Neustálý samovolný restart

[bartmilano]

prosím trkněte mě,ukládá se někde?Nemám ponětí,kde ho hledat.znova ho nechci pouštět,asi by se pomlátil s avg,nebo jak mám postupovat

[Caroprd111]

Podívejte se do C:\ComboFix.txt

[bartmilano]

to mne napadlo jako první,žádná taková složka,ani txt soubor už tu asi není,dal jsem i hledat v počítači

[Caroprd111]

Poprosím o nový log z RSIT.

[bartmilano]

zkouším podruhé a při generování HijackThis vždy končí errorem,opět Line-1........non-Array variable


Logfile of random's system information tool 1.06 (written by random/random)
Run by r at 2010-05-01 16:22:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (55%) free of 30 GB
Total RAM: 1015 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:08, on 1. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\r\Plocha\RSIT.exe
C:\Program Files\trend micro\r.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.1.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6607 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-299502267-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-299502267-725345543-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-299502267-725345543-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-299502267-725345543-500UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-25 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[bartmilano]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4056

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1. 5. 2010 17:43:41
mbam-log-2010-05-01 (17-43-41).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 176504
Uplynulý čas: 32 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 15

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Administrator\Local Settings\Temp\install_flash_player.exe (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\r\ylvicryt^ .exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\r\ylvicrytŕ .exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs .exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\cidrive32.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\crt4.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbdatat4.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbddta.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxsltsso.dll.vir (Trojan.GootKit) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ylvicryt^ .exe.vir (Trojan.Cutwail) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ylvicrytŕ .exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\nd.sys.vir (Trojan.Ndiswrap) -> No action taken.

[Caroprd111]

Vše, co našel MBAM můžete smazat.


ComboFix přejmenujte na cokoliv.com a spusťte v nouzovém režimu.

[bartmilano]

ComboFix 10-04-29.05 - r . 05. 2010 18:37:18.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1015.697 [GMT 2:00]
Spuštěný z: c:\documents and settings\r\Plocha\abcd.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe
.
---- Předchozí spuštění -------
.
c:\docume~1\r\LOCALS~1\Temp\qhj0.exe
c:\documents and settings\r\reader_s.exe
c:\documents and settings\r\ylvicryt .exe
c:\documents and settings\r\ylvicryt^ .exe
c:\documents and settings\r\ylvicrytŕ .exe
C:\feed.txt
C:\lsass.exe
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\recycler\S-1-5-21-0165701634-3941326139-791534093-1208
c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0442027435-5499032616-044535794-9490
c:\recycler\S-1-5-21-1158945225-5970890255-821775812-7786
c:\recycler\S-1-5-21-1269474200-3716914080-094193019-4384
c:\recycler\S-1-5-21-1704914154-0493308612-888442582-8374
c:\recycler\S-1-5-21-2410106093-8876964434-934284404-0233
c:\recycler\S-1-5-21-2528851217-3426379780-817563365-7743
c:\recycler\S-1-5-21-2762574682-9612558958-730001473-7054
c:\recycler\S-1-5-21-3353849184-5077209798-608337260-3340
c:\recycler\S-1-5-21-3459323641-1815841375-933005827-5883
c:\recycler\S-1-5-21-3945692874-7679753367-387770285-0219
c:\recycler\S-1-5-21-4087883452-9442786180-093935510-5887
c:\recycler\S-1-5-21-4576910723-8935846295-866890645-9309
c:\recycler\S-1-5-21-4620300665-4655542431-823821566-0934
c:\recycler\S-1-5-21-5123131107-0443384105-815158083-9393
c:\recycler\S-1-5-21-5242509169-0679503150-648752252-3140
c:\recycler\S-1-5-21-6550242754-9831963377-589733378-2074
c:\recycler\S-1-5-21-6840105547-7769963277-875206873-4320
c:\recycler\S-1-5-21-7118794639-1111122304-919288140-1227
c:\recycler\S-1-5-21-7186872411-2851287497-406432773-1972
c:\recycler\S-1-5-21-7474188287-5970067428-912524562-4688
c:\recycler\S-1-5-21-7847665054-8708545553-661394912-8784
c:\recycler\S-1-5-21-8314788042-0033111454-702694061-5275
c:\recycler\S-1-5-21-8549402756-4995369505-180810163-1964
c:\recycler\S-1-5-21-8660980409-0956223689-264997904-5725
c:\recycler\S-1-5-21-8818002571-1202731317-890576120-9599
c:\recycler\S-1-5-21-8821988008-1723527286-866571176-7002
c:\recycler\S-1-5-21-9679121035-0942491614-721675214-2402
c:\windows\cidrive32.exe
c:\windows\system32\crt.dat
c:\windows\system32\crt4.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\driVERs\eqabith.sys
c:\windows\system32\drivers\nd.sys
c:\windows\system32\kbdatat4.dll
c:\windows\system32\kbddta.dll
c:\windows\system32\kboem32.dat
c:\windows\system32\kbupdate.dll
c:\windows\system32\msxsltsso.dll
c:\windows\system32\reader_s.exe
c:\windows\system32\winstartup.log
c:\windows\system32\ylvicryt .exe
c:\windows\system32\ylvicryt^ .exe
c:\windows\system32\ylvicrytŕ .exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_eqabith
-------\Service_eqabith


