Kontrola PC

[vyosek]

Fajn, stahnete toto http://www.microsoft.com/cs-cz/download ... x?id=12934 a ulozte na plochu

Zastavte rezidentni stity antiviru

Pretahnete stazeny soubor (je to instalace Konzoly pro zotaveni) nad ComboFix a pustte


O uspesne instalaci by mel CF informovat


Nasledne by mel se zeptat, zda-li chcete PC prohledat, dejte ano

[nanovo]

ComboFix 13-01-08.01 - Admin 09.01.2013 13:54:44.13.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1131 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-08 17:02 . 2013-01-08 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 17:02 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 15:27 . 2013-01-08 16:25 -------- d-----w- c:\program files\CrystalDiskInfo
2013-01-08 15:27 . 2013-01-08 15:27 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 03:39 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-21 11:29 . 2012-11-21 11:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 11:29 . 2011-12-29 16:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2008-04-14 03:41 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:33 . 2008-04-14 03:42 667136 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:33 . 2008-04-14 03:41 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-25 21:33 . 2012-10-25 20:33 47570446 ----a-w- c:\program files\easylanguage-nemcina_2.09.exe
2012-07-29 18:37 . 2012-07-29 18:29 3081354 ----a-w- c:\program files\MGControl65.EXE
2012-06-14 17:45 . 2012-06-14 17:44 819200 ----a-w- c:\program files\pro100_demo5_csy.exe
2012-06-14 11:04 . 2012-06-14 10:55 655360 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2012-04-29 08:00 . 2012-04-29 08:00 1263344 ----a-w- c:\program files\eset_smart_security_live_installer.exe
2011-09-27 15:49 . 2011-09-27 15:33 14604912 ----a-w- c:\program files\ashampoo_undeleter_1.00_sm.exe
2011-09-26 18:17 . 2011-09-26 18:17 2451576 ----a-w- c:\program files\rcsetup140.exe
2011-01-06 15:18 . 2011-01-06 15:03 13388728 ----a-w- c:\program files\FitLinieFullSetup.exe
2010-11-30 19:46 . 2010-11-30 19:38 6274424 ----a-w- c:\program files\Silverlight.exe
2012-12-05 14:55 . 2012-12-05 14:55 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 16:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"tktray"="c:\program files\ToolKitService\tktray.exe" [2012-01-23 453712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-12-17 1634112]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2012-03-24 518656]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-8-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.10.2010 14:39 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 8:20 118104]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [5.2.2009 15:04 51072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 11:03 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.1.2013 18:02 682344]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [8.12.2009 19:26 3616768]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 18:07 35088]
R2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\toolkitservice.exe [16.3.2012 21:30 2285568]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4.12.2007 19:34 946816]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [30.8.2010 12:55 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.1.2013 18:02 21104]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [30.8.2010 12:55 55296]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\hwadb.sys [24.3.2012 20:18 25728]
S3 ToolkitDisk;ToolkitDisk;c:\windows\system32\drivers\toolkitdisk.sys [16.3.2012 21:30 57152]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-16 09:34]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 20:58]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 20:58]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 22:02]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 22:02]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4B2C923-8E94-4116-B9D9-F48831E7A54A}: NameServer = 85.237.225.250 213.151.200.30
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-03-15 15:18; xmlfiller@software602.cz; c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HW_OPENEYE_OUC_ - c:\program files\Hi Suite\UpdateDog\ouc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 13:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\dfshim.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-09 14:00:20
ComboFix-quarantined-files.txt 2013-01-09 13:00
ComboFix2.txt 2013-01-08 22:31
.
Pre-Run: 62 808 367 104 bytes free
Post-Run: 19 adresárov, 62 789 976 064 voľných bajtov
.
- - End Of File - - E97664844A8EA856DF77B2DC9E15E8FB

Zasa v priebehu scanu vyhodilo tú chybu BOOT...
Našla som aj všetky ištal. CD

[vyosek]

Divne, ta Konzola se nenainstalovala, dal ComboFix hlasku ze se mu to povedlo?? Nebo nechce ji sam od sebe nainstalovat?? a vy mu to jen nedovolite

[nanovo]

O uspesne instalaci by mel CF informovat

toto okno sa neotvorilo, len otázka na prehľadanie v menšom (neviem už presne, v akom)

[vyosek]

Uz asi tusim chybu...

Na te strance jak jsem dal, tak musite zvolit svuj jazyk jeste...Pokud slovenstina nebude, tak dejte anglictinu...A soubor stahnete a postup stejny...Jak se zepta na prohledani, tak nepovolte (NE, NO...)

