VIRY.CZ

Nejde mi ten link otevrit,muzete to uploadnout treba na leteckou postu nebo ulozto?

Pred aplikaci skriptu zakazte sitovy adapter.

V TOM LINKU JE ZASE VŠE CO SE VLOŽILO DO SKRIPTU

KDE ZAKAZAT SITOVI ADAPTER

Ja ho nemuzu stahnout,nahrajte ho jinam.

JE TO TADY

http://uloz.to/3133847/cfscript.htm

COMODO HLAÍ OPĚT JINÝ SVINSTVO
NIR CMD

Jasne je psano,ze pri aplikaci skriptu i ComboFixu samotneho je treba zakazat nebo vypnout antiviry,antispyware i firewally

Nircmd je soucasti ComboFixu...

tady je log

ComboFix 09-11-21.03 - user 22.11.2009 19:19.32.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.263 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Dokumenty\kikikikikikikikikikikiiá\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

file zipped: c:\documents and settings\user\Data aplikací\Messenger\Drivers\IgfxSys.dll
file zipped: c:\windows\system32\drivers\IsDrv122.sys
file zipped: c:\windows\system32\fpextqfzyboo.dll
file zipped: c:\windows\system32\wmllyzdn.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Data aplikací\Messenger\Drivers\Aud32\msgasst84.dll
c:\documents and settings\user\Data aplikací\Messenger\Drivers\IgfxSys.dll
c:\windows\system32\drivers\IsDrv122.sys
c:\windows\system32\fpextqfzyboo.dll
c:\windows\system32\wmllyzdn.dll

