VIRY.CZ

systém startuje, ale stejně dlouze........... beze změny

Poprosíla bych pak o log z combofixu.
Vydržte, zatím nevíme, co je smazáno a co ne. Také je možné, že po tom rootkitu je systém dost poškozený, takže bude prostě pomalejší.
Ale ještě jsme neskončili

tak je to tady:

ComboFix 10-03-14.03 - Administrator 2010-03-14 22:33:29.14.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3326.3051 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Potvora.com.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 06:54 . 2010-03-14 07:09 -------- d-----w- c:\windows\ServicePackFiles
2010-03-14 01:10 . 2004-08-03 21:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-03-14 01:10 . 2004-08-03 21:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-03-14 01:10 . 2004-08-03 21:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-03-14 01:10 . 2004-08-03 21:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-03-14 01:10 . 2008-04-13 18:36 42240 ------w- c:\windows\system32\drivers\viaagp.sys
2010-03-14 01:10 . 2004-08-03 21:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-03-14 01:10 . 2004-08-03 21:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-03-14 01:08 . 2004-08-03 21:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-14 01:08 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-03-14 01:08 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-03-14 01:08 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-03-14 00:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-14 00:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-14 00:07 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-14 00:07 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-03-14 00:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-14 00:06 . 2009-12-09 10:11 2191360 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-14 00:06 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-03-14 00:06 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-03-14 00:06 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-03-14 00:06 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-03-14 00:06 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-03-14 00:06 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-03-14 00:06 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-14 00:06 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-03-14 00:06 . 2009-12-09 10:11 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-14 00:06 . 2009-12-09 10:11 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-14 00:05 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-14 00:02 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-14 00:00 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-14 00:00 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-13 19:59 . 2010-03-13 20:12 -------- d-----w- c:\program files\Lavalys
2010-03-13 14:14 . 2008-04-14 04:22 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-03-13 14:14 . 2001-10-24 11:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-03-13 14:14 . 2008-04-14 04:22 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-03-13 14:14 . 2001-10-24 11:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-03-13 14:14 . 2001-10-24 11:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-03-13 14:14 . 2001-08-18 05:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-03-13 14:13 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-03-13 14:13 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-03-13 14:13 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-03-13 14:13 . 2008-04-14 04:22 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-03-13 14:10 . 2001-08-17 20:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-03-13 14:09 . 2001-10-24 11:24 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-03-13 14:08 . 2001-10-24 11:04 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-03-13 14:07 . 2001-10-24 11:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-03-13 14:06 . 2001-10-24 11:25 9728 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-03-13 14:06 . 2001-08-17 19:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-03-13 14:06 . 2008-04-14 03:17 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-03-13 14:06 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-03-13 14:06 . 2001-10-24 11:24 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-03-13 14:06 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-03-13 14:06 . 2001-10-24 10:58 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-03-13 14:06 . 2001-10-24 10:58 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-03-13 14:06 . 2001-10-24 11:25 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-03-13 14:06 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-03-13 14:04 . 2001-10-24 11:25 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-03-13 14:03 . 2001-10-24 10:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-03-13 14:03 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-03-13 14:03 . 2008-04-13 19:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-03-13 14:03 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-03-13 14:03 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-03-13 14:03 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-03-13 14:03 . 2004-08-17 14:45 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-03-13 14:01 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-03-13 14:01 . 2008-04-13 19:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-03-13 14:01 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-13 14:01 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-03-13 14:00 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-03-13 14:00 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-03-13 14:00 . 2001-08-17 20:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-03-13 14:00 . 2001-10-24 11:24 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-03-13 14:00 . 2001-10-24 10:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-03-13 14:00 . 2008-04-13 19:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-03-13 14:00 . 2001-10-24 11:23 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-03-13 14:00 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-03-13 14:00 . 2001-10-24 10:50 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-03-13 14:00 . 2001-08-17 20:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2010-03-13 13:58 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-13 13:57 . 2001-10-24 11:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-03-13 13:56 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-13 13:55 . 2001-08-17 20:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-03-13 13:53 . 2001-08-17 19:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-03-13 13:52 . 2001-08-17 19:10 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2010-03-13 13:51 . 2001-10-24 11:25 618525 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2010-03-13 13:50 . 2008-04-13 19:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-03-13 13:49 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-03-13 13:48 . 2001-10-24 10:46 281600 -c--a-w- c:\windows\system32\dllcache\atimtai.sys