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-01 do 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 13:09 . 2010-05-01 13:09 -------- d-----w- C:\_OTL
2010-05-01 08:54 . 2010-05-01 14:23 -------- d-----w- c:\program files\trend micro
2010-05-01 08:54 . 2010-05-01 08:54 -------- d-----w- C:\rsit
2010-05-01 06:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 06:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 01:51 . 2010-05-01 10:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-01 00:13 . 2010-05-01 00:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-01 00:13 . 2010-05-01 00:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-30 18:26 . 2010-04-30 18:26 4 ----a-w- c:\program files\62734.dat
2010-04-30 14:01 . 2010-04-30 14:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-27 13:01 . 2008-04-14 07:52 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-04-27 13:01 . 2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-04-27 12:58 . 2010-04-27 12:59 -------- d-----w- c:\program files\UPM
2010-04-27 02:50 . 2010-04-27 02:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 02:49 . 2010-04-27 02:49 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-04-27 02:01 . 2010-04-27 02:01 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2010-04-27 02:01 . 2010-04-27 02:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 01:00 . 2010-04-27 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-04-26 22:48 . 1998-06-17 02:00 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-04-26 14:59 . 2010-04-26 21:44 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 20:38 . 2010-04-25 20:38 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-04-24 21:56 . 2002-05-06 11:44 20992 ----a-w- c:\windows\KPSYS32.DLL
2010-04-24 21:56 . 2002-05-06 11:44 12800 ----a-w- c:\windows\KPSHARP.DLL
2010-04-24 21:56 . 2002-05-06 11:44 12800 ----a-w- c:\windows\KPSCALE.DLL
2010-04-24 21:56 . 2002-05-06 11:44 72192 ----a-w- c:\windows\KPCP32.DLL
2010-04-24 21:56 . 2002-05-06 11:44 24576 ----a-w- c:\windows\KPFP32.DLL
2010-04-20 15:47 . 2010-04-20 15:47 -------- d-----w- c:\documents and settings\r\Library
2010-04-20 14:53 . 2010-04-20 14:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-20 14:51 . 2010-04-20 14:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-19 18:51 . 2010-04-19 18:51 -------- d-----w- c:\documents and settings\r\kbpki
2010-04-19 18:48 . 2010-04-19 18:48 -------- d-----w- c:\documents and settings\r\KBCertifikat
2010-04-17 20:55 . 2010-04-17 20:55 -------- d-----w- c:\program files\IObit
2010-04-15 17:20 . 2010-04-15 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 17:20 . 2010-04-15 17:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 17:19 . 2010-04-15 17:19 -------- d-----w- c:\program files\Java
2010-04-15 11:47 . 2010-04-15 11:47 -------- d-----w- C:\$AVG
2010-04-15 11:47 . 2010-04-25 07:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-15 11:47 . 2010-04-15 11:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 11:47 . 2010-04-15 11:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-15 11:47 . 2010-04-15 11:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-15 11:46 . 2010-05-01 01:15 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-15 11:46 . 2010-04-15 11:46 -------- d-----w- c:\program files\AVG
2010-04-15 11:38 . 2010-04-15 11:38 -------- d-----w- C:\AVGTemp
2010-04-15 01:25 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-11 17:47 . 2010-04-11 17:47 -------- d-----w- c:\program files\TurboFloorPlan-9.0.0
2010-04-10 06:07 . 2010-04-10 06:08 -------- d-----w- c:\program files\TurboFloorPlan-1.0.0
2010-04-04 21:48 . 2010-04-05 22:36 -------- d-----w- C:\Scenes
