Re: prosím o kontolu logu
Napsal: 04 říj 2010 06:44
CF myslím instalaci konzoly nabízel.
Stránka 4 z 5
Re: prosím o kontolu logu
Napsal: 04 říj 2010 06:47
A CF mám stále nainstal. na ploše.
Re: prosím o kontolu logu
Napsal: 04 říj 2010 06:55
Spustte tedy CF, musite byt pripojen k netu, jakmile nabidne instalaci konzoly pro zotaveni tak souhlaste...je mozne, ze vyskoci hlaska ze CF neni aktualni, mel by se aktualizovat sam...
Nabidka by mela vypadat nejak takto
pokud budete uspesni, naskoci tohle
pak probehne normalni sken, na jehoz konci by mel byt vytvoren log, ten rad uvidim
Nabidka by mela vypadat nejak takto
pokud budete uspesni, naskoci tohle
pak probehne normalni sken, na jehoz konci by mel byt vytvoren log, ten rad uvidim
Re: prosím o kontolu logu
Napsal: 04 říj 2010 07:23
Vše proběhlo v pořádku podle Vaší rady. Zde tedy přikládám log z CF a jsem tedy opravdu zvědavý na výsledek. A v každém případě moc díky.
ComboFix 10-10-03.01 - Pospíšil 04.10.2010 8:10.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.640 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pospíšil\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-04 do 2010-10-04 )))))))))))))))))))))))))))))))
.
2010-09-28 06:42 . 2010-09-28 06:42 -------- d-----w- C:\rsit
2010-09-26 13:10 . 2010-09-28 06:42 -------- d-----w- c:\program files\trend micro
2010-09-26 12:52 . 2010-09-26 12:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-26 12:52 . 2010-09-26 12:52 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\program files\HD Tune
2010-09-26 05:39 . 2010-09-26 05:39 -------- d-----w- c:\program files\CCleaner
2010-09-14 01:39 . 2010-09-28 08:28 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-09-13 09:07 . 2010-09-13 09:07 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2010-09-13 08:56 . 2010-10-03 14:32 -------- d-----w- c:\windows\vbSkinner
2010-09-13 08:55 . 2010-09-13 08:55 737280 ----a-w- c:\windows\iun6002.exe
2010-09-13 08:55 . 2010-09-13 08:55 -------- d-----w- c:\program files\CM Data Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 01:43 . 2010-07-20 01:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 19:30 . 2009-10-09 09:07 -------- d-----w- c:\program files\CDex_150
2010-08-28 10:47 . 2010-08-28 09:54 -------- d-----w- c:\program files\The KMPlayer
2010-08-27 02:24 . 2010-03-28 05:41 5 -c--a-w- c:\windows\system32\SySwmvtoavi.dat
2010-08-13 07:20 . 2010-06-05 08:04 -------- d-----w- c:\program files\Common Files\soft602
2010-08-12 11:14 . 2009-08-04 15:55 -------- d-----w- c:\program files\Webteh
2010-08-03 08:43 . 2010-08-03 08:43 503808 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\msvcp71.dll
2010-08-03 08:43 . 2010-08-03 08:43 499712 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\jmc.dll
2010-08-03 08:43 . 2010-08-03 08:43 348160 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\msvcr71.dll
2010-08-03 08:43 . 2010-08-03 08:43 61440 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22b67ec4-n\decora-sse.dll
2010-08-03 08:43 . 2010-08-03 08:43 12800 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22b67ec4-n\decora-d3d.dll
2010-07-26 08:19 . 2009-12-22 02:06 11532 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-19 06:14 . 2010-07-19 06:14 503808 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\msvcp71.dll
2010-07-19 06:14 . 2010-07-19 06:14 499712 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\jmc.dll
2010-07-19 06:14 . 2010-07-19 06:14 348160 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\msvcr71.dll
2010-07-19 06:14 . 2010-07-19 06:14 61440 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25d4b129-n\decora-sse.dll
2010-07-19 06:14 . 2010-07-19 06:14 12800 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25d4b129-n\decora-d3d.dll
2010-07-17 03:00 . 2010-07-19 06:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-26_21.48.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 06:08 . 2010-10-04 06:08 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
+ 2010-10-01 09:12 . 2010-10-01 09:12 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\documents and settings\Pospíšil\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-05-19 462104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-12 917504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-12-03 33718272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneClick Cleanup]
2006-10-08 17:46 258048 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\OneClick Cleanup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-10-08 16:59 122880 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" /background
"OEXPRESS"=c:\windows\OETRN.EXE
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"
"GAINWARD"=c:\program files\EXPERTool\TBPanel.exe /A
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"CHotkey"=mHotkey.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4.8.2009 17:55 155136]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [4.1.2010 4:46 16640]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14.4.2004 15:52 20736]
R3 Safetica;Safetica Encryption Driver;c:\windows\system32\drivers\safetica.sys [18.4.2010 11:41 272504]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21.5.2010 23:15 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [21.5.2010 23:15 1656960]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [21.6.2010 20:09 406016]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4.8.2009 17:55 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.1.2010 14:19 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-10-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-10-04 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{20954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\Dzuso\Nastavenie.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85050A60]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> 0x85050a60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf719bbc3
PacketIndicateHandler -> NDIS.sys @ 0xf7189a0b
SendHandler -> NDIS.sys @ 0xf719db31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Celkový čas: 2010-10-04 08:17:48
ComboFix-quarantined-files.txt 2010-10-04 06:17
ComboFix2.txt 2010-09-28 10:27
ComboFix3.txt 2010-09-28 09:28
Před spuštěním: 1 809 453 056
Po spuštění: 1 797 455 872
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 6D4545BE979C7F969ABD535E5A5B0F68
ComboFix 10-10-03.01 - Pospíšil 04.10.2010 8:10.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.640 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pospíšil\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-04 do 2010-10-04 )))))))))))))))))))))))))))))))
.
