.2006 14:00 96 768 _004117_.tmp.dll.vir
25.06.2009 10:48 723 456 _004118_.tmp.dll.vir
02.03.2006 14:00 50 688 _004119_.tmp.dll.vir
07.05.2009 17:44 345 088 _004120_.tmp.dll.vir
02.03.2006 14:00 249 270 _004121_.tmp.dll.vir
02.03.2006 14:00 13 824 _004122_.tmp.dll.vir
21.03.2009 16:21 984 576 _004123_.tmp.dll.vir
02.03.2006 14:00 144 384 _004124_.tmp.dll.vir
02.03.2006 14:00 990 208 _004125_.tmp.dll.vir
02.03.2006 14:00 110 080 _004127_.tmp.dll.vir
02.03.2006 14:00 136 192 _004128_.tmp.dll.vir
14.12.2009 09:37 33 280 _004129_.tmp.dll.vir
02.03.2006 14:00 278 528 _004130_.tmp.dll.vir
02.03.2006 14:00 611 328 _004131_.tmp.dll.vir
09.02.2009 12:11 111 104 _004132_.tmp.dll.vir
25.06.2009 10:48 168 448 _004133_.tmp.dll.vir
09.02.2009 12:22 683 520 _004136_.tmp.dll.vir
02.03.2006 14:00 423 424 _004137_.tmp.dll.vir
02.03.2006 14:00 64 000 _004138_.tmp.dll.vir
02.03.2006 14:00 58 880 _004140_.tmp.dll.vir
02.03.2006 14:00 61 440 _004141_.tmp.dll.vir
02.03.2006 14:00 662 016 _004142_.tmp.dll.vir
02.03.2006 14:00 236 544 _004144_.tmp.dll.vir
02.03.2006 14:00 39 936 _004146_.tmp.dll.vir
02.03.2006 14:00 34 304 _004147_.tmp.dll.vir
02.03.2006 14:00 553 472 _004148_.tmp.dll.vir
02.03.2006 14:00 8 192 _004152_.tmp.dll.vir
09.02.2009 12:22 709 632 _004153_.tmp.dll.vir
11.09.2009 16:35 133 632 _004155_.tmp.dll.vir
25.06.2009 10:48 723 456 _004158_.tmp.dll.vir
07.05.2009 17:44 345 088 _004160_.tmp.dll.vir
02.03.2006 14:00 13 824 _004161_.tmp.dll.vir
21.03.2009 16:21 984 576 _004162_.tmp.dll.vir
02.03.2006 14:00 144 384 _004163_.tmp.dll.vir
02.03.2006 14:00 110 080 _004166_.tmp.dll.vir
02.03.2006 14:00 136 192 _004167_.tmp.dll.vir
14.12.2009 09:37 33 280 _004168_.tmp.dll.vir
02.03.2006 14:00 278 528 _004169_.tmp.dll.vir
02.03.2006 14:00 611 328 _004170_.tmp.dll.vir
09.02.2009 12:22 683 520 _004175_.tmp.dll.vir
02.03.2006 14:00 382 464 _004177_.tmp.dll.vir
73 souborů, 24 240 646 bajtů
Adresářů: 2, Volných bajtů: 41 470 025 728

Jinak MWAV a MBAM nic nenašly, stejně jako Avira nebo Spyware Terminátor.
Předem děkuji za pomoc.

#2 Příspěvek od **riffman** » 23 čer 2010 13:36

zdravim

muzete se pokusit sken zopakovat, pripadne i v nouzovem rezimu a soupnout sem z nej log?

