rundll32.exe vytazuje CPU

[miraslam]

ComboFix 10-07-07.02 - Miroslava - Slamená 11.07.2010 13:41:21.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.625 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslava - Slamená\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miroslava - Slamená\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

file zipped: c:\windows\system32\drivers\1316596.sys
file zipped: c:\windows\system32\drivers\13165961.sys
file zipped: c:\windows\system32\drivers\13165962.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\1316596.sys
c:\windows\system32\drivers\13165961.sys
c:\windows\system32\drivers\13165962.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_13165961
-------\Legacy_13165962
-------\Legacy_setup_9.0.0.722_09.07.2010_23-54drv
-------\Service_13165961
-------\Service_13165962
-------\Service_setup_9.0.0.722_09.07.2010_23-54drv


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-10 21:06 . 2010-07-10 21:11 -------- d-----w- c:\documents and settings\Administrator.N-1A4A6D4869384
2010-07-08 21:16 . 2010-07-08 21:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-23 06:30 . 2010-06-23 06:30 -------- d-----w- c:\program files\iPod
2010-06-23 06:29 . 2010-06-23 06:31 -------- d-----w- c:\program files\iTunes
2010-06-23 06:24 . 2010-06-23 06:24 -------- d-----w- c:\program files\Bonjour
2010-06-15 11:20 . 2010-06-15 11:20 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 21:18 . 2007-08-07 17:25 -------- d-----w- c:\program files\DivX
2010-07-07 12:13 . 2010-06-07 18:06 -------- d-----w- c:\program files\trend micro
2010-06-23 09:48 . 2006-09-16 00:43 83320 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 09:48 . 2006-09-16 00:43 439206 ----a-w- c:\windows\system32\perfh005.dat
2010-06-23 06:30 . 2008-01-30 12:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 09:04 . 2010-04-26 09:13 3532 ----a-w- C:\drmHeader.bin
2010-06-09 23:01 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 23:01 . 2008-02-20 16:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-03 16:13 . 2008-10-26 12:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 16:13 . 2008-02-28 15:57 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:29 . 2010-05-28 19:57 -------- d-----w- c:\program files\Olympus
2010-05-28 20:29 . 2006-09-15 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:35 . 2006-09-16 00:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-09-16 00:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 21:37 . 2010-04-24 21:37 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-24 21:37 . 2010-04-24 21:37 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-24 21:37 . 2010-04-24 21:37 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-20 05:32 . 2006-09-16 00:43 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47 . 2009-03-24 20:32 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2008-01-30 12:33 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-12 15:29 . 2010-04-19 19:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 12:22 . 2007-03-18 13:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 06:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-15 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"fscp"="c:\program files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 995328]
"FuncKey"="c:\program files\Hotkey Management\FuncKey.exe" [2006-09-05 139264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Miroslava - Slamen \Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_09.07.2010_23-54.lnk - c:\documents and settings\Miroslava - Slamen \Plocha\Virus Removal Tool\setup_9.0.0.722_09.07.2010_23-54\startup.exe [2010-7-9 72208]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-5-28 118784]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-12-25 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 09:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-12-25 22:24 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [14.1.2007 17:11 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [14.1.2007 17:11 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26.10.2008 14:07 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26.10.2008 14:07 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14.3.2010 11:50 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14.3.2010 11:51 308064]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [13.9.2007 11:31 9728]
R2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\fspadsvr.exe [16.9.2006 2:45 520704]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.7.2009 19:14 222968]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [16.9.2006 2:45 22912]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [16.9.2006 2:45 217600]
S2 gupdate1c9860c8a847b7c;Google Update Service (gupdate1c9860c8a847b7c);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 16:34 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [14.12.2009 17:47 16512]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.12.2006 23:37 30192]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [13.9.2007 11:31 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [13.9.2007 11:31 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [13.9.2007 11:31 95440]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [26.10.2008 12:04 27904]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 11:04]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 13:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86AAD990]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7337cb8
\Driver\atapi -> 0x86aad990
\Driver\iaStor -> iaStor.sys @ 0xf7225b58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(268)
c:\windows\system32\odyEvent.dll

- - - - - - - > 'explorer.exe'(796)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-07-11 14:04:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-11 12:04
ComboFix2.txt 2010-07-11 10:08
ComboFix3.txt 2010-07-10 22:47
ComboFix4.txt 2010-07-09 19:33
ComboFix5.txt 2010-07-11 11:34

Před spuštěním: Volných bajtů: 34 294 636 544
Po spuštění: Volných bajtů: 34 282 381 312

- - End Of File - - BAAF44D6CCE4D2E934F638216E50D67E

[Rudy]

Smazáno. Jak to vypadá nyní?