2010-03-13 13:47 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-03-13 13:46 . 2001-10-24 11:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-13 11:02 . 2010-03-13 11:14 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-03-12 23:15 . 2007-07-20 02:19 81920 ----a-w- c:\windows\system32\ATIODE.exe
2010-03-12 23:15 . 2007-07-20 02:19 40960 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-03-12 23:15 . 2007-11-02 03:35 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-03-12 23:13 . 2007-11-02 03:50 3133728 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2010-03-12 23:13 . 2007-11-02 03:50 3133728 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-12 23:13 . 2007-11-02 04:01 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-12 23:13 . 2007-11-02 03:16 499712 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2010-03-12 23:13 . 2007-11-02 03:16 499712 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-12 23:13 . 2007-11-02 04:09 268288 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2010-03-12 23:13 . 2007-11-02 04:09 268288 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-12 23:11 . 2010-02-03 03:19 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-12 13:59 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-10 22:27 . 2010-03-10 22:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-02 20:48 . 2010-03-02 20:52 -------- d-----w- c:\program files\CD MP3 Burner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 18:16 . 2001-10-25 14:00 657856 ----a-w- c:\windows\system32\perfh005.dat
2010-03-14 18:16 . 2001-10-25 14:00 191504 ----a-w- c:\windows\system32\perfc005.dat
2010-03-14 17:20 . 2010-03-14 17:20 96512 ----a-w- C:\atapi.tmp
2010-03-14 07:12 . 2008-03-22 09:25 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-14 07:12 . 2008-03-22 09:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-13 23:34 . 2008-03-22 11:24 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-13 13:20 . 2010-01-05 21:13 -------- d-----w- c:\program files\ATI
2010-03-13 12:13 . 2008-05-06 20:10 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-13 12:13 . 2008-05-06 20:10 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-13 11:14 . 2008-05-04 12:08 -------- d-----w- c:\program files\ATI Technologies
2010-03-13 10:55 . 2008-03-22 09:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 22:43 . 2008-05-01 20:49 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-12 22:43 . 2008-05-01 20:49 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-12 22:37 . 2009-02-21 15:55 -------- d-----w- c:\program files\Canon
2010-03-12 11:58 . 2008-04-12 10:22 -------- d-----w- c:\program files\Avast
2010-02-11 21:00 . 2010-02-11 21:00 -------- d-----w- c:\program files\Yamicsoft
2010-02-10 19:19 . 2008-12-16 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 17:51 . 2010-02-08 17:51 -------- d-----w- c:\program files\eRightSoft
2010-02-03 04:02 . 2010-01-05 21:13 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-02 20:00 . 2009-02-08 12:40 -------- d-----w- c:\program files\Google
2010-01-17 13:24 . 2009-01-12 20:41 -------- d-----w- c:\program files\KEMailKb
2010-01-07 15:07 . 2008-12-16 21:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-12-16 21:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-09-04 14:53 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-03-22 09:23 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-01-04 18:17 . 2009-01-04 18:15 20009336 ----a-w- c:\program files\klmcodec445.exe
2008-11-01 10:21 . 2008-11-01 10:21 1762325 ----a-w- c:\program files\GameParkSetup11021.exe
2008-07-31 21:12 . 2008-07-31 21:12 25072608 ----a-w- c:\program files\AVSDVDPlayer.exe
2008-07-31 20:39 . 2008-07-31 20:39 9027416 ----a-w- c:\program files\winamp554_full_emusic-7plus_en-us.exe
2008-05-27 18:38 . 2008-05-27 18:37 1526576 ----a-w- c:\program files\install_flash_player_active_x.exe
2006-05-03 10:06 . 2010-02-08 17:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-08 17:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-08 17:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"PCLEPCI"="c:\progra~1\PINNAC~1\PPE\PPE.EXE" [2003-09-23 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"KEMailKb"="c:\progra~1\KEMailKb\KEMailKb.EXE" [2004-07-26 401667]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-28 49152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 132704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 16:08 16342528 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [11.9.2006 12:57 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [11.8.2006 17:09 59776]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.4.2008 11:58 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31.7.2009 22:30 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2008 11:58 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [8.6.2007 23:23 208896]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31.7.2009 22:30 65576]
S2 gupdate1c989eb911d7dde;Google Update Service (gupdate1c989eb911d7dde);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 13:48 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [23.3.2008 14:42 476672]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.2.2009 21:09 260096]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 08:03]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 12:48]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 12:48]

