VIRY.CZ

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

KillAll::

Driver::
gupdate1c99a896891aac6
gupdatem
04092950

File::
c:\windows\system32\drivers\04092950.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

RegLock::
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail\mirkazda@seznam.cz]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Zdravím,

posílám výsledek po aplikaci skriptu:

ComboFix 12-10-26.03 - Mirek mladší 26.10.2012 18:05:26.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2462 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek mladší\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek mladší\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\04092950.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET21.tmp
c:\program files\Internet Explorer\SET22.tmp
c:\program files\Internet Explorer\SET23.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C99A896891AAC6
-------\Service_gupdate1c99a896891aac6
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-26 do 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-22 18:28 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-22 18:28 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-22 18:28 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-22 18:28 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-22 18:28 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-22 18:28 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-22 18:28 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-22 18:28 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-22 18:28 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-22 18:28 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-22 17:56 . 2012-10-22 17:56 -------- d-----w- c:\program files\Seznam.cz
2012-10-22 17:56 . 2012-10-22 17:56 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-22 17:52 . 2012-10-22 17:56 -------- dc-h--w- c:\windows\ie8
2012-10-20 08:29 . 2012-10-20 08:29 -------- d-----w- c:\documents and settings\Mirek mladší\Data aplikací\SUPERAntiSpyware.com
2012-10-20 08:29 . 2012-10-20 08:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-20 08:29 . 2012-10-20 08:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-10-19 20:21 . 2012-10-22 18:27 -------- d-----w- c:\program files\AVAST Software
2012-10-19 19:34 . 2012-10-19 19:39 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-10-19 17:02 . 2012-10-19 17:02 -------- d-----w- c:\program files\trend micro
2012-10-19 15:53 . 2012-10-19 15:53 177496 ----a-w- c:\windows\system32\drivers\04092950.sys
2012-10-19 15:36 . 2012-10-19 15:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-13 18:06 . 2012-10-13 18:06 -------- d-----w- c:\documents and settings\Mirek mladší\Local Settings\Data aplikací\MediaShow
2012-10-13 16:50 . 2012-10-13 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MediaServer
2012-10-13 16:50 . 2012-10-13 16:50 -------- d-----w- c:\documents and settings\Mirek mladší\Local Settings\Data aplikací\MediaServer
2012-10-13 16:50 . 2012-10-13 16:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PDVD
2012-10-13 16:49 . 2012-10-13 17:55 -------- d-----w- c:\documents and settings\Mirek mladší\CyberLink
2012-10-13 16:42 . 2012-10-13 16:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\install_clap
2012-10-13 15:55 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-13 15:55 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-06 10:14 . 2012-10-06 10:14 -------- d-----w- c:\documents and settings\Mirek mladší\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-10-06 09:27 . 2012-10-06 09:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-10-04 23:33 . 2012-10-04 23:33 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-10-04 23:32 . 2012-10-04 23:32 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-04 23:32 . 2012-10-04 23:32 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-04 23:32 . 2012-10-04 23:32 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-04 23:32 . 2012-10-04 23:32 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-04 23:32 . 2012-10-04 23:32 301264 ----a-w- c:\windows\system32\guard32.dll
2012-09-28 14:03 . 2012-09-28 14:19 -------- d-----w- c:\documents and settings\Mirek mladší\.frostwire5
2012-09-27 17:34 . 2012-09-27 17:34 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 16:14 . 2012-03-30 16:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 16:14 . 2011-12-17 14:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2012-01-07 17:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 14:28 . 2011-06-13 12:21 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2011-06-13 12:21 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2011-06-13 12:21 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2011-06-13 12:21 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2011-06-13 12:21 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2011-06-13 12:21 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-11-13 20:21 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2009-02-19 18:56 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 14:28 . 2009-02-19 18:56 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 13:09 . 2011-06-13 12:22 253952 -c--a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2011-06-13 12:22 274432 -c--a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2011-06-13 12:22 274432 -c--a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2011-06-13 12:22 270336 -c--a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2011-06-13 12:22 335872 -c--a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2011-06-13 12:22 282624 -c--a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2011-06-13 12:22 258048 -c--a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2011-06-13 12:22 258048 -c--a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2011-06-13 12:22 253952 -c--a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2011-06-13 12:22 229376 -c--a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2011-06-13 12:22 286720 -c--a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2011-06-13 12:22 258048 -c--a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2011-06-13 12:22 258048 -c--a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2011-06-13 12:22 253952 -c--a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2011-06-13 12:22 335872 -c--a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2011-06-13 12:22 282624 -c--a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2011-06-13 12:22 282624 -c--a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2011-06-13 12:22 249856 -c--a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2011-06-13 12:22 266240 -c--a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2011-06-13 12:22 274432 -c--a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2011-06-13 12:22 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2011-06-13 12:22 270336 -c--a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2011-06-13 12:22 249856 -c--a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2011-06-13 12:22 274432 -c--a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2011-06-13 12:22 126976 -c--a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2011-06-13 12:22 278528 -c--a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2011-06-13 12:22 262144 -c--a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2011-06-13 12:22 253952 -c--a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2011-06-13 12:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2011-06-13 12:22 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2011-06-13 12:22 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2011-06-13 12:22 143720 -c--a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2011-06-13 12:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-28 15:18 . 