c:\windows\System32\Drivers\vax347s.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-22 do 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 18:15 . 2008-04-14 12:00 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-22 18:15 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-22 15:02 . 2009-11-22 15:02 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2009-11-22 07:24 . 2009-11-22 15:02 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-11-21 16:31 . 2009-11-21 16:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-20 12:00 . 2009-11-20 12:00 -------- d-----w- c:\program files\ezLife
2009-11-19 12:31 . 2009-11-19 12:31 -------- d-----w- c:\program files\EMCO
2009-11-17 16:39 . 2009-11-21 14:51 -------- d-----w- c:\program files\Bus Simulator
2009-11-14 11:02 . 2009-11-14 11:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-14 10:57 . 2009-11-14 10:57 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-11-14 10:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-14 10:45 . 2009-11-14 10:49 -------- d-----w- c:\windows\ie8updates
2009-11-14 10:40 . 2009-08-29 07:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-14 10:40 . 2009-08-29 07:58 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-14 10:40 . 2009-08-29 07:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-14 10:40 . 2009-08-29 07:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-14 10:40 . 2009-08-29 07:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-14 10:40 . 2009-08-29 07:58 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-14 10:37 . 2009-11-14 10:40 -------- dc-h--w- c:\windows\ie8
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\program files\MSBuild
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\program files\Reference Assemblies
2009-11-14 09:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-14 09:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-14 09:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-14 09:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-14 09:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-14 09:06 . 2009-11-14 09:07 -------- d-----w- C:\f3cc40b8cb9f581d2518b62b
2009-11-14 09:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-14 09:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-12 14:43 . 2009-11-12 14:45 -------- d-----w- c:\program files\Euro Truck Simulator
2009-11-05 13:42 . 2000-08-19 18:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2009-11-04 16:22 . 2009-11-04 16:23 -------- d-----w- c:\program files\Landwirtschafts-Simulator 2009
2009-10-28 13:45 . 2009-10-28 13:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-26 16:26 . 2004-04-30 08:33 5248 ------w- c:\windows\system32\drivers\vax347s.sys
2009-10-26 12:45 . 2009-10-26 12:45 -------- d-----w- c:\program files\Microsoft Games
2009-10-25 11:12 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 11:12 . 2009-11-10 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 11:12 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 11:52 . 2009-10-24 12:00 -------- d--h--w- c:\program files\Zero G Registry
2009-10-24 11:51 . 2009-10-24 11:51 -------- d--h--w- c:\documents and settings\user\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 13:05 . 2009-10-03 14:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-21 12:30 . 2008-10-17 21:52 -------- d-----w- c:\program files\Java
2009-11-18 09:41 . 2009-04-21 08:57 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-18 09:41 . 2009-04-21 08:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 09:41 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-18 09:41 . 2009-04-21 08:57 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-17 15:06 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 09:39 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2009-11-14 09:39 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2009-11-12 13:07 . 2009-07-12 08:52 -------- d-----w- c:\program files\Fifa Master
2009-11-12 12:31 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2009-11-09 13:15 . 2009-10-10 16:24 -------- d-----w- c:\program files\Electronic Arts
2009-10-31 15:19 . 2008-12-22 17:42 -------- d-----w- c:\program files\Sports Interactive
2009-10-23 04:21 . 2009-10-17 05:23 -------- d-----w- c:\program files\Ares
2009-10-22 10:29 . 2009-10-22 10:21 3773087 ----a-w- c:\windows\REGBK05.ZIP
2009-10-21 14:35 . 2009-10-21 14:35 -------- d-----w- c:\program files\2K Sports
2009-10-17 10:40 . 2009-10-16 12:48 -------- d-----w- c:\program files\Freeware PDF Unlocker
2009-10-16 14:12 . 2009-10-16 14:12 -------- d-----w- c:\program files\Intelore
2009-10-14 08:30 . 2009-10-14 08:30 -------- d-----w- c:\program files\7-Zip
2009-10-11 16:36 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-10 17:15 . 2009-10-10 17:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-10 04:54 . 2009-10-10 04:53 5073806 ----a-w- c:\windows\REGBK04.ZIP
2009-10-03 15:27 . 2009-10-03 15:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-02 20:41 . 2009-10-02 20:39 5067769 ----a-w- c:\windows\REGBK03.ZIP
2009-10-02 19:49 . 2009-05-07 08:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-21 09:59 . 2009-09-21 09:58 5076455 ----a-w- c:\windows\REGBK02.ZIP
2009-09-11 14:19 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-10-20 16:35 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-10-20 16:35 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-04-13 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-10-20 16:35 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:58 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-30 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^user^Nabídka Start^Programy^Po spuštění^FIFA 10 Registration.lnk]
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Documents and Settings\\user\\Dokumenty\\košikova nba\\nba2k10.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.1.2009 10:14 64160]
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [30.11.2008 8:18 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [26.10.2009 17:26 5248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.4.2009 9:57 132808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 10:43 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 10:43 55024]
S3 BZKKPQN;BZKKPQN;c:\docume~1\user\LOCALS~1\Temp\BZKKPQN.exe --> c:\docume~1\user\LOCALS~1\Temp\BZKKPQN.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 10:43 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2009 18:15 721904]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - CLASSPNP_2
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 19:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82808430]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84e3f28
\Driver\ACPI -> ACPI.sys @ 0xf842fcb8
\Driver\atapi -> 0x82808430
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82dcbd4
PacketIndicateHandler -> NDIS.sys @ 0xf82caa0d
SendHandler -> NDIS.sys @ 0xf82deb40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:fc,f7,b4,e1,1a,0b,8d,1a,2e,05,40,9a,99,2b,d2,8c,d8,5f,96,56,75,
10,34,70,af,7e,01,cb,a4,bb,cf,55,2f,90,0b,28,85,40,55,ae,54,8b,2f,81,7b,89,\
"rkeysecu"=hex:c4,98,f8,f2,a3,e0,a8,86,3b,5f,9f,89,b6,9f,0a,07
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-11-22 19:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-22 18:40
ComboFix2.txt 2009-11-22 12:17

Před spuštěním: Volných bajtů: 65 494 040 576
Po spuštění: Volných bajtů: 65 453 338 624

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 6BF6328C99C491B01784D0F3847CAC1B

Klepnete v mem podpisu na Avenger a aplikujte dle navodu tento skript:

ogfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\windows\system32\dllcache\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.
File "c:\windows\system32\drivers\vax347s.sys" deleted successfully.
File "c:\windows\system32\drivers\vax347b.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

pokud jste tak jeste neucinil(a), presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