Bug123 · #3 Příspěvek od **Bug123** » 23 čer 2010 13:53

ComboFix 10-06-22.03 - MiK!-) 23.06.2010 14:40:42.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1687 [GMT 2:00]
Spuštěný z: e:\documents and settings\MiK!-)\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-23 do 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 12:02 . 2010-06-23 12:48 16968 ----a-w- e:\windows\system32\drivers\hitmanpro35.sys
2010-06-23 12:01 . 2010-06-23 12:01 -------- d-----w- d:\program files\Hitman Pro 3.5
2010-06-23 10:41 . 2010-06-23 10:41 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2010-06-23 10:40 . 2010-06-23 10:40 -------- d-----w- d:\program files\WinSCP
2010-06-21 11:51 . 2010-06-21 11:51 -------- d-----w- e:\windows\Performance
2010-06-21 11:49 . 2010-06-21 11:49 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-21 04:01 . 2010-06-21 04:01 -------- d-----w- d:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-20 19:22 . 2010-06-20 19:22 -------- d-sh--w- e:\documents and settings\Marka\IETldCache
2010-06-20 16:12 . 2010-06-20 16:12 -------- d-sh--w- e:\documents and settings\MiK!-)\IETldCache
2010-06-20 16:11 . 2010-06-20 16:11 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2010-06-20 11:54 . 2010-05-06 10:35 55296 -c----w- e:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 11:54 . 2010-05-06 10:35 599040 -c----w- e:\windows\system32\dllcache\msfeeds.dll
2010-06-20 11:54 . 2010-05-06 10:35 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2010-06-20 11:54 . 2010-05-06 10:35 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2010-06-20 11:54 . 2010-05-06 10:35 743424 -c----w- e:\windows\system32\dllcache\iedvtool.dll
2010-06-20 11:54 . 2010-05-06 10:35 1985536 -c----w- e:\windows\system32\dllcache\iertutil.dll
2010-06-20 11:54 . 2010-05-06 10:35 11076096 -c----w- e:\windows\system32\dllcache\ieframe.dll
2010-06-20 09:48 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 09:48 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-06-20 09:48 . 2010-06-20 09:48 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-06-20 09:30 . 2010-06-20 09:30 -------- d-----w- d:\program files\Yamicsoft
2010-06-19 18:39 . 2010-06-19 18:39 -------- d-----w- e:\windows\Sun
2010-06-19 18:34 . 2010-06-19 18:34 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2010-06-19 18:34 . 2010-06-20 06:21 -------- d-----w- d:\program files\DAEMON Tools Lite
2010-06-19 16:53 . 2010-06-19 16:53 -------- d-----w- d:\program files\Jalbum
2010-06-19 10:33 . 2010-06-19 10:33 -------- d-----w- d:\program files\Mihov Image Resizer
2010-06-19 10:14 . 2010-06-19 10:14 -------- d-----w- e:\windows\system32\windows media
2010-06-19 10:14 . 2010-06-19 10:14 -------- d-----w- d:\program files\Windows Media Components
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\VDLL.DLL
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\system32\runouce.exe
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\RUNDL132.EXE
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\logo_1.exe
2010-06-18 12:37 . 2010-06-18 12:37 632064 ----a-w- e:\windows\system32\msvcr80.dll
2010-06-18 12:37 . 2010-06-18 12:37 554240 ----a-w- e:\windows\system32\msvcp80.dll
2010-06-18 12:37 . 2010-06-18 12:37 34048 ----a-w- e:\windows\system32\eEmpty.exe
2010-06-18 12:37 . 2008-04-14 06:52 137216 ----a-w- e:\windows\system32\T.COM
2010-06-18 12:37 . 2008-04-14 06:52 147968 ----a-w- e:\windows\R.COM
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-----w- e:\program files\Common Files\MicroWorld
2010-06-18 12:21 . 2010-06-23 09:00 -------- d-----w- d:\program files\trend micro
2010-06-18 12:21 . 2010-06-18 12:21 -------- d-----w- E:\rsit
2010-06-17 20:34 . 2010-06-17 20:34 -------- d-----w- e:\program files\Common Files\Java
2010-06-17 20:34 . 2010-06-17 20:34 411368 ----a-w- e:\windows\system32\deployJava1.dll
2010-06-17 20:34 . 2010-06-17 20:34 -------- d-----w- d:\program files\Java
2010-06-17 20:32 . 2010-06-20 09:31 -------- d-----w- d:\program files\JAVSEditor
2010-06-17 08:02 . 2010-06-17 08:02 142592 ----a-w- e:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-17 08:02 . 2010-06-18 09:25 -------- d-----w- d:\program files\Spyware Terminator
2010-06-17 06:49 . 2000-10-20 11:25 487184 ----a-w- e:\windows\system32\Mrt7enu.dll
2010-06-17 06:49 . 2000-10-20 11:25 446464 ----a-w- e:\windows\system32\hhactivex.dll
2010-06-17 06:49 . 2000-10-20 11:25 31744 ----a-w- e:\windows\system32\Hlp95en.dll
2010-06-17 06:49 . 2000-10-20 11:25 79360 ----a-w- e:\windows\system32\acdbres.dll
2010-06-17 06:49 . 2010-06-17 06:49 -------- d-----w- d:\program files\Volo View Express
2010-06-17 06:49 . 2000-10-20 11:25 299520 ----a-w- e:\windows\uninst.exe
2010-06-17 06:49 . 2010-06-17 06:49 -------- d-----w- e:\documents and settings\MiK!-)\WINDOWS
2010-06-17 06:48 . 2010-06-17 06:48 -------- d-----w- e:\program files\Common Files\Wextech Shared
2010-06-17 06:48 . 2010-06-17 07:52 -------- d-----w- d:\program files\AutoCAD 2002 Cz
2010-06-17 06:48 . 2010-06-17 06:49 -------- d-----w- e:\program files\Common Files\Autodesk Shared
2010-06-17 06:46 . 2009-12-21 17:25 60416 ----a-w- e:\windows\CDILLA64.EXE
2010-06-17 06:46 . 2009-12-21 17:25 57136 ----a-w- e:\windows\system32\drivers\CDANT.SYS
2010-06-17 06:46 . 2009-12-21 17:25 55376 ----a-w- e:\windows\CDILLA40.DLL
2010-06-17 06:46 . 2009-12-21 17:25 7056 ----a-w- e:\windows\CDILLA16.EXE
2010-06-17 06:46 . 2009-12-21 17:25 63344 ----a-w- e:\windows\CDILLA05.DLL
2010-06-17 06:46 . 2009-12-21 17:25 45056 ----a-w- e:\windows\CDILLA13.DLL
2010-06-17 06:46 . 2009-12-21 17:25 32256 ----a-w- e:\windows\system32\drivers\CDANTSRV.EXE
2010-06-17 06:46 . 2009-12-21 17:25 260096 ----a-w- e:\windows\CDILLA32.DLL
2010-06-17 06:46 . 2009-12-21 17:25 23856 ----a-w- e:\windows\CDILLA10.EXE
2010-06-17 06:19 . 2010-06-17 09:03 -------- d-----w- d:\program files\Brain Challenge
2010-06-16 17:52 . 2008-10-27 08:04 23376 ----a-w- e:\windows\system32\X3DAudio1_5.dll
2010-06-16 17:48 . 2010-06-16 17:48 -------- d-----w- e:\windows\Logs
2010-06-16 17:41 . 2008-07-15 20:11 267112 ----a-w- e:\windows\system32\xactengine2_9.dll
2010-06-16 17:41 . 2007-10-22 01:37 17928 ----a-w- e:\windows\system32\X3DAudio1_2.dll
2010-06-16 17:32 . 2010-06-16 17:41 -------- d-----w- d:\program files\BCH
2010-06-14 19:31 . 2001-10-24 10:25 99328 -c--a-w- e:\windows\system32\dllcache\srusd.dll
2010-06-14 19:31 . 2001-10-24 10:25 99328 ----a-w- e:\windows\system32\srusd.dll
2010-06-14 19:31 . 2001-10-24 10:02 6784 -c--a-w- e:\windows\system32\dllcache\serscan.sys
2010-06-14 19:31 . 2001-10-24 10:02 6784 ----a-w- e:\windows\system32\drivers\serscan.sys
2010-06-14 19:31 . 2001-10-24 10:24 71680 -c--a-w- e:\windows\system32\dllcache\fnfilter.dll
2010-06-14 19:31 . 2001-10-24 10:24 71680 ----a-w- e:\windows\system32\fnfilter.dll
2010-06-13 17:55 . 2010-06-13 17:55 -------- d-----w- d:\program files\Electronic Arts
2010-06-12 22:52 . 2010-06-12 22:52 -------- d-----w- d:\program files\WinMend
2010-06-12 15:31 . 2010-06-12 15:31 -------- d-----w- d:\program files\Google
2010-06-12 15:31 . 2010-06-12 15:31 -------- d-----w- d:\program files\PhotoScape
2010-06-11 19:34 . 2010-06-11 20:06 -------- d-----w- e:\windows\system32\NtmsData
2010-06-11 18:21 . 2010-06-11 18:22 -------- d-----w- d:\program files\Armadillo Run
2010-06-11 17:59 . 2010-06-11 17:59 -------- d-----w- d:\program files\Armadillo Run Demo
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft SDKs
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft.NET
