ESET nedokaze odstranit vir

[jacho6380]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

[vyosek]

Drzi se hajzlik drzi

Udelejte sken pomoci CureIt http://viry.cz/forum/viewtopic.php?f=29&t=47721 a dejte vedet ci neco nasel...

[jacho6380]

nasiel jeden a ten som dal liecit, teraz ako zistime ci tam ten je? log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2. 12. 2010 18:05:25
mbam-log-2010-12-02 (18-05-25).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 122678
Uplynulý čas: 2 min, 50 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[vyosek]

Nepamatujete si nahodou co to naslo

Na plose byste mel mit log mbr.txt - smazte jej

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

[jacho6380]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

[vyosek]

ESET stale otravuje

Udelejte sken pomoci AVPToolu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 - log pak sem

[jacho6380]

Automatická kontrola: dokončeno před 10 min. (události: 10, objekty: 1193742, čas: 04:43:21)
5. 12. 2010 11:31:30 Úloha byla spuštěna
5. 12. 2010 12:46:06 Zjištěno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x64-392cz.exe;1/Zip.SFX
5. 12. 2010 14:34:55 Neošetřeno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x64-392cz.exe;1/Zip.SFX Zápis není podporován
5. 12. 2010 14:34:58 Zjištěno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x86-392cz.exe;1/Zip.SFX
5. 12. 2010 14:34:58 Neošetřeno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x86-392cz.exe;1/Zip.SFX Zápis není podporován
5. 12. 2010 16:04:29 Zjištěno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x64-392cz.exe;1/Zip.SFX
5. 12. 2010 16:04:29 Neošetřeno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x64-392cz.exe;1/Zip.SFX Zápis není podporován
5. 12. 2010 16:04:30 Zjištěno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x86-392cz.exe;1/Zip.SFX
5. 12. 2010 16:04:30 Neošetřeno: Backdoor.Win32.Hupigon.mcuc D:\MAFIA 2 CZ\Mafia 2 CZ_Disk2.iso/Ostatn? Programy/WinRAR v3.92 CZ (23-64bit)/wrar-x86-392cz.exe;1/Zip.SFX Zápis není podporován
5. 12. 2010 16:14:51 Úloha byla dokončena

ESET neotravuje

[vyosek]

AVPTool nasel jen crack

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[jacho6380]