Zdravím tady je log combo fix

ComboFix 09-11-23.02 - user 24.11.2009 7:48.33.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.148 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Dokumenty\kikikikikikikikikikikiiá\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-10-24 do 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-23 10:46 . 2009-11-13 08:51 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-23 10:46 . 2009-11-13 08:45 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-23 10:45 . 2009-11-23 10:46 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-23 09:24 . 2009-11-23 09:24 -------- d-----w- c:\program files\Westberg
2009-11-22 18:15 . 2008-04-14 12:00 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys
2009-11-22 15:02 . 2009-11-22 15:02 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2009-11-22 07:24 . 2009-11-22 15:02 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-11-21 16:31 . 2009-11-21 16:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-20 12:00 . 2009-11-20 12:00 -------- d-----w- c:\program files\ezLife
2009-11-19 12:31 . 2009-11-19 12:31 -------- d-----w- c:\program files\EMCO
2009-11-17 16:39 . 2009-11-23 10:09 -------- d-----w- c:\program files\Bus Simulator
2009-11-14 11:02 . 2009-11-14 11:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-14 10:57 . 2009-11-14 10:57 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-11-14 10:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-14 10:45 . 2009-11-14 10:49 -------- d-----w- c:\windows\ie8updates
2009-11-14 10:40 . 2009-08-29 07:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-14 10:40 . 2009-08-29 07:58 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-14 10:40 . 2009-08-29 07:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-14 10:40 . 2009-08-29 07:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-14 10:40 . 2009-08-29 07:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-14 10:40 . 2009-08-29 07:58 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-14 10:37 . 2009-11-14 10:40 -------- dc-h--w- c:\windows\ie8
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\program files\MSBuild
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\program files\Reference Assemblies
2009-11-14 09:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-14 09:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-14 09:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-14 09:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-14 09:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-14 09:06 . 2009-11-14 09:07 -------- d-----w- C:\f3cc40b8cb9f581d2518b62b
2009-11-14 09:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-14 09:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-12 14:43 . 2009-11-12 14:45 -------- d-----w- c:\program files\Euro Truck Simulator
2009-11-05 13:42 . 2000-08-19 18:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2009-11-04 16:22 . 2009-11-04 16:23 -------- d-----w- c:\program files\Landwirtschafts-Simulator 2009
2009-10-28 13:45 . 2009-10-28 13:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-26 12:45 . 2009-10-26 12:45 -------- d-----w- c:\program files\Microsoft Games
2009-10-25 11:12 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 11:12 . 2009-11-10 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 11:12 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 13:05 . 2009-10-03 14:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-21 12:30 . 2008-10-17 21:52 -------- d-----w- c:\program files\Java
2009-11-18 09:41 . 2009-04-21 08:57 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-18 09:41 . 2009-04-21 08:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-18 09:41 . 2009-04-21 08:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-18 09:41 . 2009-04-21 08:57 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-17 15:06 . 2008-10-17 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 09:39 . 2006-03-02 12:00 91866 ----a-w- c:\windows\system32\perfc005.dat
2009-11-14 09:39 . 2006-03-02 12:00 469558 ----a-w- c:\windows\system32\perfh005.dat
2009-11-12 13:07 . 2009-07-12 08:52 -------- d-----w- c:\program files\Fifa Master
2009-11-12 12:31 . 2008-10-26 06:54 -------- d-----w- c:\program files\EA Sports
2009-11-09 13:15 . 2009-10-10 16:24 -------- d-----w- c:\program files\Electronic Arts
2009-10-31 15:19 . 2008-12-22 17:42 -------- d-----w- c:\program files\Sports Interactive
2009-10-24 12:00 . 2009-10-24 11:52 -------- d--h--w- c:\program files\Zero G Registry
2009-10-23 04:21 . 2009-10-17 05:23 -------- d-----w- c:\program files\Ares
2009-10-22 10:29 . 2009-10-22 10:21 3773087 ----a-w- c:\windows\REGBK05.ZIP
2009-10-21 14:35 . 2009-10-21 14:35 -------- d-----w- c:\program files\2K Sports
2009-10-17 10:40 . 2009-10-16 12:48 -------- d-----w- c:\program files\Freeware PDF Unlocker
2009-10-16 14:12 . 2009-10-16 14:12 -------- d-----w- c:\program files\Intelore
2009-10-14 08:30 . 2009-10-14 08:30 -------- d-----w- c:\program files\7-Zip
2009-10-11 16:36 . 2009-05-18 11:09 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-10 17:15 . 2009-10-10 17:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-10 04:54 . 2009-10-10 04:53 5073806 ----a-w- c:\windows\REGBK04.ZIP
2009-10-03 15:27 . 2009-10-03 15:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-02 20:41 . 2009-10-02 20:39 5067769 ----a-w- c:\windows\REGBK03.ZIP
2009-10-02 19:49 . 2009-05-07 08:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-21 09:59 . 2009-09-21 09:58 5076455 ----a-w- c:\windows\REGBK02.ZIP
2009-09-11 14:19 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-10-20 16:35 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-10-20 16:35 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-04-13 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-10-20 16:35 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-10-20 16:35 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 07:58 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-18 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-30 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^user^Nabídka Start^Programy^Po spuštění^FIFA 10 Registration.lnk]
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Documents and Settings\\user\\Dokumenty\\košikova nba\\nba2k10.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