2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- e:\program files\Common Files\Corel
2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- e:\program files\Common Files\Protexis
2010-06-11 17:19 . 2010-06-11 17:19 -------- d-----w- d:\program files\Corel
2010-06-11 17:11 . 2006-06-29 11:07 14048 ------w- e:\windows\system32\spmsg2.dll
2010-06-11 17:10 . 2010-06-11 17:11 -------- d-----w- e:\windows\system32\XPSViewer
2010-06-11 17:10 . 2010-06-11 17:10 -------- d-----w- d:\program files\MSBuild
2010-06-11 17:09 . 2010-06-11 17:09 -------- d-----w- d:\program files\Reference Assemblies
2010-06-11 12:58 . 2010-06-21 12:32 -------- d-----w- d:\program files\Microsoft Games
2010-06-11 12:43 . 1999-08-03 08:50 172032 ----a-w- e:\windows\system32\binkw32.dll
2010-06-11 12:43 . 2010-06-11 12:43 -------- d-----w- d:\program files\Core Design
2010-06-11 10:58 . 2010-06-11 10:58 -------- d-----w- d:\program files\Smart Install Maker
2010-06-10 12:12 . 2010-06-21 12:51 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-06-10 12:10 . 2010-06-10 12:10 -------- d-----w- d:\program files\Empire Interactive
2010-06-10 10:53 . 2008-07-06 12:06 89088 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-10 10:52 . 2008-07-06 12:06 89088 -c----w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-10 10:52 . 2008-07-06 12:06 575488 -c----w- e:\windows\system32\dllcache\xpsshhdr.dll
2010-06-10 10:52 . 2008-07-06 12:06 575488 ------w- e:\windows\system32\xpsshhdr.dll
2010-06-10 10:52 . 2008-07-06 12:06 117760 ------w- e:\windows\system32\prntvpt.dll
2010-06-10 10:52 . 2008-07-06 10:50 597504 -c----w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-10 10:52 . 2008-07-06 10:50 597504 ------w- e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-10 10:52 . 2008-07-06 12:06 1676288 -c----w- e:\windows\system32\dllcache\xpssvcs.dll
2010-06-10 10:52 . 2008-07-06 12:06 1676288 ------w- e:\windows\system32\xpssvcs.dll
2010-06-10 10:50 . 2010-06-12 08:53 -------- d-----w- d:\program files\Windows Desktop Search
2010-06-10 10:50 . 2010-06-10 10:50 -------- d-----w- e:\windows\system32\GroupPolicy
2010-06-10 10:49 . 2008-03-07 17:02 98304 -c----w- e:\windows\system32\dllcache\nlhtml.dll
2010-06-10 10:49 . 2008-03-07 17:02 29696 -c----w- e:\windows\system32\dllcache\mimefilt.dll
2010-06-10 10:49 . 2008-03-07 17:02 192000 -c----w- e:\windows\system32\dllcache\offfilt.dll
2010-06-10 10:49 . 2010-06-10 10:49 -------- d-----w- d:\program files\Windows Media Connect 2
2010-06-10 10:48 . 2010-06-14 06:27 -------- d-----w- e:\windows\system32\drivers\UMDF
2010-06-10 10:48 . 2010-06-10 10:48 -------- d-----w- e:\windows\system32\LogFiles
2010-06-10 10:46 . 2010-06-10 10:47 -------- d-----w- e:\windows\system32\URTTemp
2010-06-10 06:21 . 2010-06-10 06:27 -------- d-----w- d:\program files\3DO
2010-06-10 06:21 . 1999-05-18 12:31 306688 ----a-w- e:\windows\IsUninst.exe
2010-06-10 05:35 . 2010-06-10 05:35 -------- d-----w- d:\program files\NVIDIA Corporation
2010-06-10 05:35 . 2010-06-10 05:35 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-06-10 05:29 . 2010-06-10 05:29 -------- d-----w- d:\program files\VS Revo Group
2010-06-10 05:28 . 2010-06-10 05:28 -------- d-----w- d:\program files\GRETECH
2010-06-10 05:14 . 2009-12-09 05:55 726528 -c--a-w- e:\windows\system32\dllcache\jscript.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 18:11 . 2010-06-06 18:47 15600 ----a-w- e:\windows\gdrv.sys
2010-06-16 04:46 . 2006-03-02 12:00 90726 ----a-w- e:\windows\system32\perfc005.dat
2010-06-16 04:46 . 2006-03-02 12:00 458644 ----a-w- e:\windows\system32\perfh005.dat
2010-06-10 12:10 . 2010-06-06 18:49 -------- d-----w- e:\program files\Common Files\InstallShield
2010-06-10 06:16 . 2010-06-10 06:16 691696 ----a-w- e:\windows\system32\drivers\sptd.sys.85214245
2010-06-10 05:39 . 2010-06-10 05:39 2947 ----a-w- e:\windows\system32\unins000.dat
2010-06-10 05:38 . 2010-06-10 05:39 716153 ----a-w- e:\windows\system32\unins000.exe
2010-06-09 16:39 . 2010-04-08 23:25 229312 ----a-w- e:\windows\system32\drivers\cmdGuard.sys
2010-06-08 17:11 . 2010-06-06 18:35 76487 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-08 17:11 . 2010-06-06 18:35 2684 ----a-w- e:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-07 19:41 . 2010-06-07 19:39 133059 ----a-w- e:\windows\hpoins14.dat
2010-06-07 19:39 . 2010-06-07 19:39 -------- d-----w- d:\program files\HP
2010-06-07 14:45 . 2009-09-27 13:30 -------- d-----w- d:\program files\OpenOffice.org 3
2010-06-06 19:58 . 2010-04-08 23:26 278288 ----a-w- e:\windows\system32\guard32.dll
2010-06-06 19:58 . 2010-04-08 23:25 87824 ----a-w- e:\windows\system32\drivers\inspect.sys
2010-06-06 19:58 . 2010-04-08 23:25 25240 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-06-06 19:58 . 2010-04-08 23:25 15464 ----a-w- e:\windows\system32\drivers\cmderd.sys
2010-06-06 19:34 . 2010-06-06 19:33 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-06-06 19:33 . 2010-06-06 19:33 552 ----a-w- e:\windows\system32\d3d8caps.dat
2010-06-06 19:12 . 2010-06-06 19:12 0 ----a-w- e:\windows\nsreg.dat
2010-06-06 18:49 . 2010-06-06 18:49 315392 ----a-w- e:\windows\HideWin.exe
2010-06-06 18:44 . 2010-06-06 18:35 8972 ----a-w- e:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-06 18:33 . 2010-06-06 18:33 21812 ----a-w- e:\windows\system32\emptyregdb.dat
2010-06-02 02:55 . 2010-06-16 17:53 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-16 17:53 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-16 17:53 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-05-29 09:15 . 2010-05-29 09:15 10240 --sha-w- d:\program files\Thumbs.db
2010-05-26 09:41 . 2010-06-16 17:53 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- e:\windows\system32\atmfd.dll
2008-03-09 05:25 . 2010-06-10 05:39 236 ----a-w- e:\program files\Common Files\dx.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SpywareTerminatorUpdate"="d:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-06-17 3037696]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="e:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-06 2039240]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpywareTerminator"="d:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-17 2176512]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HitmanPro35"="d:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-06-23 6110528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Marka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\program files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"d:\\program files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"d:\\program files\\WinSCP\\WinSCP.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.6.2010 20:34 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;e:\windows\system32\drivers\cmdGuard.sys [9.4.2010 1:25 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [9.4.2010 1:25 25240]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2010 10:02 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6.6.2010 21:05 135336]
R2 CLPSLS;COMODO livePCsupport Service;e:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19.2.2010 17:00 148744]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;e:\windows\system32\drivers\hitmanpro35.sys [23.6.2010 14:02 16968]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [12.6.2010 17:31 135664]
S3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [7.6.2010 16:41 406016]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - HITMANPRO35