[Rudy]

Odinstalujte emulátory virtuálních mechanik. Stáhněte SPTD podle verze vašeho OS: http://www.duplexsecure.com/en/downloads . Uložte na plochu, spusťte a zvolte možnost "Uninstall". Pak stáhněte http://www.jpshortstuff.247fixes.com/Defogger.exe . Klikněte na "Disable a restartujte PC . Pak stáhněte http://www2.gmer.net/mbr/mbr.exe a uložte opět na plochu. Dále Start>spustit>(napsat) "%userprofile%\plocha\mbr" -t>OK. Vytvoří se log, který sem vložte. Nakonec stáhněte GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 spusťte a dejte z něj log.

[miraslam]

no vyzera to zatial oka...ale ktovie ako dlho to vydrzi...

a co znamenaju tieto polozky?
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false

or ine kt su pod mozillou a je za nimi false?

a ten navod, kt ste mi poslal, mam teda vykonat?

dik

[Rudy]

Ty položky jsou nějaké skripty, které patří FF. Nic nebezpečného. Ten poslední návod (poradil mi kolega) by měl přispět k definitivnímu vyčištění.

[miraslam]

1. krok. taku moznost som ani nemala. (SPDT)
2. ok
3. log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


4. po stiahnuti mi bud zamrzol program GMER or cely pc...neviem co s tym...

dik za pomoc

[Rudy]

Zkuste GMER spustit v nouz. režimu.

[miraslam]

ok a chcete len ten prvy scan alebo aj ten druhy?

dik

[Rudy]

Pak stáhněte http://www2.gmer.net/mbr/mbr.exe a uložte opět na plochu. Dále Start>spustit>(napsat) "%userprofile%\plocha\mbr" -t>OK.

Ten parametr (-t) tam muisí být. Spustil jste to bez něj.

[miraslam]

log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C33688]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86c33688
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

[miraslam]

a bohuzial ten GMER nejde ani v nudzom rezime...
neponuka mi to moznost save

[Rudy]

1 . Nabootujte z instal CD. Při první nabídce R-opravit, stiskněte R a vstupte do konzoly pro zotavení (musíte znát heslo do účtu administrator, je-li zaheslován). Do příkazového řádku zadejte:

fixmbr

Stiskněte Enter, potrvrďte a znovu odentrujte. nakonec zadejte:

exit

a stiskněte Enter

Pak použijte opět Avenger se skriptem:

Begin copying here:
Files to move:
c:\windows\system32\dllcache\atapi.sys | c:\windows\system32\drivers\atapi.sys

Zaškrtněte "Scan for rootkits" a klikněte na "Execute". Log, který Avenger vypíše sem vložte.

[miraslam]

dobry den,

mam este na vas jednu otazku.
moc sa v pc nevyznam a neviem, co znamena nabootovat instalacnym cd?

pytam sa pre istotu aby som si vsetko nevymazala.

dakujem

[Budovi]

Nabootovať inštalaňé CD:

1, pri spustení PC stláčať delete (najčastejšie) pre spustenie BIOSU
2, vyberte Advanced Bios Features
3, Nastavte First Boot Device na CD-ROM
4, stlačte F10 pre uloženie a ukončenie
5, vložte inštalačné CD do mechaniky pri štarte systému

návod sa môže mierne líšiť v závislosti od PC, ale býva to najčastejšie takto...

Pomôže aj znalosť AJ

V niektorých prípadoch býva bootovanie z CD prioritné a nemusíte nič nastavovať, proste vložíte pri štarte PC do mechaniky inštalačné CD

A ak ste menili podľa postupu priority bootovania, je pravdepodobné že to budete musieť navrátiť späť (zopakovať postup s tým že first boot device bude Hard Drive, HDD alebo aj s označením napr. HDD-0 , stačí keď si zapamätáte čo tam bolo)

[Rudy]

V biosu přepnete pořadí bootování tak, aby opt. mechanika byla jako první. Vložíte instal. CD WinXP, uložíte nastavení biosu a restartujete PC. Až se na obrazovce objeví "libovolnou klávesou spustíte instalaci", klepnete do libovolné klávesy a dál budete sledovat pokyny na obrazovce.