2010-09-28 06:42 . 2010-09-28 06:42 -------- d-----w- C:\rsit
2010-09-26 13:10 . 2010-09-28 06:42 -------- d-----w- c:\program files\trend micro
2010-09-26 12:52 . 2010-09-26 12:52 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-26 12:52 . 2010-09-26 12:52 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\program files\HD Tune
2010-09-26 05:39 . 2010-09-26 05:39 -------- d-----w- c:\program files\CCleaner
2010-09-14 01:39 . 2010-09-28 08:28 -------- d-----w- c:\program files\Lark Anti-Spyware
2010-09-13 09:07 . 2010-09-13 09:07 18944 ----a-w- c:\windows\system32\vbCPUInf.dll
2010-09-13 08:56 . 2010-10-03 14:32 -------- d-----w- c:\windows\vbSkinner
2010-09-13 08:55 . 2010-09-13 08:55 737280 ----a-w- c:\windows\iun6002.exe
2010-09-13 08:55 . 2010-09-13 08:55 -------- d-----w- c:\program files\CM Data Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 01:43 . 2010-07-20 01:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 19:30 . 2009-10-09 09:07 -------- d-----w- c:\program files\CDex_150
2010-08-28 10:47 . 2010-08-28 09:54 -------- d-----w- c:\program files\The KMPlayer
2010-08-27 02:24 . 2010-03-28 05:41 5 -c--a-w- c:\windows\system32\SySwmvtoavi.dat
2010-08-13 07:20 . 2010-06-05 08:04 -------- d-----w- c:\program files\Common Files\soft602
2010-08-12 11:14 . 2009-08-04 15:55 -------- d-----w- c:\program files\Webteh
2010-08-03 08:43 . 2010-08-03 08:43 503808 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\msvcp71.dll
2010-08-03 08:43 . 2010-08-03 08:43 499712 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\jmc.dll
2010-08-03 08:43 . 2010-08-03 08:43 348160 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42ab2b75-n\msvcr71.dll
2010-08-03 08:43 . 2010-08-03 08:43 61440 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22b67ec4-n\decora-sse.dll
2010-08-03 08:43 . 2010-08-03 08:43 12800 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22b67ec4-n\decora-d3d.dll
2010-07-26 08:19 . 2009-12-22 02:06 11532 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-19 06:14 . 2010-07-19 06:14 503808 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\msvcp71.dll
2010-07-19 06:14 . 2010-07-19 06:14 499712 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\jmc.dll
2010-07-19 06:14 . 2010-07-19 06:14 348160 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32f87370-n\msvcr71.dll
2010-07-19 06:14 . 2010-07-19 06:14 61440 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25d4b129-n\decora-sse.dll
2010-07-19 06:14 . 2010-07-19 06:14 12800 ----a-w- c:\documents and settings\Pospíšil\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-25d4b129-n\decora-d3d.dll
2010-07-17 03:00 . 2010-07-19 06:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-26_21.48.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 06:08 . 2010-10-04 06:08 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
+ 2010-10-01 09:12 . 2010-10-01 09:12 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\documents and settings\Pospíšil\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-05-19 462104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-12 917504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-12-03 33718272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneClick Cleanup]
2006-10-08 17:46 258048 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\OneClick Cleanup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
2006-10-08 16:59 122880 ----a-w- c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" /background
"OEXPRESS"=c:\windows\OETRN.EXE
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"
"GAINWARD"=c:\program files\EXPERTool\TBPanel.exe /A
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"CHotkey"=mHotkey.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Edisk\\eDisk klient\\eDisk klient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [4.8.2009 17:55 155136]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [4.1.2010 4:46 16640]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14.4.2004 15:52 20736]