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 15:31]

2010-06-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 15:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: { - d:\program files\Messenger\msmsgs.exe
TCP: {07928D47-B8B6-48B9-9435-3BD2D745908B} = 156.154.70.22,156.154.71.22
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://d:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - e:\documents and settings\MiK!-)\Data aplikací\Mozilla\Firefox\Profiles\j55mfber.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 14:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgo.sys >>UNKNOWN [0x8A57E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2764)
e:\windows\system32\msi.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
d:\program files\WinSCP\DragExt.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\COMODO\COMODO Internet Security\cmdagent.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\windows\system32\DRIVERS\CDANTSRV.EXE
e:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\nvsvc32.exe
e:\program files\Common Files\Protexis\License Service\PsiService_2.exe
d:\program files\Spyware Terminator\sp_rsser.exe
e:\windows\system32\SearchIndexer.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\RUNDLL32.EXE
e:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-06-23 14:51:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-23 12:50

Před spuštěním: Volných bajtů: 41 516 834 816
Po spuštění: Volných bajtů: 41 321 062 400

- - End Of File - - 24CBCF1DB4FD3D4D7C4EE62280DFC407

#4 Příspěvek od **riffman** » 23 čer 2010 17:55

stahnete MBR

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log

Bug123 · #5 Příspěvek od **Bug123** » 23 čer 2010 19:36

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#6 Příspěvek od **riffman** » 23 čer 2010 20:03

