Po startu zamrzne NTB

[vyosek]

Ta hlaska je spravna, soubor ktery byl haveti byl smazan, je treba to jen docistit...Konzolu pro zotaveni nainstalujte - muze se obcas hodit

[JackalXA]

áááááha. Teď po restartu od CF koukám že se objevilo okno abych nic nedělal než se ukončí CF.

Zároveň se objevilo olno od win jestli opravdu chci ukončit Win essencials media codecs update sevice.
Někde sem tady na foru četl že práve win essencial může po startu systému natolik zpomalit systém kvůli vlastní aktualizaci až "zamrzává" Myslíte že to bude i můj případ?

Jinak koukám že se nic nedějě a CF asi čeká až potvrdím ukončení update Win essencials.Je to tak? Mám chcít ukončit update?

[vyosek]

Potvrdte tedy ten update...a uvidime co Combofix...

[JackalXA]

Tak CF dokončil práci a zde je log

ComboFix 10-08-21.06 - Administrator 22.08.2010 22:33:15.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.766.614 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisrd.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndisrd


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-22 do 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 19:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 19:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 18:49 . 2010-08-22 18:49 -------- d-----w- c:\program files\CCleaner
2010-08-22 04:30 . 2010-08-22 04:30 -------- d-----w- c:\program files\trend micro
2010-08-22 04:30 . 2010-08-22 04:30 -------- d-----w- C:\rsit
2010-08-21 20:35 . 2010-08-21 20:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-21 20:16 . 2010-08-21 20:29 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-08-20 19:24 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-20 19:24 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-20 19:24 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-20 19:24 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-20 19:23 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-20 19:23 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-08-07 20:04 . 2010-08-07 20:05 -------- d-----w- c:\program files\Essentials Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 13:44 . 2010-02-05 15:40 -------- d-----w- c:\program files\JDownloader
2010-08-12 17:39 . 2010-06-16 14:58 -------- d-----w- c:\program files\ICQ7.2
2010-08-10 22:21 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 22:21 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-08-05 13:31 . 2010-02-01 02:40 -------- d-----w- c:\program files\Google
2010-07-05 09:02 . 2010-07-02 19:18 -------- d-----w- c:\program files\rajce
2010-06-30 12:33 . 2004-08-17 14:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 16:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-18 19:29 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-18 19:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-18 19:29 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-18 19:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-18 19:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-18 19:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-18 19:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-18 19:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:27 . 2004-08-17 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-17 14:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 22:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-17 14:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-01 01:10 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-17 14:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-05-26 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-05-26 10:29 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-05-26 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-05-26 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"PsaStart"="c:\applic\ddc\bin\psastart.exe" [2009-02-26 40960]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"THGuard"="c:\program files\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Emanek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2010-2-1 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPLIC\\Portail\\mozilla.exe"=
"c:\\APP\\PPS\\mozilla.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.2.2010 21:29 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.2.2010 21:29 17744]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\applic\FIREBIRD\bin\fbguard.exe -s --> c:\applic\FIREBIRD\bin\fbguard.exe -s [?]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.2.2010 7:33 246520]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\applic\FIREBIRD\bin\fbserver.exe -s --> c:\applic\FIREBIRD\bin\fbserver.exe -s [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2010 15:28 136176]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2251ca15-ac48-11df-81e3-0016d457541c}]
\Shell\AutoRun\command - explorer.exe .
.
Obsah adresáře 'Naplánované úlohy'

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 13:28]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 13:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Emanek\Data aplikací\Mozilla\Firefox\Profiles\vgwaw1rq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Ywoko - c:\windows\womqodl.dll
HKLM-Run-BroadcomWireless - c:\program files\Broadcom\Wireless\Utility\WlanUtil.exe
SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 22:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Emanek\LOCALS~1\Temp\mc22.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'Explorer.EXE'(1236)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\applic\ddc\bin\psaagent.exe
c:\applic\FIREBIRD\bin\fbguard.exe
c:\applic\ddc\bin\psaRefreshPPO.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dwwin.exe
c:\applic\FIREBIRD\bin\fbserver.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-08-22 22:47:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-22 20:47

Před spuštěním: 2 709 229 568
Po spuštění: 6 697 820 160

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=signature(5ea4f703)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(5ea4f703)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C9D26608D72032067EEA71DBAD463934

[vyosek]

Odinstalujte TrojanHunter 4.2 - je to zbytecnost, na konci leceni, tam dame neco poradnyho

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Driver::
  mchInjDrv
  
  Folder::
  c:\docume~1\Emanek\LOCALS~1\Temp
  
  DDS::
  IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
  Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
  
  Firefox::
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
  
  File::
  c:\program files\BS_Player\tbBS_1.dll
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
  [-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "QuickTime Task"=-
  "Media Codec Update Service"=-
  "THGuard"=-

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[JackalXA]

Na ntb mi přestal fungovat internet. Ve správci zařízení jsou u některých zařízení vykřičníky a někde otazník.