2010-04-04 21:48 . 2004-11-18 09:49 45277 ----a-w- c:\windows\system32\drivers\skeyusb.sys
2010-04-04 21:48 . 2008-12-18 08:13 25680 ----a-w- c:\windows\system32\drivers\eusk2par.sys
2010-04-04 21:48 . 2010-04-11 08:21 -------- d-----w- C:\KD
2010-04-04 21:48 . 2005-08-22 10:02 43968 ----a-w- c:\windows\system32\drivers\eusk3usb.sys
2010-04-03 18:22 . 2010-04-19 16:08 -------- d-----w- c:\program files\Super Internet TV
2010-04-02 00:19 . 2010-04-02 00:19 -------- d-sh--w- c:\documents and settings\r\PrivacIE
2010-04-02 00:17 . 2010-04-02 00:17 -------- d-sh--w- c:\documents and settings\r\IETldCache
2010-04-02 00:16 . 2010-04-02 00:16 -------- d-----w- c:\windows\ie8updates
2010-04-02 00:16 . 2010-04-02 00:16 -------- dc-h--w- c:\windows\ie8
2010-04-02 00:12 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-02 00:12 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-02 00:12 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-02 00:12 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-02 00:12 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-02 00:12 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-01 22:10 . 2010-04-01 22:10 -------- d-----w- c:\program files\Combined Community Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 16:33 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-05-01 16:33 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 10:39 . 2010-02-14 23:43 -------- d-----w- c:\program files\Google
2010-04-27 02:26 . 2010-04-27 02:32 286822 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-04-26 17:33 . 2009-12-25 23:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 14:58 . 2010-03-29 01:00 -------- d-----w- c:\program files\Okdo Document Converter Professional
2010-04-01 23:21 . 2010-03-27 22:32 -------- d-----w- c:\program files\qvPDF
2010-03-31 19:31 . 2010-02-14 23:43 -------- d-----w- c:\program files\Common Files\Real
2010-03-31 19:30 . 2010-02-14 23:43 -------- d-----w- c:\program files\Real
2010-03-31 19:30 . 2010-03-31 19:30 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-31 19:30 . 2009-07-14 11:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-29 22:23 . 2010-03-29 22:23 -------- d-----w- c:\program files\AAALOGO2009
2010-03-28 23:31 . 2010-03-28 23:31 111530 ----a-w- c:\windows\system32\FeIF82-_SUP.exe
2010-03-28 23:12 . 2010-03-28 23:12 -------- d-----w- c:\program files\Visagesoft
2010-03-28 22:55 . 2010-03-28 22:55 201728 ----a-w- c:\windows\system32\allplugin.exe
2010-03-26 01:08 . 2010-03-26 01:08 -------- d-----w- c:\program files\Mobipocket.com
2010-03-26 01:08 . 2010-03-26 01:08 -------- d-----w- c:\program files\Common Files\Mobipocket Shared
2010-03-25 21:45 . 2010-03-25 20:54 -------- d-----w- c:\program files\Smart PDF Converter Pro
2010-03-23 21:49 . 2009-02-10 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 21:48 . 2010-03-23 21:48 -------- d-----w- c:\program files\IMSIDesign
2010-03-22 00:55 . 2010-03-22 00:55 -------- d-----w- c:\program files\Common Files\Control Panels
2010-03-22 00:53 . 2010-03-22 00:53 -------- d-----w- c:\program files\Bonjour
2010-03-22 00:46 . 2010-03-22 00:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-17 17:31 . 2010-03-11 09:38 -------- d-----w- c:\program files\DreamSuite Bonus
2010-03-16 22:06 . 2010-03-16 22:06 -------- d-----w- c:\program files\Xenocode
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:30 . 2010-03-09 01:30 -------- d-----w- c:\program files\Common Files\DAZ
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 23:43 . 2010-02-14 23:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-12 10:03 . 2010-03-11 09:53 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