ComboFix 10-12-04.02 - Michal . 12. 2010 16:42:46.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.6142.4392 [GMT 1:00]
Running from: c:\users\Michal\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 15:46 . 2010-12-05 15:46 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-05 15:46 . 2010-12-05 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-05 15:41 . 2010-12-05 15:42 -------- d-----w- C:\32788R22FWJFW
2010-12-05 10:30 . 2010-12-05 10:30 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-03 14:00 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6A46753-8396-41F3-BB13-7610555E1711}\mpengine.dll
2010-12-01 18:21 . 2010-12-02 04:13 -------- d-----w- c:\users\Michal\DoctorWeb
2010-12-01 14:41 . 2010-12-01 14:41 -------- d-----w- C:\_OTM
2010-11-25 21:41 . 2010-11-25 21:41 -------- d-----w- c:\program files (x86)\EA Sports
2010-11-25 15:47 . 2010-11-25 15:47 -------- d-----w- c:\users\Michal\AppData\Roaming\Leadertech
2010-11-25 13:47 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2010-11-25 13:47 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2010-11-25 13:47 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-11-25 13:47 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-11-25 13:47 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2010-11-25 13:47 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-11-25 13:46 . 2010-11-25 13:46 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-11-25 13:46 . 2010-11-25 13:46 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-25 13:46 . 2010-11-25 13:46 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-25 13:46 . 2010-11-25 13:46 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-11-25 12:44 . 2010-11-25 12:44 94208 ----a-w- c:\windows\DIIUnin.exe
2010-11-25 12:44 . 2010-11-25 12:44 2829 ----a-w- c:\windows\DIIUnin.pif
2010-11-25 12:31 . 2010-11-27 12:05 -------- d-----w- c:\program files (x86)\Diablo II
2010-11-24 08:39 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 08:39 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-23 19:59 . 2010-11-23 19:59 -------- d-----w- c:\users\Michal\AppData\Roaming\Need for Speed World
2010-11-23 16:37 . 2010-11-23 16:37 -------- d-----w- c:\users\Michal\AppData\Local\Electronic_Arts_Inc
2010-11-23 10:42 . 2010-11-23 10:42 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2010-11-23 10:42 . 2010-04-29 14:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-23 10:42 . 2010-11-23 10:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-11-23 10:42 . 2010-11-23 10:42 -------- d-----w- c:\programdata\Malwarebytes
2010-11-23 10:42 . 2010-04-29 14:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 17:07 . 2010-11-22 17:07 -------- d-----w- c:\program files\trend micro
2010-11-22 17:07 . 2010-11-22 17:07 -------- d-----w- C:\rsit
2010-11-20 17:00 . 2010-11-20 17:00 -------- d-----w- c:\users\Michal\AppData\Roaming\Media Player Classic
2010-11-20 07:58 . 2010-11-20 07:58 -------- d-----w- c:\programdata\EA Core
2010-11-20 07:33 . 2007-03-05 11:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2010-11-14 15:20 . 2010-11-14 15:20 -------- d-----w- c:\users\Michal\AppData\Local\Activision
2010-11-14 15:00 . 2010-11-14 15:00 -------- d-----w- c:\program files (x86)\Activision
2010-11-13 11:33 . 2010-11-13 11:33 -------- d-----w- C:\Games
2010-11-10 19:08 . 2010-11-10 19:08 -------- d-----w- c:\users\Michal\AppData\Roaming\HTC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 09:19 . 2010-10-28 09:19 419840 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-28 09:19 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
2010-10-28 09:19 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2010-10-27 15:08 . 2010-10-27 14:11 165232 ---ha-w- c:\users\Michal\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-10-22 06:23 . 2010-11-02 17:14 67176 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2010-11-02 17:14 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-22 06:23 . 2010-09-10 16:21 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-10-22 06:23 . 2010-11-02 17:14 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-22 06:23 . 2010-11-02 17:14 20284008 ----a-w- c:\windows\system32\nvoglv64.dll
2010-10-22 06:23 . 2010-11-02 17:14 386152 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-22 06:23 . 2010-11-02 17:14 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-22 06:23 . 2010-11-02 17:14 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2010-10-22 06:23 . 2010-11-02 17:14 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-22 06:23 . 2010-11-02 17:14 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2010-10-22 06:23 . 2010-11-02 17:14 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll
2010-10-22 06:23 . 2010-11-02 17:14 12432616 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-22 06:23 . 2010-11-02 17:14 6471784 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-11-02 17:14 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-22 06:23 . 2010-11-02 17:14 3112552 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2010-11-02 17:14 2934888 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2010-11-02 17:14 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-22 06:23 . 2010-11-02 17:14 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-22 06:23 . 2010-09-10 16:21 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-22 06:23 . 2010-11-02 17:14 18597480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2010-11-02 17:14 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-22 06:23 . 2010-11-02 17:14 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-22 06:23 . 2010-09-10 16:20 2161256 ----a-w- c:\windows\system32\nvapi64.dll
2010-10-19 09:41 . 2010-09-10 14:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-17 09:31 . 2010-10-17 09:31 1868288 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{6056086A-9E66-4BA3-8AE2-AF5BA45D5EA5}\AppIcon.exe
2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:13 . 2010-10-16 12:13 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-27 12:55 . 2010-10-08 18:46 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-27 12:55 . 2010-10-08 18:47 33152 ----a-w- c:\windows\system32\LMIport.dll
2010-09-27 12:55 . 2010-10-08 18:46 80768 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-26 13:19 . 2010-09-26 13:19 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-26 13:18 . 2010-09-26 13:18 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-09-26 13:18 . 2010-09-26 13:18 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-09-15 03:50 . 2010-09-10 15:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-10 14:49 . 2010-09-10 14:49 3694360 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-10 14:15 . 2010-09-10 14:15 250400 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-09-10 14:15 . 2010-09-10 14:15 1455648 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2010-09-10 14:15 . 2010-09-10 14:15 929312 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-10 14:15 . 2010-09-10 14:15 254496 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-10 05:35 . 2010-10-27 02:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35 . 2010-10-27 02:01 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36 . 2010-10-14 23:03 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:34 . 2010-10-14 23:03 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 04:30 . 2010-10-14 23:03 978432 ----a-w- c:\windows\SysWow64\wininet.dll
2010-09-08 04:28 . 2010-10-14 23:03 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16 . 2010-10-14 23:03 482816 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:35 . 2010-10-14 23:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 03:22 . 2010-10-14 23:03 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-09-08 02:48 . 2010-10-14 23:03 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-01 33736]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-26 1038088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-26 13352]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1255736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-17 37392]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-09-10 1455648]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-09-10 2326920]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2010-08-21 253440]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-09-10 250400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-09-26 34032]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - 86111151
*NewlyCreated* - 86111152
*NewlyCreated* - SETUP_9.0.0.722_05.12.2010_12-20DRV
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-Nektra OEAPI - (no file)
Wow6432Node-HKCU-Run-OEXPRESS - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-736685018-3993978753-1185011412-1001\Software\SecuROM\License information*]
"datasecu"=hex:9b,9c,7f,31,cc,20,8f,68,93,98,5e,8a,c7,3e,89,18,63,4d,41,8b,7e,
f3,cb,97,5c,67,96,a8,e7,31,65,61,47,1b,8d,b1,86,28,b7,c6,46,f1,ac,49,48,19,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-05 16:48:00
ComboFix-quarantined-files.txt 2010-12-05 15:48

Pre-Run: 12 129 206 272 bytes free
Post-Run: 11 810 500 608 bytes free

- - End Of File - - B05D49B97A000908D35C062FD7CAFF1B

[vyosek]

ESET stale krici ze tam ma nejakou havet

[jacho6380]

Nie

[vyosek]

Vypada to, ze se nam jej podarilo dat do pryc...

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou dotazy a ani problemy, je to vse

[jacho6380]

Vsetko je ok. Dakujem velmi pekne profíkom.

[vyosek]

I za kolegu nemate zac

[jacho6380]

Zdravim, tak este som tu raz (snad), odkedy sme pc vycistily tak mi nefunguje klavesova skratka CTRL+ALT+DELETE, bola by nejaka rada?