[nanovo]

ComboFix 13-01-08.01 - Admin 09.01.2013 14:57:50.14.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1063 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-08 17:02 . 2013-01-08 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 17:02 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 15:27 . 2013-01-08 16:25 -------- d-----w- c:\program files\CrystalDiskInfo
2013-01-08 15:27 . 2013-01-08 15:27 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2008-04-14 03:39 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-21 11:29 . 2012-11-21 11:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 11:29 . 2011-12-29 16:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2008-04-14 03:41 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:33 . 2008-04-14 03:42 667136 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:33 . 2008-04-14 03:41 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-25 21:33 . 2012-10-25 20:33 47570446 ----a-w- c:\program files\easylanguage-nemcina_2.09.exe
2012-07-29 18:37 . 2012-07-29 18:29 3081354 ----a-w- c:\program files\MGControl65.EXE
2012-06-14 17:45 . 2012-06-14 17:44 819200 ----a-w- c:\program files\pro100_demo5_csy.exe
2012-06-14 11:04 . 2012-06-14 10:55 655360 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2012-04-29 08:00 . 2012-04-29 08:00 1263344 ----a-w- c:\program files\eset_smart_security_live_installer.exe
2011-09-27 15:49 . 2011-09-27 15:33 14604912 ----a-w- c:\program files\ashampoo_undeleter_1.00_sm.exe
2011-09-26 18:17 . 2011-09-26 18:17 2451576 ----a-w- c:\program files\rcsetup140.exe
2011-01-06 15:18 . 2011-01-06 15:03 13388728 ----a-w- c:\program files\FitLinieFullSetup.exe
2010-11-30 19:46 . 2010-11-30 19:38 6274424 ----a-w- c:\program files\Silverlight.exe
2012-12-05 14:55 . 2012-12-05 14:55 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 16:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"tktray"="c:\program files\ToolKitService\tktray.exe" [2012-01-23 453712]
"HW_OPENEYE_OUC_"="c:\program files\Hi Suite\UpdateDog\ouc.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-12-17 1634112]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2012-03-24 518656]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-8-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.10.2010 14:39 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 8:20 118104]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [5.2.2009 15:04 51072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 11:03 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8.1.2013 18:02 682344]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [8.12.2009 19:26 3616768]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 18:07 35088]
R2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\toolkitservice.exe [16.3.2012 21:30 2285568]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4.12.2007 19:34 946816]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [30.8.2010 12:55 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8.1.2013 18:02 21104]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [30.8.2010 12:55 55296]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\hwadb.sys [24.3.2012 20:18 25728]
S3 ToolkitDisk;ToolkitDisk;c:\windows\system32\drivers\toolkitdisk.sys [16.3.2012 21:30 57152]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-16 09:34]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 20:58]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 20:58]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 22:02]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 22:02]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-03-15 15:18; xmlfiller@software602.cz; c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\dfshim.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-09 15:03:33
ComboFix-quarantined-files.txt 2013-01-09 14:03
ComboFix2.txt 2013-01-09 13:00
ComboFix3.txt 2013-01-08 22:31
.
Pre-Run: 62 822 174 720 bytes free
Post-Run: 19 adresárov, 62 808 363 008 voľných bajtov
.
- - End Of File - - 951B5149B19ABCA731D42012C56A4574

[vyosek]

Grrr

Ta hlaska se stale ukazuje

[nanovo]

- stále BOOT ...
- info CONGRATULATIONS nebolo

[vyosek]

Fajn, tak pouzijeme to instalacni co se naslo

Vlozit do mechaniky instalacni CD Windows XP --> v BIOSu nastavit boot z mechaniky (http://www.tipypropc.cz/jak-zmenit-poradi-bootovani/)--> spustit instalaci z CD --> v prvnim okne "Vita vas instalacni program" stisknutim klavesy "R" spustit Konzolu pro zotaveni --> vybrat instalaci, ke ktere se chcete prihlasit (zpravidla "1:") --> 1 --> Enter --> zadat pripadne heslo -->postupne zadat a potvrdit enter:
fixmbr
fixboot
exit
restart PC, zmenit boot na HDD a nechat nabehnout windows

[nanovo]

potrebovala by som postup pre lamy a určite aj s krízovými riešeniami v prípade neúspechu = plán B, najlepšie aj C
obidva vytlačiť
modliť , aby PC nabehol a podarilo sa
na toto sa asi nedám

[vyosek]

OK, tak pockejte do vecera, to byva kolega online a ja to s nim zkonzultuji...Ale dle meho by nemelo se nic stat...

[vyosek]

Takze to zkusime vytvoreni rucne, jsem s kolegou v soucinnosti...

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  compmgmt.msc

• Kliknete na OK
• Otevre se spravce disku, screen z nej bych rad videl - navod na screen http://www.viry.cz/forum/viewtopic.php?f=11&t=14114

[nanovo]

už mám:

[vyosek]

OK, predam kolegovi a on nam vytvori co potrebujeme

[vyosek]

Stahnete si tento soubor http://leteckaposta.cz/673088438 a ulozte primo na c:\ (c:\boot.ini)

Restart PC a hlaska by mela zmizet