Kód: Vybrat vše

<pre>
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 11:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

S0 eqabith;eqabith; [x]
S0 xlsdzkpn;xlsdzkpn; [x]
S0 xyvxu;xyvxu; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15. 4. 2010 13:47 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15. 4. 2010 13:47 242896]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [4. 4. 2010 23:48 25680]
S1 zfotlboo9;zfotlboo9;c:\windows\system32\drivers\zfotlboo9.sys --> c:\windows\system32\drivers\zfotlboo9.sys [?]
S1 zikamamra1;zikamamra1;c:\windows\system32\drivers\zikamamra1.sys --> c:\windows\system32\drivers\zikamamra1.sys [?]
S1 zoiiffhhgnql7;zoiiffhhgnql7;c:\windows\system32\drivers\zoiiffhhgnql7.sys --> c:\windows\system32\drivers\zoiiffhhgnql7.sys [?]
S1 zxtuembl7;zxtuembl7.sys;c:\windows\system32\drivers\zxtuembl7.sys --> c:\windows\system32\drivers\zxtuembl7.sys [?]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [22. 3. 2010 1:59 57344]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15. 4. 2010 13:46 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15. 4. 2010 13:46 308064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15. 2. 2010 1:46 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [15. 4. 2010 13:46 369920]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [4. 4. 2010 23:48 43968]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10. 2. 2009 14:19 88192]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ADFS
.
Obsah adresáře 'Naplánované úlohy'

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:46]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:46]

2010-05-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-DreamSuite Bonus - c:\windows\unvise32.exe
AddRemove-Mystical - c:\windows\unvise32.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,fe,aa,98,9b,96,95,44,87,db,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,fe,aa,98,9b,96,95,44,87,db,9a,\
.
Celkový čas: 2010-05-01 18:44:55
ComboFix-quarantined-files.txt 2010-05-01 16:44

Před spuštěním: Volných bajtů: 17 300 217 856
Po spuštění: Volných bajtů: 17 267 380 224

- - End Of File - - 8100ADDA138E25DF7ABCA6089EF9FC09

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

RenV::
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe

Driver::
eqabith
xlsdzkpn
xyvxu
zfotlboo9
zikamamra1
zoiiffhhgnql7
zxtuembl7

File::
c:\windows\system32\drivers\zfotlboo9.sys 
c:\windows\system32\drivers\zikamamra1.sys 
c:\windows\system32\drivers\zoiiffhhgnql7.sys 
c:\windows\system32\drivers\zxtuembl7.sys 
c:\program files\62734.dat
c:\windows\system32\allplugin.exe

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[bartmilano]

Dobrý večer,opět se hlásím po menší přestávce(práce,povinnosti),no posílám log a ještě jednou díky,že nacházíte pro mě čas.



ComboFix 10-04-29.05 - r . 05. 2010 22:32:07.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1015.569 [GMT 2:00]
Spuštěný z: c:\documents and settings\r\Plocha\abcd.com.exe
Použité ovládací přepínače :: c:\documents and settings\r\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\program files\62734.dat"
"c:\windows\system32\allplugin.exe"
"c:\windows\system32\drivers\zfotlboo9.sys"
"c:\windows\system32\drivers\zikamamra1.sys"
"c:\windows\system32\drivers\zoiiffhhgnql7.sys"
"c:\windows\system32\drivers\zxtuembl7.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\62734.dat
c:\windows\system32\allplugin.exe
c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EQABITH
-------\Legacy_ZXTUEMBL7
-------\Service_eqabith
-------\Service_xlsdzkpn
-------\Service_xyvxu
-------\Service_zfotlboo9
-------\Service_zikamamra1
-------\Service_zoiiffhhgnql7
-------\Service_zxtuembl7


