VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

poškozená data ?

https://forum.viry.cz:443/viewtopic.php?t=95711

Stránka 2 z 2

Re: poškozená data ?

Napsal: 04 led 2010 21:51
od Rudy
Spusťte znovu tímto skriptem:
Folder::
c:\program files\AskBarDis

Collect::
c:\windows\x.reg
c:\windows\system32\drivers\onniqwqw.sys
c:\windows\system32\drivers\gqxhkcdk.sys
C:\FMKXMBYF

Driver::
fqrtoxdw
fucwklgf

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
Obávám se, že ty rootkity, které se vám v PC neustále obnovují, mají na svědomí smazání dat.

Re: poškozená data ?

Napsal: 05 led 2010 19:30
od gazebo
Provedeno dle navodu a zde opet predkladam log. Nejspis asi budu postupovat dle navodu zde na foru,souhlasite ? S tim ze po kazdy akci sem vlozim log s zadosti o kontrolu...ok ?

http://www.viry.cz/forum/viewtopic.php?t=14396


ComboFix 10-01-04.01 - Uživatel 05.01.2010 18:38:51.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

file zipped: c:\windows\x.reg
.
/wow section - STAGE 1


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0048FE09
c:\program files\AskBarDis\bar\Cache\00490915
c:\program files\AskBarDis\bar\Cache\00490B76.bin
c:\program files\AskBarDis\bar\Cache\00490E93.bin
c:\program files\AskBarDis\bar\Cache\00491142.bin
c:\program files\AskBarDis\bar\Cache\004913B3.bin
c:\program files\AskBarDis\bar\Cache\004917DA.bin
c:\program files\AskBarDis\bar\Cache\004919DE.bin
c:\program files\AskBarDis\bar\Cache\00492855.bin
c:\program files\AskBarDis\bar\Cache\004929CC.bin
c:\program files\AskBarDis\bar\Cache\00492B62.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\x.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fqrtoxdw
-------\Service_fucwklgf


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 18:06 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 GAGPDrv;GAGPDrv; [x]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 19:08
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83FDA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(964)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\fmkxmbyf\HPIE.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 19:18:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 18:18
ComboFix2.txt 2010-01-03 15:29

Před spuštěním: 4 170 883 072
Po spuštění: 4 140 380 160

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 57AEEDF5C4FB85187C0B1714C3D48219

Re: poškozená data ?

Napsal: 05 led 2010 20:06
od Rudy
Už je to podstatně lepší, ale spusťte CF ještě jednou tímto skriptem:
Driver::
GAGPDrv

Re: poškozená data ?

Napsal: 05 led 2010 21:06
od gazebo
Provedeno dle navodu...zde je log

ComboFix 10-01-04.01 - Uživatel 05.01.2010 20:35:46.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.325 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GAGPDrv


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-03 13:43 . 2010-01-03 13:43 389632 ----a-w- c:\windows\system32\CF9622.exe
2010-01-03 13:34 . 2010-01-03 13:31 389632 ----a-w- c:\windows\system32\CF7323.exe
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- c:\program files\trend micro
2010-01-03 13:11 . 2010-01-03 13:12 -------- d-----w- C:\rsit
2010-01-02 15:33 . 2010-01-02 16:23 -------- d-----w- c:\program files\Ontrack
2010-01-02 15:23 . 2009-12-17 23:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-02 15:22 . 2010-01-02 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 16:27 . 2010-01-01 16:27 -------- d-----w- c:\program files\MediaDoctor
2010-01-01 14:58 . 2004-03-16 07:35 49152 ----a-w- c:\windows\system32\OctaneARM.dll
2010-01-01 00:34 . 2010-01-01 00:34 -------- d-----w- c:\program files\Recuva
2009-12-27 12:59 . 2009-07-05 20:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-27 12:59 . 2009-07-05 20:33 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-27 12:59 . 2009-12-27 12:59 -------- d-----w- c:\program files\ffdshow
2009-12-13 14:46 . 2010-01-04 20:25 -------- d-----w- c:\program files\ICQ6.5
2009-12-10 15:14 . 2010-01-01 18:38 -------- d-----w- c:\program files\IDOS 09-10