[vyosek]

Nejake divne, ovladace pro sitovku jsem nemazal Muzete sem dat log z CF - pretahnout na fleshku a postnout...

Zkuste dat aktualizovat ovladac a pokud nepomuze tak restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[JackalXA]

internet přestal fungovat ještě před posledním tahem,tedy přetažením texťáku na CF. To běží teprve teď.
Mám takový dojem že to přestalo fungovat po návratu z nouzového režimu zpět na normál a ukončení updatu win essencials. Ale jistý si nejsem.

Edit.Teď běží ten CF s poznámkou na mazání tak jak bude log dodám

[vyosek]

Jj, log postnete a uvidime co z toho vyleze...

[JackalXA]

Tak zde je log po druhém kole s CF


ComboFix 10-08-21.06 - Emanek 22.08.2010 23:28:35.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.766.363 [GMT 2:00]
Spuštěný z: c:\documents and settings\Emanek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Emanek\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\BS_Player\tbBS_1.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Emanek\LOCALS~1\Temp
c:\docume~1\Emanek\LOCALS~1\Temp\_iu14D2N.tmp
c:\docume~1\Emanek\LOCALS~1\Temp\AdobeARM.log
c:\docume~1\Emanek\LOCALS~1\Temp\Arabic.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Av-test.txt
c:\docume~1\Emanek\LOCALS~1\Temp\Czech.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Danish.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Dutch.bin
c:\docume~1\Emanek\LOCALS~1\Temp\English.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Finnish.bin
c:\docume~1\Emanek\LOCALS~1\Temp\French.bin
c:\docume~1\Emanek\LOCALS~1\Temp\German.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Greek.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Hebrew.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Hungarian.bin
c:\docume~1\Emanek\LOCALS~1\Temp\IMT10.xml
c:\docume~1\Emanek\LOCALS~1\Temp\IMT9.xml
c:\docume~1\Emanek\LOCALS~1\Temp\IMTA.xml
c:\docume~1\Emanek\LOCALS~1\Temp\IMTB.xml
c:\docume~1\Emanek\LOCALS~1\Temp\IMTE.xml
c:\docume~1\Emanek\LOCALS~1\Temp\IMTF.xml
c:\docume~1\Emanek\LOCALS~1\Temp\Italian.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Japanese.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Korean.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Norwegian.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Polish.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Portuguese(Brazil).bin
c:\docume~1\Emanek\LOCALS~1\Temp\Portuguese.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Russian.bin
c:\docume~1\Emanek\LOCALS~1\Temp\SimChin.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Spanish.bin
c:\docume~1\Emanek\LOCALS~1\Temp\SWEDISH.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Thai.bin
c:\docume~1\Emanek\LOCALS~1\Temp\TradChin.bin
c:\docume~1\Emanek\LOCALS~1\Temp\Turkish.bin
c:\program files\BS_Player\tbBS_1.dll
c:\program files\CentrumczToolbar\IEToolbar.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-22 do 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 19:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 19:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 18:49 . 2010-08-22 18:49 -------- d-----w- c:\program files\CCleaner
2010-08-22 04:30 . 2010-08-22 04:30 -------- d-----w- c:\program files\trend micro
2010-08-22 04:30 . 2010-08-22 04:30 -------- d-----w- C:\rsit
2010-08-21 20:35 . 2010-08-21 20:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-21 20:16 . 2010-08-22 21:14 -------- d-----w- c:\program files\TrojanHunter 4.2
2010-08-20 19:24 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-20 19:24 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-20 19:24 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-20 19:24 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-20 19:23 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-20 19:23 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-08-07 20:04 . 2010-08-07 20:05 -------- d-----w- c:\program files\Essentials Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 21:36 . 2010-02-02 21:45 -------- d-----w- c:\program files\CentrumczToolbar
2010-08-22 21:36 . 2010-02-01 07:21 -------- d-----w- c:\program files\BS_Player
2010-08-16 13:44 . 2010-02-05 15:40 -------- d-----w- c:\program files\JDownloader
2010-08-12 17:39 . 2010-06-16 14:58 -------- d-----w- c:\program files\ICQ7.2
2010-08-10 22:21 . 2001-10-25 12:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-08-10 22:21 . 2001-10-25 12:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-08-05 13:31 . 2010-02-01 02:40 -------- d-----w- c:\program files\Google
2010-07-05 09:02 . 2010-07-02 19:18 -------- d-----w- c:\program files\rajce
2010-06-30 12:33 . 2004-08-17 14:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 16:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-18 19:29 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-18 19:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-18 19:29 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-18 19:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-18 19:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-18 19:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-18 19:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-18 19:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:27 . 2004-08-17 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-17 14:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 22:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-17 14:49 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-02-01 01:10 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-17 14:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((( SnapShot@2010-08-22_20.41.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 21:40 . 2010-08-22 21:40 16384 c:\windows\temp\Perflib_Perfdata_c64.dat
+ 2010-08-22 21:03 . 2010-08-22 21:03 16384 c:\windows\temp\Perflib_Perfdata_b7c.dat
+ 2010-08-22 21:39 . 2010-08-22 21:39 16384 c:\windows\temp\Perflib_Perfdata_874.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"PsaStart"="c:\applic\ddc\bin\psastart.exe" [2009-02-26 40960]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Emanek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2010-2-1 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPLIC\\Portail\\mozilla.exe"=
"c:\\APP\\PPS\\mozilla.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.2.2010 21:29 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.2.2010 21:29 17744]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\applic\FIREBIRD\bin\fbguard.exe -s --> c:\applic\FIREBIRD\bin\fbguard.exe -s [?]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.2.2010 7:33 246520]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\applic\FIREBIRD\bin\fbserver.exe -s --> c:\applic\FIREBIRD\bin\fbserver.exe -s [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2010 15:28 136176]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 13:28]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 13:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Emanek\Data aplikací\Mozilla\Firefox\Profiles\vgwaw1rq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 23:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'Explorer.EXE'(1276)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\applic\ddc\bin\psaagent.exe
c:\applic\FIREBIRD\bin\fbguard.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\applic\FIREBIRD\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-08-22 23:44:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-22 21:44
ComboFix2.txt 2010-08-22 20:47

