Nejde internet/firewall/avast

[Anborn]

Dobrý podvečer,
bohužel přišel čas a i já potřebuji vaši pomoc
Na hlavním počítači, který používají všichni mí rodinní příslušníci se bohužel sesypal a odmítá se připojit na internet, v avastu přestal fungovat webový residentní štít a odmítal se znovu spustit a firewall je na tom stejně. Bohužel víc podrobností neznám, protože v době, kdy se to stalo jsem byl na kolejích a tedy jsem neměl fyzický přístup ke stroji. Avast prý našel několik infekcí, které hodil do truhly a při dalších skenech nic nenašel. Pro jistotu jsem avast nahradil Security essentialem, ale i ten žádné další infekce nenašel. Zkoušel jsem i znovu nainstalovat ovladače síťové karty, ale nepomáhá to. Firewall se mi znovu také nepodařilo nahodit ani přes MSE. To by bylo k úvodu vše, dofám, že se mi s vaší pomocí podaří toho neřáda najít a zlikvidovat

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2011-11-11 16:25:04
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 59 GB (59%) free of 100 GB
Total RAM: 2047 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

E:\WINDOWS\tasks\MP Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - E:\Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\kp7rmb8n.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=E:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-17 56712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - E:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=E:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"Adobe ARM"=E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"NeroFilterCheck"=E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"NBKeyScan"=E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
""= []
"SearchSettings"=E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-09-27 894304]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2011-10-14 20064872]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2011-08-03 111208]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200]
"nwiz"=E:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]
"KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k []
"MSC"=E:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Steam"=E:\Program Files\Steam\steam.exe [2011-09-17 1242448]
"Clownfish"=E:\Program Files\Clownfish\Clownfish.exe [2011-09-13 907776]
"DAEMON Tools Lite"=E:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"DWQueuedReporting"=E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2007-02-26 437160]

E:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Xfire.lnk - D:\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Program Files\TeamViewer\Version6\TeamViewer.exe"="E:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\uTorrent\uTorrent.exe"="C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Java\jre7\bin\javaw.exe"="E:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Fifa 11\Game\fifa.exe"="C:\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11"
"E:\Program Files\Java\jre7\bin\java.exe"="E:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\NBA 2k11\nba2k11.exe"="C:\NBA 2k11\nba2k11.exe:*:Enabled:NBA 2K11"
"D:\Borderlands\Binaries\Borderlands.exe"="D:\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"D:\Xfire\Xfire.exe"="D:\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\NBA 2k12\nba2k12.exe"="C:\NBA 2k12\nba2k12.exe:*:Enabled:2K Sports NBA 2K12"
"D:\Dungeon Defenders\Binaries\Win32\DunDefGame.exe"="D:\Dungeon Defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame"
"C:\Counter-Strike 2D\CounterStrike2D.exe"="C:\Counter-Strike 2D\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"E:\Documents and Settings\Honza\Plocha\Stranded Multiplayer English\StrandedII.exe"="E:\Documents and Settings\Honza\Plocha\Stranded Multiplayer English\StrandedII.exe:*:Enabled:StrandedII"
"E:\WINDOWS\system32\java.exe"="E:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Documents and Settings\Honza\Plocha\cs2dhosting\cs2d_dedicated.exe"="E:\Documents and Settings\Honza\Plocha\cs2dhosting\cs2d_dedicated.exe:*:Enabled:cs2d_dedicated"
"C:\Counter-Strike 2D\cs2d_dedicated.exe"="C:\Counter-Strike 2D\cs2d_dedicated.exe:*:Enabled:cs2d_dedicated"
"D:\Terraria\TerrariaServer.exe"="D:\Terraria\TerrariaServer.exe:*:Enabled:Terraria"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\WinSCP\WinSCP.exe"="D:\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client"
"E:\Program Files\Mozilla Firefox\plugin-container.exe"="E:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"="E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe:*:Enabled:Search Settings"
"E:\WINDOWS\explorer.exe"="E:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"E:\Program Files\Clownfish\Clownfish.exe"="E:\Program Files\Clownfish\Clownfish.exe:*:Enabled:Clownfish"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.XFR1"=xfcodec.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.CFHD"=CFHD.dll