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 16:49 . 2010-05-01 16:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-01 16:31 . 2010-05-01 16:49 -------- d-----w- C:\abcd.com
2010-05-01 13:09 . 2010-05-01 13:09 -------- d-----w- C:\_OTL
2010-05-01 08:54 . 2010-05-01 14:23 -------- d-----w- c:\program files\trend micro
2010-05-01 08:54 . 2010-05-01 08:54 -------- d-----w- C:\rsit
2010-05-01 06:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 06:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 01:51 . 2010-05-01 10:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-01 00:13 . 2010-05-01 00:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-01 00:13 . 2010-05-01 00:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-30 14:01 . 2010-04-30 14:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-27 13:01 . 2008-04-14 07:52 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-04-27 13:01 . 2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-04-27 12:58 . 2010-04-27 12:59 -------- d-----w- c:\program files\UPM
2010-04-27 02:50 . 2010-04-27 02:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 02:49 . 2010-04-27 02:49 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-04-27 02:01 . 2010-04-27 02:01 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2010-04-27 02:01 . 2010-04-27 02:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-27 01:00 . 2010-04-27 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-04-26 22:48 . 1998-06-17 02:00 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-04-26 14:59 . 2010-04-26 21:44 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-25 20:38 . 2010-04-25 20:38 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-04-24 21:56 . 2002-05-06 11:44 20992 ----a-w- c:\windows\KPSYS32.DLL
2010-04-24 21:56 . 2002-05-06 11:44 12800 ----a-w- c:\windows\KPSHARP.DLL
2010-04-24 21:56 . 2002-05-06 11:44 12800 ----a-w- c:\windows\KPSCALE.DLL
2010-04-24 21:56 . 2002-05-06 11:44 72192 ----a-w- c:\windows\KPCP32.DLL
2010-04-24 21:56 . 2002-05-06 11:44 24576 ----a-w- c:\windows\KPFP32.DLL
2010-04-20 15:47 . 2010-04-20 15:47 -------- d-----w- c:\documents and settings\r\Library
2010-04-20 14:53 . 2010-04-20 14:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-20 14:51 . 2010-04-20 14:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-19 18:51 . 2010-04-19 18:51 -------- d-----w- c:\documents and settings\r\kbpki
2010-04-19 18:48 . 2010-04-19 18:48 -------- d-----w- c:\documents and settings\r\KBCertifikat
2010-04-17 20:55 . 2010-04-17 20:55 -------- d-----w- c:\program files\IObit
2010-04-15 17:20 . 2010-04-15 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 17:20 . 2010-04-15 17:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 17:19 . 2010-04-15 17:19 -------- d-----w- c:\program files\Java
2010-04-15 11:47 . 2010-04-15 11:47 -------- d-----w- C:\$AVG
2010-04-15 11:47 . 2010-04-25 07:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-15 11:47 . 2010-04-15 11:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 11:47 . 2010-04-15 11:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-15 11:47 . 2010-04-15 11:47 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-15 11:46 . 2010-05-02 20:13 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-15 11:46 . 2010-04-15 11:46 -------- d-----w- c:\program files\AVG
2010-04-15 11:38 . 2010-04-15 11:38 -------- d-----w- C:\AVGTemp
2010-04-15 01:25 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-11 17:47 . 2010-04-11 17:47 -------- d-----w- c:\program files\TurboFloorPlan-9.0.0
2010-04-10 06:07 . 2010-04-10 06:08 -------- d-----w- c:\program files\TurboFloorPlan-1.0.0
2010-04-04 21:48 . 2010-04-05 22:36 -------- d-----w- C:\Scenes
2010-04-04 21:48 . 2004-11-18 09:49 45277 ----a-w- c:\windows\system32\drivers\skeyusb.sys
2010-04-04 21:48 . 2008-12-18 08:13 25680 ----a-w- c:\windows\system32\drivers\eusk2par.sys
2010-04-04 21:48 . 2010-04-11 08:21 -------- d-----w- C:\KD
2010-04-04 21:48 . 2005-08-22 10:02 43968 ----a-w- c:\windows\system32\drivers\eusk3usb.sys
2010-04-03 18:22 . 2010-04-19 16:08 -------- d-----w- c:\program files\Super Internet TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 16:33 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-05-01 16:33 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-05-01 10:39 . 2010-02-14 23:43 -------- d-----w- c:\program files\Google