R3 Safetica;Safetica Encryption Driver;c:\windows\system32\drivers\safetica.sys [18.4.2010 11:41 272504]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21.5.2010 23:15 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [21.5.2010 23:15 1656960]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\Drivers\AsrCDDrv.sys --> c:\windows\system32\Drivers\AsrCDDrv.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [21.6.2010 20:09 406016]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [4.8.2009 17:55 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.1.2010 14:19 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-10-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-10-04 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{20954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\Dzuso\Nastavenie.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\qai3mkmu.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85050A60]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> 0x85050a60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf719bbc3
PacketIndicateHandler -> NDIS.sys @ 0xf7189a0b
SendHandler -> NDIS.sys @ 0xf719db31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Celkový čas: 2010-10-04 08:17:48
ComboFix-quarantined-files.txt 2010-10-04 06:17
ComboFix2.txt 2010-09-28 10:27
ComboFix3.txt 2010-09-28 09:28
Před spuštěním: 1 809 453 056
Po spuštění: 1 797 455 872
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 6D4545BE979C7F969ABD535E5A5B0F68
Re: prosím o kontolu logu
Napsal: 04 říj 2010 07:35
Takze konzolu mame, to je sjupr 
Restartujte PC a jak budete mit na vyber jestli spustit Konzolu nebo Windows, tak zvolte Konzolu Dale postupujte dle navodu kolegy
kozan píše:
- Konzola ohledá připojené disky a nabídne seznam nalezených instalací. např:
Kód: Vybrat vše
1. C:\WINDOWS- Po výzvě
odpovím číslem zvolené instalace, třeba: 1Kód: Vybrat vše
Ke které instalaci Windows se chcete přihlásit:
POZOR: NumLock na klávesnici nesvítí!- Zadám heslo uživatele administrator a octnu se v adresáři %WINDIR% (obvykle C:\WINDOWS)
- V příkazovém řádku zadám příkaz
a případný dotaz potvrdím klávesou AKód: Vybrat vše
fixmbr- Zadám příkaz
pro restart PC a EnterKód: Vybrat vše
EXIT
Po restartu udelame znovu sken pomoci mbr Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Kliknete na OK
- Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
Re: prosím o kontolu logu
Napsal: 04 říj 2010 07:50
Po restartu se mi bohužel nenábizí žádná možnost a spustí se přímo Windows 
Zkoušel jsem to 2x.
Zkoušel jsem to 2x.Re: prosím o kontolu logu
Napsal: 04 říj 2010 07:52
Mela by tam naskocit nabidka cca na dve vteriny, zkuste jeste mackat F8 jestli se nam nenabidne...Jinak bude treba asi upravit soubor boot.ini - na to bych pozval kolegu
Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:21
Tak nevím, jestli máte na mě ještě nervy 
ale když zadám spustit verzi Windows 1, tak to napíše, že je neplatná a v podstatě se vrátím do normálního spouštění Windows.
ale když zadám spustit verzi Windows 1, tak to napíše, že je neplatná a v podstatě se vrátím do normálního spouštění Windows.Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:22
Musim bohuzel od PC takze do te konzoly jste se jiz dostal 
Kolik tech verzi Winu tam mate na vyber
takze do te konzoly jste se jiz dostal Kolik tech verzi Winu tam mate na vyber Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:32
jen jednu na C:/WINDOWS
Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:34
A kdyz date 1 (Enter), tak Vam to vyhodi ze je neplatna
Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:48
ano
Re: prosím o kontolu logu
Napsal: 04 říj 2010 08:57
Hu, tak to jste me dostal 
Poprosim kolegu at sem zaskoci, je na tyhle "radoby chytre hlasky" vice vystudovanejsi nez ja...Bohuzel tu byva az vecer, pripadne zkusim jeste nekoho z kolegu...takze prosim o strpeni 
Poprosim kolegu at sem zaskoci, je na tyhle "radoby chytre hlasky" vice vystudovanejsi nez ja...Bohuzel tu byva az vecer, pripadne zkusim jeste nekoho z kolegu...takze prosim o strpeni Re: prosím o kontolu logu
Napsal: 04 říj 2010 09:11
díky moc a hlavně co nejmíň takovýhle "otravů" jako jsem já Jste vážně supr. dík.
Jste vážně supr. dík.Re: prosím o kontolu logu
Napsal: 04 říj 2010 09:11
Nemate zac, nerad se vzdavam to pujde a ne ze neee
to pujde a ne ze neee