super

opetovne aplikujte Combofix a aktualni log sem

Bug123 · #7 Příspěvek od **Bug123** » 23 čer 2010 21:48

ComboFix 10-06-23.01 - MiK!-) 23.06.2010 22:43:27.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1363 [GMT 2:00]
Spuštěný z: e:\documents and settings\MiK!-)\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-23 do 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 12:02 . 2010-06-23 19:26 16968 ----a-w- e:\windows\system32\drivers\hitmanpro35.sys
2010-06-23 12:01 . 2010-06-23 12:01 -------- d-----w- d:\program files\Hitman Pro 3.5
2010-06-23 10:41 . 2010-06-23 10:41 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2010-06-23 10:40 . 2010-06-23 10:40 -------- d-----w- d:\program files\WinSCP
2010-06-21 11:51 . 2010-06-21 11:51 -------- d-----w- e:\windows\Performance
2010-06-21 11:49 . 2010-06-21 11:49 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-21 04:01 . 2010-06-21 04:01 -------- d-----w- d:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-20 19:22 . 2010-06-20 19:22 -------- d-sh--w- e:\documents and settings\Marka\IETldCache
2010-06-20 16:12 . 2010-06-20 16:12 -------- d-sh--w- e:\documents and settings\MiK!-)\IETldCache
2010-06-20 16:11 . 2010-06-20 16:11 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2010-06-20 11:54 . 2010-05-06 10:35 55296 -c----w- e:\windows\system32\dllcache\msfeedsbs.dll
2010-06-20 11:54 . 2010-05-06 10:35 599040 -c----w- e:\windows\system32\dllcache\msfeeds.dll
2010-06-20 11:54 . 2010-05-06 10:35 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2010-06-20 11:54 . 2010-05-06 10:35 247808 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2010-06-20 11:54 . 2010-05-06 10:35 743424 -c----w- e:\windows\system32\dllcache\iedvtool.dll
2010-06-20 11:54 . 2010-05-06 10:35 1985536 -c----w- e:\windows\system32\dllcache\iertutil.dll
2010-06-20 11:54 . 2010-05-06 10:35 11076096 -c----w- e:\windows\system32\dllcache\ieframe.dll
2010-06-20 09:48 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 09:48 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-06-20 09:48 . 2010-06-20 09:48 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-06-20 09:30 . 2010-06-20 09:30 -------- d-----w- d:\program files\Yamicsoft
2010-06-19 18:39 . 2010-06-19 18:39 -------- d-----w- e:\windows\Sun
2010-06-19 18:34 . 2010-06-19 18:34 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2010-06-19 18:34 . 2010-06-20 06:21 -------- d-----w- d:\program files\DAEMON Tools Lite
2010-06-19 16:53 . 2010-06-19 16:53 -------- d-----w- d:\program files\Jalbum
2010-06-19 10:33 . 2010-06-19 10:33 -------- d-----w- d:\program files\Mihov Image Resizer
2010-06-19 10:14 . 2010-06-19 10:14 -------- d-----w- e:\windows\system32\windows media
2010-06-19 10:14 . 2010-06-19 10:14 -------- d-----w- d:\program files\Windows Media Components
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\VDLL.DLL
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\system32\runouce.exe
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\RUNDL132.EXE
2010-06-18 12:43 . 2010-06-18 12:43 -------- d---a-w- e:\windows\logo_1.exe
2010-06-18 12:37 . 2010-06-18 12:37 632064 ----a-w- e:\windows\system32\msvcr80.dll
2010-06-18 12:37 . 2010-06-18 12:37 554240 ----a-w- e:\windows\system32\msvcp80.dll
2010-06-18 12:37 . 2010-06-18 12:37 34048 ----a-w- e:\windows\system32\eEmpty.exe
2010-06-18 12:37 . 2008-04-14 06:52 137216 ----a-w- e:\windows\system32\T.COM
2010-06-18 12:37 . 2008-04-14 06:52 147968 ----a-w- e:\windows\R.COM
2010-06-18 12:37 . 2010-06-18 12:37 -------- d-----w- e:\program files\Common Files\MicroWorld
2010-06-18 12:21 . 2010-06-23 09:00 -------- d-----w- d:\program files\trend micro
2010-06-18 12:21 . 2010-06-18 12:21 -------- d-----w- E:\rsit
2010-06-17 20:34 . 2010-06-17 20:34 -------- d-----w- e:\program files\Common Files\Java
2010-06-17 20:34 . 2010-06-17 20:34 411368 ----a-w- e:\windows\system32\deployJava1.dll
2010-06-17 20:34 . 2010-06-17 20:34 -------- d-----w- d:\program files\Java
2010-06-17 20:32 . 2010-06-20 09:31 -------- d-----w- d:\program files\JAVSEditor
2010-06-17 08:02 . 2010-06-17 08:02 142592 ----a-w- e:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-17 08:02 . 2010-06-18 09:25 -------- d-----w- d:\program files\Spyware Terminator
2010-06-17 06:49 . 2000-10-20 11:25 487184 ----a-w- e:\windows\system32\Mrt7enu.dll
2010-06-17 06:49 . 2000-10-20 11:25 446464 ----a-w- e:\windows\system32\hhactivex.dll
2010-06-17 06:49 . 2000-10-20 11:25 31744 ----a-w- e:\windows\system32\Hlp95en.dll
2010-06-17 06:49 . 2000-10-20 11:25 79360 ----a-w- e:\windows\system32\acdbres.dll
2010-06-17 06:49 . 2010-06-17 06:49 -------- d-----w- d:\program files\Volo View Express
2010-06-17 06:49 . 2000-10-20 11:25 299520 ----a-w- e:\windows\uninst.exe
2010-06-17 06:49 . 2010-06-17 06:49 -------- d-----w- e:\documents and settings\MiK!-)\WINDOWS
2010-06-17 06:48 . 2010-06-17 06:48 -------- d-----w- e:\program files\Common Files\Wextech Shared
2010-06-17 06:48 . 2010-06-17 07:52 -------- d-----w- d:\program files\AutoCAD 2002 Cz
2010-06-17 06:48 . 2010-06-17 06:49 -------- d-----w- e:\program files\Common Files\Autodesk Shared
