VIRY.CZ

Combofix hlásí stále ten rootkit, může to být falešné hlášení ?

Jinak se NTB chová již dobře, okolní PC vidí, je svižnější.

ComboFix 10-09-25.01 - markulka 25.09.2010 21:00:30.9.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2051 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-25 do 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 19:06 . 2010-09-25 19:06 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-25 19:06 . 2010-09-25 19:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-25 19:06 . 2010-09-25 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-25 19:01 41780 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-25 18:54 64596 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-25 18:54 13324 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
- 2010-01-12 01:54 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 01:54 . 2010-09-24 11:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-25 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-25 19:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-25 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-25 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-25 18:55 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-25 18:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-12 11:27 . 2010-09-25 18:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-25 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-25 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-25 18:59 . 2010-09-25 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-25 18:59 . 2010-09-25 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-13 19:40 . 2010-09-25 18:38 420752 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-01-12 10:34 . 2010-09-25 15:40 628782 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:03 . 2010-09-24 19:41 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C04000]<< >>UNKNOWN [0x8CA08000]<< >>UNKNOWN [0x8D794000]<< >>UNKNOWN [0x8D759000]<< >>UNKNOWN [0x84014000]<< >>UNKNOWN [0x8CB17000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x49706e50
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-25 21:08:01
ComboFix-quarantined-files.txt 2010-09-25 19:08
ComboFix2.txt 2010-09-25 18:49
ComboFix3.txt 2010-09-24 19:37
ComboFix4.txt 2010-09-24 18:13
ComboFix5.txt 2010-09-25 18:57

Před spuštěním: Volných bajtů: 252 055 474 176
Po spuštění: Volných bajtů: 251 994 513 408

- - End Of File - - F3EE1FD9AA8ECB25AEC7D02937E0EA61

Ještě zkuste toto:

Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar , uložte ho na plochu a spusťte . Pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše . Nakonec sem vložte log.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`12d00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Mám dojem, že se nejdná o rootkit. Prověřili jsme PC na všechny typy rootkitů a vše je negativní. CF tohle hlásí i v případě instalací aplikací, které se jako rootkit chovají. Myslím, že PC je čistý.

VIRY.CZ

Win 7 32b nevidí okolní počítače+ zpomalení

Re: Win 7 32b nevidí okolní počítače+ zpomalení

Re: Win 7 32b nevidí okolní počítače+ zpomalení

Re: Win 7 32b nevidí okolní počítače+ zpomalení

Re: Win 7 32b nevidí okolní počítače+ zpomalení