VIRY.CZ

Zdravím všechny a prosím o pomoc. Drahé děti mi "umřely" počítač, odmítal vůbec naběhnout a točil se v kolečku restartů. Dokonce ani Hirens nebyl schopný vlézt na C: odkud jsem chtěl stáhnout nějaká data.
Tak jsem nastartoval konzoli pro zotavení, udělal jsem fixmbr a od té doby je céčko přístupné a PC normálně startuje.
Chtěl jsem pro jistotu udělat log z RSIT a poprosit o kontrolu, bohužel RSIT začne startovat Hijack a pak vytuhne. Zkoušel jsem to 3 x, pokaždé se stejným výsledkem.
Prosím o pomoc.

Díky

Tomáš


Systém: WinXP SP3, Athlon X4 620, 2GB Ram.

Zkuste to v nouz. režimu.

Dobrý večer a děkuji, zadařilo se. Přikládám log a prosím o kontrolu. Prosím taky o info, jestli stále funguje podpora přes Sazku, jestli k Vám peníze dorazí.

Zdravím a ještě jednou dík.

Tomáš

PS: nespěchá to, k tomuhle PC se zase dostanu až zítra večer.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tom - Admin at 2011-04-03 21:09:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 161 GB (81%) free of 200 GB
Total RAM: 2047 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1005UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-651377827-1801674531-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\Mike\Data aplikací\LangSoft\WebIE.dll [2011-01-13 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\Mike\Data aplikací\LangSoft\WebIE.dll [2011-01-13 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2005-07-22 550912]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2011-03-15 2071904]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2009-08-19 32768]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-04-01 2216960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-04-01 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"E:\Instalace\Hry\Medal of Honor\MOHAA.exe"="E:\Instalace\Hry\Medal of Honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\Medal of Honor\MOHAA.exe"="C:\Program Files\Medal of Honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-04-03 21:07:55 ----A---- C:\WINDOWS\ntbtlog.txt
2011-04-02 21:06:20 ----D---- C:\Documents and Settings\Tom - Admin\Data aplikací\Media Player Classic
2011-04-02 20:47:11 ----D---- C:\rsit
2011-04-02 20:47:11 ----D---- C:\Program Files\trend micro
2011-04-01 21:52:16 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-04-01 21:52:15 ----D---- C:\Documents and Settings\Tom - Admin\Data aplikací\Spyware Terminator
2011-04-01 21:52:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-04-01 21:52:12 ----D---- C:\Program Files\Spyware Terminator
2011-03-24 21:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-17 21:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-15 11:56:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-03-09 22:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 22:25:13 ----A---- C:\WINDOWS\imsins.BAK
2011-03-09 22:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-07 15:27:32 ----A---- C:\WINDOWS\Macrium Reflect Patch Log.txt

======List of files/folders modified in the last 1 months======

2011-04-03 21:08:58 ----A---- C:\WINDOWS\wincmd.ini
2011-04-03 21:07:55 ----D---- C:\WINDOWS
2011-04-03 21:06:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-03 21:06:12 ----D---- C:\WINDOWS\Temp
2011-04-03 21:03:48 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-03 21:03:29 ----D---- C:\WINDOWS\system32
2011-04-02 22:07:30 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-02 21:06:20 ----D---- C:\WINDOWS\Prefetch
2011-04-02 20:47:11 ----RD---- C:\Program Files
2011-04-02 20:40:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-02 20:40:15 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-04-01 21:52:17 ----D---- C:\WINDOWS\system32\drivers
2011-03-31 19:06:29 ----A---- C:\WINDOWS\hpbafd.ini
2011-03-28 17:53:05 ----D---- C:\Program Files\Mozilla Firefox
2011-03-25 19:47:22 ----HD---- C:\WINDOWS\inf
2011-03-25 19:47:18 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-24 21:10:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-20 16:52:56 ----D---- C:\Program Files\Warcraft III
2011-03-20 10:13:32 ----D---- C:\WINDOWS\system32\config
2011-03-19 20:18:00 ----D---- C:\Program Files\Diablo II
2011-03-19 16:30:43 ----D---- C:\Program Files\Mozilla Thunderbird
2011-03-17 21:50:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-07 16:10:17 ----SHD---- C:\System Volume Information
2011-03-07 15:49:54 ----D---- C:\WINDOWS\repair
2011-03-07 15:45:43 ----D---- C:\WINDOWS\system32\Restore
2011-03-07 15:29:34 ----D---- C:\WINDOWS\Registration
2011-03-07 15:25:37 ----SHD---- C:\RECYCLER
2011-03-04 20:08:02 ----D---- C:\Program Files\Medal of Honor