R0 vax347b;vax347b;c:\windows\system32\DRIVERS\vax347b.sys [x]
R0 vax347s;vax347s;c:\windows\System32\Drivers\vax347s.sys [x]
R3 BZKKPQN;BZKKPQN;c:\docume~1\user\LOCALS~1\Temp\BZKKPQN.exe [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-10 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-05 64160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-11-18 132808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-11-24 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-13 08:54]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7E1B775D-FB9F-4945-8B6B-60D8BA4F52C7} = 10.1.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 07:52
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,4a,67,15,5b,a9,6a,5b,cd,e9,29,0d,e8,6d,03,26,ab,ed,d4,03,b1,05,91,
9e,12,18,64,cd,52,6a,9b,30,35,dd,39,6d,c6,2c,07,28,e0,cc,4d,3d,fe,d3,a7,b4,\
"??"=hex:8a,95,0c,91,36,dd,90,2c,2c,e3,05,7a,7a,8f,80,cc

[HKEY_USERS\S-1-5-21-1409082233-1580818891-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:fc,f7,b4,e1,1a,0b,8d,1a,2e,05,40,9a,99,2b,d2,8c,d8,5f,96,56,75,
10,34,70,af,7e,01,cb,a4,bb,cf,55,2f,90,0b,28,85,40,55,ae,54,8b,2f,81,7b,89,\
"rkeysecu"=hex:c4,98,f8,f2,a3,e0,a8,86,3b,5f,9f,89,b6,9f,0a,07
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-11-24 08:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-24 07:00

Před spuštěním: Volných bajtů: 65 612 668 928
Po spuštění: Volných bajtů: 65 571 889 152

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 97F96E416BDCEDAB30585C72461EB230

Ok,jak se chova pc ted?

JO JETO LEPŠÍ AKORAT SE RANO VYPLO Z DŮVODU NEZNÁMÉ SYSTÉMOVÉ CHYBY DO MODRY OBRAZOVKY PŘI STARTU WINDOWS.

A MÁM JEŠTĚ MENŠÍ PROBLÉM STMAVNULA SLOŽKA KOŠ KTERA NEJDE OTEVŘÍT ALE VYHAZOVAT DONÍ JDE ALE VYSYPAT NE .

JEŠTĚ JEDEN PROBLÉM VE SPRAVCI COOKIES V OPEŘE JSOU POŘAD PŘÍJMANY STRANKY NA KTERYCH NIKDO NEBYL
NAPR...HIT GEMIUS.PL ,IMAGESHACK.US,CASINO.US A DALŠI LEPŠI VĚCI
JE MOŽNY ŽE JEDOU PŘES MOJI IP ADRESU

TED JSEM ZAPNUL SPYBOTA A TY STRANKY VYŠE LEZOU Z HOSTS SOUBORU DA SE STIM NĚCO UDĚLAT