Před spuštěním: 6 704 201 728
Po spuštění: 6 687 739 904

- - End Of File - - 722F4AEB57E263AA9017C88A4912E711

[vyosek]

Jak se chova pacient

[JackalXA]

jdu restartovat tak se uvidí.

[JackalXA]

Tak po restartu mííííírné zlepšení,už to netrvá 17 minut ale zamrzá "pouze" na cca 8 minut. Zkusil jsem udělat i to z tohoto vlákna tedy v IE update změnit nastavení aktualizace ale ani to nepomohlo. http://www.viry.cz/forum/viewtopic.php?f=13&t=103815

NTB stále po naběhnutí systému zamrzne.Ale nelze s ním pracovat.Nelze otevřít nabídku start,ani se neozve znělka při naběhnutí,to až poteď těch 8mi minutách. Během zamrznutí mi šel normálně spustit CCleaner i třeba otevřít poznámkový blok.
Tak nevím co dál.

Internet už běží takže to je opraveno,jen to zamrzání se nedaří nějak odstranit

Přesto děkuji za snahu.

Jo i hodiny se zastaví a ukazují čas kdy naběhla hlavní obrazovka.A ukazují správný čas až po uplynutí té doby

[vyosek]

Ja tam spise tusim nejake rootkity...
Pracujte tedy zatim v nouzovem rezimu, tam PC slape jak ma...

Udelejte nyni kompletni sken MBAM a pak pujdeme na test na rootkity - jeden uz odhalil CF ale predpokladam ze tam budou dalsi

[JackalXA]

Zdravím.Tak sem se dnes dostal konečně k pc a zde je kompletní sken od MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4462

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

23.8.2010 19:19:23
mbam-log-2010-08-23 (19-19-23).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 383667
Uplynulý čas: 39 minuta(y), 20 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{FC1D624A-D787-4068-A0DC-2F8F99860D22}\RP230\A0047174.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{FC1D624A-D787-4068-A0DC-2F8F99860D22}\RP231\A0047393.dll (Trojan.Hiloti) -> No action taken.