2010-06-17 06:46 . 2009-12-21 17:25 60416 ----a-w- e:\windows\CDILLA64.EXE
2010-06-17 06:46 . 2009-12-21 17:25 57136 ----a-w- e:\windows\system32\drivers\CDANT.SYS
2010-06-17 06:46 . 2009-12-21 17:25 55376 ----a-w- e:\windows\CDILLA40.DLL
2010-06-17 06:46 . 2009-12-21 17:25 7056 ----a-w- e:\windows\CDILLA16.EXE
2010-06-17 06:46 . 2009-12-21 17:25 63344 ----a-w- e:\windows\CDILLA05.DLL
2010-06-17 06:46 . 2009-12-21 17:25 45056 ----a-w- e:\windows\CDILLA13.DLL
2010-06-17 06:46 . 2009-12-21 17:25 32256 ----a-w- e:\windows\system32\drivers\CDANTSRV.EXE
2010-06-17 06:46 . 2009-12-21 17:25 260096 ----a-w- e:\windows\CDILLA32.DLL
2010-06-17 06:46 . 2009-12-21 17:25 23856 ----a-w- e:\windows\CDILLA10.EXE
2010-06-17 06:19 . 2010-06-17 09:03 -------- d-----w- d:\program files\Brain Challenge
2010-06-16 17:52 . 2008-10-27 08:04 23376 ----a-w- e:\windows\system32\X3DAudio1_5.dll
2010-06-16 17:48 . 2010-06-16 17:48 -------- d-----w- e:\windows\Logs
2010-06-16 17:41 . 2008-07-15 20:11 267112 ----a-w- e:\windows\system32\xactengine2_9.dll
2010-06-16 17:41 . 2007-10-22 01:37 17928 ----a-w- e:\windows\system32\X3DAudio1_2.dll
2010-06-16 17:32 . 2010-06-16 17:41 -------- d-----w- d:\program files\BCH
2010-06-14 19:31 . 2001-10-24 10:25 99328 -c--a-w- e:\windows\system32\dllcache\srusd.dll
2010-06-14 19:31 . 2001-10-24 10:25 99328 ----a-w- e:\windows\system32\srusd.dll
2010-06-14 19:31 . 2001-10-24 10:02 6784 -c--a-w- e:\windows\system32\dllcache\serscan.sys
2010-06-14 19:31 . 2001-10-24 10:02 6784 ----a-w- e:\windows\system32\drivers\serscan.sys
2010-06-14 19:31 . 2001-10-24 10:24 71680 -c--a-w- e:\windows\system32\dllcache\fnfilter.dll
2010-06-14 19:31 . 2001-10-24 10:24 71680 ----a-w- e:\windows\system32\fnfilter.dll
2010-06-13 17:55 . 2010-06-13 17:55 -------- d-----w- d:\program files\Electronic Arts
2010-06-12 22:52 . 2010-06-12 22:52 -------- d-----w- d:\program files\WinMend
2010-06-12 15:31 . 2010-06-12 15:31 -------- d-----w- d:\program files\Google
2010-06-12 15:31 . 2010-06-12 15:31 -------- d-----w- d:\program files\PhotoScape
2010-06-11 19:34 . 2010-06-11 20:06 -------- d-----w- e:\windows\system32\NtmsData
2010-06-11 18:21 . 2010-06-11 18:22 -------- d-----w- d:\program files\Armadillo Run
2010-06-11 17:59 . 2010-06-11 17:59 -------- d-----w- d:\program files\Armadillo Run Demo
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft SDKs
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft Visual Studio 9.0
2010-06-11 17:23 . 2010-06-11 17:23 -------- d-----w- d:\program files\Microsoft.NET
2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- e:\program files\Common Files\Corel
2010-06-11 17:22 . 2010-06-11 17:22 -------- d-----w- e:\program files\Common Files\Protexis
2010-06-11 17:19 . 2010-06-11 17:19 -------- d-----w- d:\program files\Corel
2010-06-11 17:11 . 2006-06-29 11:07 14048 ------w- e:\windows\system32\spmsg2.dll
2010-06-11 17:10 . 2010-06-11 17:11 -------- d-----w- e:\windows\system32\XPSViewer
2010-06-11 17:10 . 2010-06-11 17:10 -------- d-----w- d:\program files\MSBuild
2010-06-11 17:09 . 2010-06-11 17:09 -------- d-----w- d:\program files\Reference Assemblies
2010-06-11 12:58 . 2010-06-21 12:32 -------- d-----w- d:\program files\Microsoft Games
2010-06-11 12:43 . 1999-08-03 08:50 172032 ----a-w- e:\windows\system32\binkw32.dll
2010-06-11 12:43 . 2010-06-11 12:43 -------- d-----w- d:\program files\Core Design
2010-06-11 10:58 . 2010-06-11 10:58 -------- d-----w- d:\program files\Smart Install Maker
2010-06-10 12:12 . 2010-06-21 12:51 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-06-10 12:10 . 2010-06-10 12:10 -------- d-----w- d:\program files\Empire Interactive
2010-06-10 10:53 . 2008-07-06 12:06 89088 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-10 10:52 . 2008-07-06 12:06 89088 -c----w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-10 10:52 . 2008-07-06 12:06 575488 -c----w- e:\windows\system32\dllcache\xpsshhdr.dll
2010-06-10 10:52 . 2008-07-06 12:06 575488 ------w- e:\windows\system32\xpsshhdr.dll
2010-06-10 10:52 . 2008-07-06 12:06 117760 ------w- e:\windows\system32\prntvpt.dll
2010-06-10 10:52 . 2008-07-06 10:50 597504 -c----w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-10 10:52 . 2008-07-06 10:50 597504 ------w- e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-10 10:52 . 2008-07-06 12:06 1676288 -c----w- e:\windows\system32\dllcache\xpssvcs.dll
2010-06-10 10:52 . 2008-07-06 12:06 1676288 ------w- e:\windows\system32\xpssvcs.dll
2010-06-10 10:50 . 2010-06-12 08:53 -------- d-----w- d:\program files\Windows Desktop Search
2010-06-10 10:50 . 2010-06-10 10:50 -------- d-----w- e:\windows\system32\GroupPolicy
2010-06-10 10:49 . 2008-03-07 17:02 98304 -c----w- e:\windows\system32\dllcache\nlhtml.dll
2010-06-10 10:49 . 2008-03-07 17:02 29696 -c----w- e:\windows\system32\dllcache\mimefilt.dll
2010-06-10 10:49 . 2008-03-07 17:02 192000 -c----w- e:\windows\system32\dllcache\offfilt.dll
2010-06-10 10:49 . 2010-06-10 10:49 -------- d-----w- d:\program files\Windows Media Connect 2