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-11 9096]
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-06-22 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-03-07 52872]
R0 pssnap;Paramount Software Snapshot Filter; C:\WINDOWS\system32\DRIVERS\pssnap.sys [2011-01-17 16024]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2009-02-09 22328]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
S1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-14 4477440]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
S3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
S3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
S3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2006-04-22 8704]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver.sys []
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2009-06-22 23208]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2009-06-22 19624]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-14 602112]
S2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-10-29 921952]
S2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-10-29 308136]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-22 5897808]
S2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-01-17 220824]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-04-01 496128]
S2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2009-09-23 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Omlouvám se, ale dostávám se teď k PC jen velmi sporadicky. Combofix jsem nakonec zvládl, musel jsem natvrdo v nouzovém režimu vymazat AVG, protože nešlo odinstalovat. Combofix zkoušel nainstalovat konzolu pro zotavení, ale nepodařilo se mu to (k intenetu připojený byl). Přikládám vytvořený log a prosím o kontrolu.
Kdyby to byl nějaký moc velký neřád, tak to klidně přeinstaluju.

Díky moc

Tomáš

ComboFix 11-04-03.01 - Tom - Admin 04.04.2011 20:51:12.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1534 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tom - Admin\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-04 do 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-02 19:06 . 2011-04-02 19:06 -------- d-----w- c:\documents and settings\Tom - Admin\Data aplikací\Media Player Classic
2011-04-02 18:47 . 2011-04-03 19:09 -------- d-----w- C:\rsit
2011-04-02 18:47 . 2011-04-03 19:09 -------- d-----w- c:\program files\trend micro
2011-04-01 19:52 . 2011-04-03 19:28 -------- d-----w- c:\documents and settings\Tom - Admin\Data aplikací\Spyware Terminator
2011-03-15 09:56 . 2011-03-15 09:56 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-02-05 08:30 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-02-05 08:30 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-17 20:03 . 2011-01-17 20:42 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-01-17 20:02 . 2011-01-17 20:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-01-17 20:02 . 2011-01-17 20:42 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CHotkey"="mHotkey.exe" [2005-07-22 550912]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"WTClient"="WTClient.exe" [2009-08-19 32768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 16:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"e:\\Instalace\\Hry\\Medal of Honor\\MOHAA.exe"=
"c:\\Program Files\\Medal of Honor\\MOHAA.exe"=
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5.2.2010 11:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.2.2010 11:55 52872]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17.1.2011 22:42 16024]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2010 12:00 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.2.2010 11:55 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.2.2010 11:55 243024]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [17.1.2011 22:42 220824]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [22.6.2009 11:58 23208]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [22.6.2009 11:58 14504]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [5.2.2010 10:44 22328]
S2 avg9emc;AVG E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2010 10:53 1684736]
S3 AVGIDSDriverxpx;AVG9IDSDriver;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [?]
S3 AVGIDSFilterxpx;AVG9IDSFilter;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [?]
S3 AVGIDSShimxpx;AVG9IDSShim;\??\c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys --> c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [?]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 16:08 8704]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\Mike\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\Mike\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\Mike\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\Mike\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\Mike\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Tom - Admin\Data aplikací\Mozilla\Firefox\Profiles\y9ir3a4y.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 20:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-04-04 20:56:25
ComboFix-quarantined-files.txt 2011-04-04 18:56
.
Před spuštěním: Volných bajtů: 169 126 985 728
Po spuštění: Volných bajtů: 169 983 803 392
.
- - End Of File - - 17CD11CB1C5AFDB5A133A3EE5C7D75F9

Zádné nebezpečí nevidím. PC bude nejspíš čistý. Přes terminál Sazky, pokud vím, nelze pouze dobíjet mobily. O žádné další restrikci nevím. Aktuální informace budou mít určitě nájemci terminálů.

Tak díky moc. Snad to bude OK. Jen je mi divné, že disk pořád něco chroustá i když se na počítači nic nedělá. Jede prakticky pořád, takové chroust půl vteřiny mezera chroust půl vteřiny mezera.
Jestli ta Sazka funguje, tak by to pro mě bylo nejjednodušší. Zeptám se.

Díky moc

Tomáš

Nemáte zač!