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:50 . 2006-11-08 14:24 609 --sha-w- c:\windows\system32\mmf.sys
2010-01-05 17:15 . 2009-06-03 12:43 -------- d-----w- c:\program files\LogMeIn
2010-01-02 17:28 . 2009-04-30 12:28 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-02 16:24 . 2004-11-19 08:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 16:19 . 2009-08-22 09:21 -------- d-----w- c:\program files\Safari
2010-01-02 16:17 . 2005-10-02 17:26 -------- d-----w- c:\program files\CyberLink
2010-01-02 16:15 . 2004-11-19 21:16 -------- d-----w- c:\program files\Phenomedia
2010-01-02 16:14 . 2006-12-12 16:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-01-01 16:12 . 2008-11-03 16:55 -------- d-----w- c:\program files\Common Files\COWON
2010-01-01 15:56 . 2008-11-03 16:55 -------- d-----w- c:\program files\JetAudio
2010-01-01 15:34 . 2008-03-13 19:06 -------- d-----w- c:\program files\FlatOut
2009-12-27 12:59 . 2009-09-19 10:25 -------- d-----w- c:\program files\Cool YouTube Downloader
2009-12-18 13:02 . 2005-03-10 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 16:06 . 2008-07-11 20:42 -------- d-----w- c:\program files\Miranda IM
2009-12-13 15:53 . 2009-03-13 20:11 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-13 15:23 . 2007-08-05 14:03 -------- d-----w- c:\program files\QIP
2009-11-25 16:40 . 2009-10-19 12:30 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-25 16:40 . 2009-10-19 12:30 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-24 23:54 . 2007-06-22 13:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-06-22 13:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-06-22 13:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-06-22 13:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-06-22 13:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-06-22 13:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 13:44 . 2004-11-19 18:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 12:56 . 2009-10-19 12:30 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 12:56 . 2009-10-19 12:30 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-28 17:58 . 2001-10-25 14:00 505350 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 17:58 . 2001-10-25 14:00 108888 ----a-w- c:\windows\system32\perfc005.dat
2009-10-21 06:03 . 2004-12-03 17:58 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2004-12-03 17:58 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-07-12 15:04 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-19 12:32 . 2009-10-19 12:32 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-10-13 10:53 . 2002-09-20 18:04 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2002-09-20 18:04 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2002-09-20 18:04 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2008-06-22 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^µTorrent.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\µTorrent.lnk
backup=c:\windows\pss\µTorrent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-13 13:21 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-07 17:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SSDPSRV"=3 (0x3)
"LmHosts"=2 (0x2)
"mnmsrvc"=3 (0x3)
"upnphost"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotkey"=mHotkey.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Total Commander 6\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla\\mozilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8785:TCP"= 8785:TCP:*:Disabled:BitComet 8785 TCP
"8785:UDP"= 8785:UDP:*:Disabled:BitComet 8785 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2005 9:27 Čas: 716272]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:15 Čas: 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19.10.2009 13:30 Čas: 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.10.2009 13:30 Čas: 25160]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [13.8.2007 12:42 Čas: 13312]
R1 Winhpfile;Winhpfile;c:\fmkxmbyf\HPFile.sys [22.6.2008 19:37 Čas: 16601]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:15 Čas: 20560]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.4.2006 19:00 Čas: 164992]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 21:11 Čas: 222968]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [8.11.2006 15:24 Čas: 2560]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.4.2006 19:00 Čas: 12544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 17:46 Čas: 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3.6.2009 13:44 Čas: 47640]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\orant\bin\ifsrv60.exe -start_service --> c:\orant\bin\ifsrv60.exe -start_service [?]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 Čas: 70912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 Čas: 1044808]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [13.8.2007 12:42 Čas: 8832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 Čas: 10064]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [25.11.2004 14:09 Čas: 266180]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [19.11.2004 21:45 Čas: 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [19.11.2004 21:45 Čas: 13308]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [2.5.2009 16:54 Čas: 101136]
S3 Revolution1;Revolution1;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Rar$EX02.047\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2.2.2009 11:04 Čas: 356920]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [30.5.2007 15:47 Čas: 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [30.5.2007 17:58 Čas: 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [30.5.2007 17:58 Čas: 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [30.5.2007 18:25 Čas: 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [30.5.2007 18:25 Čas: 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [30.5.2007 18:20 Čas: 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [30.5.2007 18:25 Čas: 90800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 23:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Do fronty Star Downloaderu - c:\program files\Star Downloader\sdieenq.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zobrazit originál
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\g8ca54fd.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 20:52
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x83F6C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77b5fc3
\Driver\ACPI -> ACPI.sys @ 0xf7613cb8
\Driver\atapi -> prosync1.sys @ 0xf7c7b6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0B3829-8B3D-6294-BC8B-A754B0DB491E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-1637723038-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,85,13,20,e9,a2,22,63,a1,7b,ab,30,d3,36,21,fb,82,2a,8c,fa,b0,dd,ad,
10,6a,6d,fe,82,d7,19,3f,25,a2,12,8a,62,a0,f6,4e,f4,d0,27,ac,fe,c1,d9,88,c9,\
"??"=hex:75,4f,3d,73,80,3a,99,4b,7b,08,39,8b,8e,8b,b6,43