2010-06-10 10:48 . 2010-06-14 06:27 -------- d-----w- e:\windows\system32\drivers\UMDF
2010-06-10 10:48 . 2010-06-10 10:48 -------- d-----w- e:\windows\system32\LogFiles
2010-06-10 10:46 . 2010-06-10 10:47 -------- d-----w- e:\windows\system32\URTTemp
2010-06-10 06:21 . 2010-06-10 06:27 -------- d-----w- d:\program files\3DO
2010-06-10 06:21 . 1999-05-18 12:31 306688 ----a-w- e:\windows\IsUninst.exe
2010-06-10 05:35 . 2010-06-10 05:35 -------- d-----w- d:\program files\NVIDIA Corporation
2010-06-10 05:35 . 2010-06-10 05:35 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-06-10 05:29 . 2010-06-10 05:29 -------- d-----w- d:\program files\VS Revo Group
2010-06-10 05:28 . 2010-06-10 05:28 -------- d-----w- d:\program files\GRETECH
2010-06-10 05:14 . 2009-12-09 05:55 726528 -c--a-w- e:\windows\system32\dllcache\jscript.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 18:11 . 2010-06-06 18:47 15600 ----a-w- e:\windows\gdrv.sys
2010-06-16 04:46 . 2006-03-02 12:00 90726 ----a-w- e:\windows\system32\perfc005.dat
2010-06-16 04:46 . 2006-03-02 12:00 458644 ----a-w- e:\windows\system32\perfh005.dat
2010-06-10 12:10 . 2010-06-06 18:49 -------- d-----w- e:\program files\Common Files\InstallShield
2010-06-10 06:16 . 2010-06-10 06:16 691696 ----a-w- e:\windows\system32\drivers\sptd.sys.85214245
2010-06-10 05:39 . 2010-06-10 05:39 2947 ----a-w- e:\windows\system32\unins000.dat
2010-06-10 05:38 . 2010-06-10 05:39 716153 ----a-w- e:\windows\system32\unins000.exe
2010-06-09 16:39 . 2010-04-08 23:25 229312 ----a-w- e:\windows\system32\drivers\cmdGuard.sys
2010-06-08 17:11 . 2010-06-06 18:35 76487 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-08 17:11 . 2010-06-06 18:35 2684 ----a-w- e:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-07 19:41 . 2010-06-07 19:39 133059 ----a-w- e:\windows\hpoins14.dat
2010-06-07 19:39 . 2010-06-07 19:39 -------- d-----w- d:\program files\HP
2010-06-07 14:45 . 2009-09-27 13:30 -------- d-----w- d:\program files\OpenOffice.org 3
2010-06-06 19:58 . 2010-04-08 23:26 278288 ----a-w- e:\windows\system32\guard32.dll
2010-06-06 19:58 . 2010-04-08 23:25 87824 ----a-w- e:\windows\system32\drivers\inspect.sys
2010-06-06 19:58 . 2010-04-08 23:25 25240 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-06-06 19:58 . 2010-04-08 23:25 15464 ----a-w- e:\windows\system32\drivers\cmderd.sys
2010-06-06 19:34 . 2010-06-06 19:33 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-06-06 19:33 . 2010-06-06 19:33 552 ----a-w- e:\windows\system32\d3d8caps.dat
2010-06-06 19:12 . 2010-06-06 19:12 0 ----a-w- e:\windows\nsreg.dat
2010-06-06 18:49 . 2010-06-06 18:49 315392 ----a-w- e:\windows\HideWin.exe
2010-06-06 18:44 . 2010-06-06 18:35 8972 ----a-w- e:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-06 18:33 . 2010-06-06 18:33 21812 ----a-w- e:\windows\system32\emptyregdb.dat
2010-06-02 02:55 . 2010-06-16 17:53 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-16 17:53 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-16 17:53 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-05-29 09:15 . 2010-05-29 09:15 10240 --sha-w- d:\program files\Thumbs.db
2010-05-26 09:41 . 2010-06-16 17:53 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-06-16 17:53 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- e:\windows\system32\atmfd.dll
2008-03-09 05:25 . 2010-06-10 05:39 236 ----a-w- e:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((( SnapShot@2010-06-23_12.47.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 20:40 . 2010-06-23 20:40 16384 e:\windows\temp\Perflib_Perfdata_204.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SpywareTerminatorUpdate"="d:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-06-17 3037696]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="e:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-06 2039240]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpywareTerminator"="d:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-17 2176512]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HitmanPro35"="d:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-06-23 6110528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Marka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\program files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"d:\\program files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"d:\\program files\\WinSCP\\WinSCP.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;e:\windows\system32\drivers\cmdGuard.sys [9.4.2010 1:25 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [9.4.2010 1:25 25240]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2010 10:02 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6.6.2010 21:05 135336]
R2 CLPSLS;COMODO livePCsupport Service;e:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19.2.2010 17:00 148744]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.6.2010 20:34 691696]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [12.6.2010 17:31 135664]
S3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [7.6.2010 16:41 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 15:31]