2010-04-26 17:33 . 2009-12-25 23:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 14:58 . 2010-03-29 01:00 -------- d-----w- c:\program files\Okdo Document Converter Professional
2010-04-01 23:21 . 2010-03-27 22:32 -------- d-----w- c:\program files\qvPDF
2010-04-01 22:10 . 2010-04-01 22:10 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-03-31 19:31 . 2010-02-14 23:43 -------- d-----w- c:\program files\Common Files\Real
2010-03-31 19:30 . 2010-02-14 23:43 -------- d-----w- c:\program files\Real
2010-03-31 19:30 . 2010-03-31 19:30 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-31 19:30 . 2009-07-14 11:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-29 22:23 . 2010-03-29 22:23 -------- d-----w- c:\program files\AAALOGO2009
2010-03-28 23:31 . 2010-03-28 23:31 111530 ----a-w- c:\windows\system32\FeIF82-_SUP.exe
2010-03-28 23:12 . 2010-03-28 23:12 -------- d-----w- c:\program files\Visagesoft
2010-03-26 01:08 . 2010-03-26 01:08 -------- d-----w- c:\program files\Mobipocket.com
2010-03-26 01:08 . 2010-03-26 01:08 -------- d-----w- c:\program files\Common Files\Mobipocket Shared
2010-03-25 21:45 . 2010-03-25 20:54 -------- d-----w- c:\program files\Smart PDF Converter Pro
2010-03-23 21:49 . 2009-02-10 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 21:48 . 2010-03-23 21:48 -------- d-----w- c:\program files\IMSIDesign
2010-03-22 00:55 . 2010-03-22 00:55 -------- d-----w- c:\program files\Common Files\Control Panels
2010-03-22 00:53 . 2010-03-22 00:53 -------- d-----w- c:\program files\Bonjour
2010-03-22 00:46 . 2010-03-22 00:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-17 17:31 . 2010-03-11 09:38 -------- d-----w- c:\program files\DreamSuite Bonus
2010-03-16 22:06 . 2010-03-16 22:06 -------- d-----w- c:\program files\Xenocode
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:30 . 2010-03-09 01:30 -------- d-----w- c:\program files\Common Files\DAZ
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 23:43 . 2010-02-14 23:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-12 10:03 . 2010-03-11 09:53 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 11:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15. 4. 2010 13:47 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15. 4. 2010 13:47 242896]
R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [4. 4. 2010 23:48 25680]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15. 4. 2010 13:46 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15. 4. 2010 13:46 308064]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10. 2. 2009 14:19 88192]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [22. 3. 2010 1:59 57344]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15. 2. 2010 1:46 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [15. 4. 2010 13:46 369920]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [4. 4. 2010 23:48 43968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1. 5. 2010 8:07 38224]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:46]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 23:46]

2010-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-299502267-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-299502267-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 22:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(888)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-02 22:41:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-02 20:41
ComboFix2.txt 2010-05-01 16:44

Před spuštěním: Volných bajtů: 17 175 158 784
Po spuštění: Volných bajtů: 17 119 784 960

- - End Of File - - DC6F3D201A0F011984B20F57574BF702

[Caroprd111]

Zdravím


Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[bartmilano]

zdravím.... ,dle vašich instrukcí, dám log mbr a gmer pouze první,pak jsem spustil další scan v gmeru,podle postupu z fóra,aby vyběhl další,delší log,ovšem ten se ukončil pravděpodobně restartem,protože když jsem prišel k počítači,nic neběželo a log se neuložil,...postup jsem zopakoval,ale gmer se zasekl ve skenování Software\Microsoft\Windows\Current\Version\Internet ,kde pátral asi 4hodiny,nešlo to ani vypnout,musel jsem shodit vypnutím.Chtěl jsem vám udělat aspoň RSIT,také nedoběhlo,error po 5ti vteřinách,...

[bartmilano]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK

[bartmilano]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-03 09:27:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\r\LOCALS~1\Temp\uxtdqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----