2010-03-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\ra0apsse.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 22:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B3FFCA8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8b3ffca8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9df7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e04a21
SendHandler -> NDIS.sys @ 0xb9de287b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 62 !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1202660629-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:03,28,51,36,a7,e7,6c,89,e7,a5,e7,28,13,9b,e9,bc,d5,9f,77,74,6b,
48,12,14,c4,58,c1,75,17,4c,85,2b,e1,ea,81,d5,f9,36,1d,a6,63,55,74,ea,48,cc,\
"rkeysecu"=hex:27,31,41,b7,d4,b0,6f,6d,32,53,91,23,fb,7a,da,52
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3404)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Avast\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Avast\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 23:03:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 22:03

Před spuštěním: Volných bajtů: 19,129,733,120
Po spuštění: Volných bajtů: 15 541 436 416

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 8791A6B484907292C0A663B0DC47A942

NIc se nesmazalo

.
Zkusíme to jinak, dáme avenger.

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

drivers to delete:
TDSSserv.sys

Files to delete:
c:\windows\system32\drivers\TDSSpxoe.sys
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSyavu.dll
c:\windows\system32\TDSSacun.dll
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSehys.log
c:\windows\system32\TDSSwghd.log

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem

systém nenaběhl, došlo to na modrou obrazovku s výběrem účtu a game over.........

další pád systému na okně s účty..... tradááááááááááá

Poslední známá funkční konfigurace nebo nouzový režim nefunguje?

uf, uf.......... naběhlo, za chvilku bude snad log............

Fajn, napište mi, po čem to naběhlo, co zabralo

naběhlo to samo, já muzikant:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TDSSserv.sys" not found!
Deletion of driver "TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\drivers\TDSSpxoe.sys" not found!
Deletion of file "c:\windows\system32\drivers\TDSSpxoe.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSktpa.dll" not found!
Deletion of file "c:\windows\system32\TDSSktpa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSwupe.dat" not found!
Deletion of file "c:\windows\system32\TDSSwupe.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSirxy.dll" not found!
Deletion of file "c:\windows\system32\TDSSirxy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSyavu.dll" not found!
Deletion of file "c:\windows\system32\TDSSyavu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSacun.dll" not found!
Deletion of file "c:\windows\system32\TDSSacun.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSqqcn.dll" not found!
Deletion of file "c:\windows\system32\TDSSqqcn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSnmxh.log" not found!
Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSsahc.dll" not found!
Deletion of file "c:\windows\system32\TDSSsahc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSehys.log" not found!
Deletion of file "c:\windows\system32\TDSSehys.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSwghd.log" not found!
Deletion of file "c:\windows\system32\TDSSwghd.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Vypadá to, že to jsou jen zbytky po tom šmejdovi, ale proč systém stále tak dlouho startuje, nevím

.

Další skript pro avenger

Kód: Vybrat vše

Registry keys to delete:
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys

Error: invalid registry syntax is comand

HKLM registry neumí a jen HKEY_LOCAL_MKACHINE jsou přístupné

Error: invalid registry syntax is comand

HKLM registry neumí a jen HKEY_LOCAL_MKACHINE jsou přístupné

Omlouvám se, spletla jsem příkaz

Nový skript:

Kód: Vybrat vše

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules

odinstalujte starforce - driver
http://onlinesecurity-on.com/downloads/sfcdrvrem.zip
http://www.onlinesecurity-on.com/protect.phtml?c=55 uplně dole návod v angličtině

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Sun Mar 14 23:57:04 2010

23:56:53: Error: Invalid registry syntax in command:
"Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
23:57:04: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Mar 15 00:00:24 2010

00:00:18: Error: Invalid registry syntax in command:
"Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
00:00:24: Error: Execution aborted by user!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys" deleted successfully.

Error: registry key "HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

ještě mne napadla jedna věc a tou je grafika, na tu to prý zahákováno taky říkal MiliNess, je pravda, že něco se mi před problémem ohledně grafiky zobrazilo, něco o chybě.......... stáhl jsem před 3 dny nové ovladače na grafiku (http://game.amd.com/us-en/drivers_catal ... radeonx-xp) a ty instaloval, ráno mi naběhl comp do nejnižšího rozlišení a teď nevím jestli to dobře řeknu ve 4bitových barvách, katastrofa, ikony přes celý monitor, nic nešlo vidět atd. Když jsem se snažil změnit nastavení monitoru, tak mi to napsalo, že je to neplatný GPU pro win. Pak jsem dal z5 starý ovladač co byl na CD ke grafice a šlapalo dále.
To mě jen napadlo.........

drivery dle návodu jsem odinstaloval, žádná hláška ani log................ PC stejný...........

VIRY.CZ

Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.

Re: Systém startuje 60minut.