2010-06-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 15:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: { - d:\program files\Messenger\msmsgs.exe
TCP: {07928D47-B8B6-48B9-9435-3BD2D745908B} = 156.154.70.22,156.154.71.22
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://d:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - e:\documents and settings\MiK!-)\Data aplikací\Mozilla\Firefox\Profiles\j55mfber.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3928)
e:\windows\system32\msi.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-23 22:47:14
ComboFix-quarantined-files.txt 2010-06-23 20:47
ComboFix2.txt 2010-06-23 12:51

Před spuštěním: Volných bajtů: 41 277 075 456
Po spuštění: Volných bajtů: 41 264 144 384

- - End Of File - - 036BD9941F091706D4D18FE673786245

#8 Příspěvek od **riffman** » 24 čer 2010 05:48

hotovo

http://sweb.cz/Marinus/T-Cleaner.bat

stahnout, spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, cimz po mne uklidite

Bug123 · #9 Příspěvek od **Bug123** » 24 čer 2010 09:34

Soubor nelze stáhnout....

#10 Příspěvek od **riffman** » 24 čer 2010 09:45

momentalne je to nedostupny, stejne jako muj alter link...zkuste to prosim pozdeji, jinak log uz je OK, tohle je pouze na docisteni a odstraneni Combofixu a jeho karanteny

#11 Příspěvek od **riffman** » 24 čer 2010 09:46

zkuste jeste tenhle link, ten funguje http://sweb.cz/Marinus/T-Cleaner.exe

Bug123 · #12 Příspěvek od **Bug123** » 24 čer 2010 09:58

Hotovo

, velice děkuji za Vaší pomoc.

#13 Příspěvek od **riffman** » 24 čer 2010 09:59

nemate vubec zac

VIRY.CZ

Problém s virem?

Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?

Re: Problém s virem?