2004-08-17 14:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 14:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 14:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 14:44 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 14:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-14 16:21 . 2012-10-14 16:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-06-14 01:53 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-06-14 01:53 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-06-14 01:53 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-06-14 01:53 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Startup Guard"="c:\program files\Zabezpečení\StartupGuard\SG.EXE" [2004-08-23 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\Audio a video\QuickTime\qttask.exe" [2010-11-29 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"COMODO Internet Security"="c:\program files\Zabezpečení\Comodo Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-10-04 6756048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Internet a programy\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\VoipBlast\\VoipBlast.exe"=
"c:\\Hry\\PES 2011\\pes2011.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Hry\\Virtua Tennis 4\\VT4.exe"=
"c:\\Program Files\\Audio a video\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Audio a video\\Samsung PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Audio a video\\Samsung PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Internet a programy\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Audio a video\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Audio a video\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Audio a video\\PowerDVD 12\\PowerDVD12\\PowerDVD12.exe"=
"c:\\Program Files\\Audio a video\\PowerDVD 12\\PowerDVD12\\Kernel\\DMR\\PowerDVD12DMREngine.exe"=
"c:\\Program Files\\Audio a video\\PowerDVD 12\\PowerDVD12\\Kernel\\DMS\\CLMSServerPDVD12.exe"=
"c:\\Program Files\\Audio a video\\PowerDVD 12\\PowerDVD12\\PowerDVD12Agent.exe"=
"c:\\Program Files\\Audio a video\\PowerDVD 12\\PowerDVD12\\PowerDVD12ML.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2009 23:44 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2009 23:44 5248]
R0 fsh;fsh;c:\windows\system32\drivers\fsh.sys [23.5.2010 6:05 39744]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [22.3.2010 20:27 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22.10.2012 20:28 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.10.2012 20:28 355632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5.10.2012 1:32 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.10.2012 1:32 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [18.2.2012 11:00 32768]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 20:54 116608]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/10/20 10:43];c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl [11.1.2012 22:57 87536]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [22.3.2010 20:27 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.10.2012 20:28 21256]
R2 BCWipeSvc;BCWipe service;c:\program files\Diagnostika a údržba\BCWipe\BCWipeSvc.exe [23.5.2010 6:05 95544]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [20.10.2012 10:42 87336]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [20.10.2012 10:42 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [20.10.2012 10:42 296232]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [20.10.2012 10:42 120432]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [4.3.2012 16:50 1258856]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2.6.2012 10:23 14976]
R2 Serviio;Serviio;c:\program files\Audio a video\Serviio\bin\ServiioService.exe [9.8.2012 20:25 279552]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [18.2.2012 11:00 482992]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [22.3.2010 20:27 160288]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 tvtool;tvtool;c:\program files\Audio a video\TVTool\TVTOOL.SYS [3.4.1996 20:33 5248]
S2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [9.9.2007 7:27 16587]
S2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet a programy\Internet Lock 5.1\ILSvc.exe [9.9.2007 7:27 106496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:01 250808]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\Audio a video\Samsung PC Share Manager\WiselinkPro.exe [16.7.2010 17:23 6638080]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.3.2010 22:24 23456]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25.4.2012 18:06 115168]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 16:49 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [6.6.2010 15:18 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [6.6.2010 15:18 19408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [7.3.2009 15:20 23600]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [23.5.2010 6:05 92096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:14]
.
2012-10-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-22 09:12]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.40/TSWeb.cab
FF - ProfilePath - c:\documents and settings\Mirek mladší\Data aplikací\Mozilla\Firefox\Profiles\5mekgo92.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: 2012-09-15 21:13; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\Mirek mladĂ…ÂˇĂÂ\Data aplikacĂÂ\Mozilla\Firefox\Profiles\5mekgo92.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\Audio a video\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\guard32.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(916)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Diagnostika a údrc:\windows\system32\svchost.exe
c:\program files\Diagnostika a údrc:\windows\system32\svchost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Zabezpec:\progra~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2012-10-26 18:20:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-26 16:20
.
Před spuštěním: Volných bajtů: 26 777 014 272
Po spuštění: Volných bajtů: 26 748 653 568
.
- - End Of File - - 092FF42F30C08763C1623CD307D627DC

Jak se chova PC

Zdravím,
mělo by to být OK.
Musím říci, že chování PC se rapidně zlepšilo už při použití SuperAntiSpyware.

Každopádně včera jsem řešil problémek s explorerem.exe, který mi hlásil chybu vždy, když jsem najel na .mts soubor. Původně jsem myslel, že to souvisí s výmazem registrů Combofixem, po dlouhém bádání
jsem objevil zmínku na webu o problému při současném nainstalování kodeků K-Light Codec Pack a Core AVC.

Odinstaloval jsem tedy Core AVC a je po problému.

Díky za precizní pomoc
MK

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Pomoc- System Idle Process 95-100%

Re: Pomoc- System Idle Process 95-100%

Re: Pomoc- System Idle Process 95-100%

Re: Pomoc- System Idle Process 95-100%

Re: Pomoc- System Idle Process 95-100%

Re: Pomoc- System Idle Process 95-100%