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{765dd79e-581f-4bb6-92f4-2c332f2d46df}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015a
"Therad"=dword:0000001f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):99,c7,fb,e7,71,8c,30,ac,11,59,be,14,34,84,06,e9,96,84,22,74,d4,
8e,ae,47,ec,25,f3,53,18,c7,e5,00,b2,9a,c7,bc,58,20,67,d4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,8a,e8,46,ee,dc,b9,3c,
6e,96,5e,02,2e,f5,00,a9,81,08,f6,52,ef,e7,50,0b,0f,63,cf,89,b0,df,91,3d,bf,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3920)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\devldr32.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\orant\bin\ifsrv60.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\orant\bin\ifweb60.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Comodo\COMODO Internet Security\crashrep.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 21:02:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 20:02
ComboFix2.txt 2010-01-03 15:29

Před spuštěním: 3 289 669 632
Po spuštění: 3 239 862 272

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 165B17EB44810FCDA60775930276F44D

Re: poškozená data ?

Napsal: 05 led 2010 21:12
od Rudy
Konečně log vypadá čistý. Teď je nutné se pokusit o záchranu dat. Ovám se ale, že to nebude jednoduché, ne-li nemožné.

Re: poškozená data ?

Napsal: 05 led 2010 21:17
od gazebo
Nepujde-li to neda se nic delat ale jestli se mnou budete mit trpelivost tak jsem pripraven zkusit vse nac mi budou stacit sily.

Re: poškozená data ?

Napsal: 05 led 2010 22:30
od Rudy
Nemohu poradit nic jiného, nežli standardní programy na záchranu dat: http://www.stahuj.centrum.cz/utility_a_ ... bnova_dat/ . Neznáme totiž rutinu, kterou rootkit použil na smazání dat. Budete asi muset zkusit, co půjde, ne všechno se může osvědčit. Odborná záchrana dat od firmy by vás mohla přijít na dost peněz.

Re: poškozená data ?

Napsal: 05 led 2010 22:49
od gazebo
Aha, nuže se s tím zkusím nějak porvat. Díky za Váš čas a rady.

Re: poškozená data ?

Napsal: 05 led 2010 22:50
od Rudy
Rádo se stalo!

Re: poškozená data ?

Napsal: 06 led 2010 20:44
od gazebo
Zkousel jsem obnovu dat programem EasyRecovery Professional pred ocistou a i po ni a zatimco pred ni mi hlasil vsechna data poskozena tak nyni se mi povedlo obnovit cca 80 % fotografii.
Jeste jednou diky Rudymu za jeho cas a rady.........DIKY.

Re: poškozená data ?

Napsal: 06 led 2010 21:27
od Rudy
Vůbec nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz