VIRY.CZ

Prosím o radu, PC po vypnutí hlásí "ukládám nastavení, odhlašuji a pak vypínám" v této fázi zůstane a už se nevypne.

ComboFix 10-11-30.08 - Jarda 02.12.2010 13:22:43.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.174 [GMT 1:00]
Spuštěný z: f:\detekce\Combo Fix\ComboFix2.exe
AV: avast! antivirus 4.8.1368 [VPS 101201-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-02 do 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-01 16:04 . 2010-12-01 16:04 -------- d---a-w- c:\windows\rundll16.exe
2010-12-01 16:04 . 2010-12-01 16:04 -------- d---a-w- c:\windows\logo1_.exe
2010-11-30 06:33 . 2010-11-30 06:33 -------- d-----w- C:\VundoFix Backups
2010-11-29 06:43 . 2010-11-29 16:57 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-25 17:06 . 2010-11-25 17:07 -------- d-----w- c:\program files\SilverFast Application
2010-11-22 17:59 . 2010-11-23 13:19 -------- d-----w- C:\VueScan
2010-11-22 17:22 . 2010-11-25 17:10 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\Lasersoft Imaging
2010-11-22 16:48 . 2010-11-22 16:48 -------- d-----w- c:\documents and settings\Jarda\Local Settings\Data aplikací\ArcSoft
2010-11-22 16:48 . 2010-11-22 19:07 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\ArcSoft
2010-11-22 16:47 . 2010-11-22 16:47 -------- d-----w- c:\program files\ArcSoft
2010-11-22 16:47 . 2010-11-22 16:47 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-11-22 16:47 . 2010-11-22 19:06 -------- d-----w- c:\documents and settings\Jarda\Data aplikací\ArcSoft
2010-11-22 16:46 . 2002-07-25 16:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2010-11-22 16:43 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-22 16:43 . 2010-11-22 16:43 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-22 16:43 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-22 16:43 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-22 16:43 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-22 16:43 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-22 16:43 . 2010-11-22 16:43 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-22 16:40 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll
2010-11-22 16:40 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-11-22 16:40 . 2009-03-12 23:00 65793 ----a-w- c:\windows\system32\esfw7c.bin
2010-11-22 16:40 . 2009-03-12 23:00 221184 ----a-w- c:\windows\system32\esint7c.dll
2010-11-22 16:40 . 2007-11-28 23:00 73216 ----a-w- c:\windows\system32\eswia7c.dll
2010-11-22 16:40 . 2006-03-09 23:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-11-19 14:27 . 2010-11-19 14:30 -------- d-----w- c:\program files\AllMyNotes Organizer
2010-11-14 12:22 . 2010-11-14 12:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\top_media_palayer
2010-11-14 11:56 . 2010-11-14 11:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Free Media Player
2010-11-14 11:56 . 2010-11-14 11:56 -------- d-----w- c:\program files\Free Media Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 17:54 . 2010-03-03 07:21 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2010-10-26 11:09 . 2010-10-26 11:09 249856 ------w- c:\windows\Setup1.exe
2010-10-26 11:09 . 2010-10-26 11:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-22 16:11 . 2010-09-22 16:11 216064 ----a-w- c:\windows\system32\B-CupXP.cpl
2010-09-22 16:11 . 2010-09-22 16:11 124928 ----a-w- c:\windows\system32\Mx-3 B-Cup Service.exe
2008-02-18 14:30 . 2010-08-18 17:59 225280 ----a-w- c:\program files\lame_enc.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"EEventManager"="c:\progra~1\EPSONS~1\Event Manager\EEventManager.exe" [2009-04-07 673616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MailStore Home\\MailStoreLocal.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3.5.2008 10:35 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.5.2008 13:58 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 9:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 9:21 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 7:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 7:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.5.2008 13:58 20560]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 9:21 1234480]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 11:06 21632]
S3 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [22.9.2010 17:11 124928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13.10.2010 17:16 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 7:43 7408]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlanNDS.sys [3.5.2008 10:07 54784]
S4 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [4.3.2010 17:02 74392]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-01 c:\windows\Tasks\Advanced WindowsCare V2 Pro.job
- c:\program files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2010-01-17 16:49]

2010-12-02 c:\windows\Tasks\User_Feed_Synchronization-{B86EF336-819D-4F9E-AC0F-905D6293B6A6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
Trusted Zone: microsoft.com\www.update
FF - ProfilePath - c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\a9k7mqde.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ihned.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - component: c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\a9k7mqde.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\a9k7mqde.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - c:\documents and settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\a9k7mqde.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 13:32
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-329068152-562591055-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-12-02 13:36:27
ComboFix-quarantined-files.txt 2010-12-02 12:36
ComboFix2.txt 2010-11-29 06:41

Před spuštěním: 2 582 077 440
Po spuštění: 2 568 245 248

- - End Of File - - 81340AE5E91181BBD76BCA400F8FE93B

Log vypadá čistý. Zkuste obnovu systému k datu, kdy korektně fungoval.