======List of files/folders created in the last 1 month======

2011-11-11 16:25:05 ----D---- E:\Program Files\trend micro
2011-11-11 16:25:04 ----D---- E:\rsit
2011-11-11 13:32:19 ----D---- E:\WINDOWS\LastGood
2011-11-11 13:31:58 ----D---- E:\Program Files\Microsoft Security Client
2011-11-11 13:31:50 ----D---- E:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2011-11-11 13:31:27 ----N---- E:\WINDOWS\system32\MpSigStub.exe
2011-11-09 20:46:33 ----D---- E:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-11-09 20:46:28 ----D---- E:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-11-09 20:46:24 ----A---- E:\WINDOWS\system32\nvsvc32.exe
2011-11-09 20:46:24 ----A---- E:\WINDOWS\system32\nvcolor.exe
2011-11-09 20:46:23 ----A---- E:\WINDOWS\system32\nvwddi.dll
2011-11-09 20:46:23 ----A---- E:\WINDOWS\system32\nvmctray.dll
2011-11-09 20:46:23 ----A---- E:\WINDOWS\system32\nvcpl.dll
2011-11-09 20:46:23 ----A---- E:\WINDOWS\system32\easyupdatusapiu.dll
2011-11-02 19:39:46 ----D---- E:\Program Files\Microsoft XNA
2011-10-30 16:36:40 ----D---- E:\Documents and Settings\Honza\Data aplikací\Mumble
2011-10-30 16:36:25 ----D---- E:\Program Files\Mumble
2011-10-30 08:38:45 ----D---- E:\Program Files\Audacity 1.3 Beta (Unicode)
2011-10-29 09:44:24 ----D---- E:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\psisdecd.dll
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\wstcodec.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\streamip.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\slip.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\ndisip.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\nabtsfec.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\msdv.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\mpe.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\ccdecode.sys
2011-10-29 09:17:34 ----A---- E:\WINDOWS\system32\drivers\bdasup.sys
2011-10-29 09:17:33 ----A---- E:\WINDOWS\system32\drivers\mstee.sys
2011-10-29 09:17:30 ----A---- E:\WINDOWS\system32\dxdllreg.exe
2011-10-29 09:17:23 ----D---- E:\Program Files\Common Files\Adobe Systems Shared
2011-10-28 13:59:12 ----A---- E:\WINDOWS\system32\d3dx9.dll
2011-10-28 13:59:12 ----A---- E:\WINDOWS\system32\D3DX81ab.dll
2011-10-28 13:58:10 ----D---- E:\Documents and Settings\Honza\Data aplikací\GetRightToGo
2011-10-23 09:59:25 ----A---- E:\Documents and Settings\Honza\Data aplikací\temp.bat
2011-10-22 21:57:01 ----A---- E:\WINDOWS\system32\d3d9caps.dat
2011-10-22 20:49:27 ----D---- E:\Program Files\SplitMediaLabs
2011-10-22 20:49:27 ----D---- E:\Documents and Settings\All Users\Data aplikací\SplitMediaLabs
2011-10-22 20:41:44 ----D---- E:\Documents and Settings\Honza\Data aplikací\SplitMediaLabs
2011-10-22 19:06:25 ----D---- E:\WINDOWS\system32\Lang
2011-10-22 19:03:43 ----D---- E:\WINDOWS\system32\RTCOM
2011-10-22 19:03:29 ----A---- E:\WINDOWS\vncutil.exe
2011-10-22 19:03:29 ----A---- E:\WINDOWS\SOUNDMAN.EXE
2011-10-22 19:03:29 ----A---- E:\WINDOWS\SkyTel.exe
2011-10-22 19:03:28 ----A---- E:\WINDOWS\system32\RtkCoInstXP.dll
2011-10-22 19:03:28 ----A---- E:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-10-22 19:03:28 ----A---- E:\WINDOWS\RtlUpd.exe
2011-10-22 19:03:28 ----A---- E:\WINDOWS\RTLCPL.EXE
2011-10-22 19:03:27 ----A---- E:\WINDOWS\system32\drivers\RTAIODAT.DAT
2011-10-22 19:03:27 ----A---- E:\WINDOWS\system32\drivers\Monfilt.sys
2011-10-22 19:03:27 ----A---- E:\WINDOWS\RtkAudioService.exe
2011-10-22 19:03:27 ----A---- E:\WINDOWS\RTHDCPL.EXE
2011-10-22 19:03:27 ----A---- E:\WINDOWS\MicCal.exe
2011-10-22 19:03:24 ----D---- E:\Program Files\Realtek
2011-10-22 19:03:24 ----A---- E:\WINDOWS\system32\drivers\Ambfilt.sys
2011-10-22 19:03:24 ----A---- E:\WINDOWS\ALCWZRD.EXE
2011-10-22 19:03:24 ----A---- E:\WINDOWS\ALCMTR.EXE
2011-10-22 19:03:13 ----A---- E:\WINDOWS\RtlExUpd.dll
2011-10-19 15:52:22 ----D---- E:\Documents and Settings\Honza\Data aplikací\TS3Client
2011-10-16 11:42:08 ----D---- E:\Documents and Settings\Honza\Data aplikací\.minecraft
2011-10-13 21:29:40 ----A---- E:\WINDOWS\system32\xfcodec.dll
2011-10-13 07:00:46 ----HDC---- E:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 06:58:33 ----HDC---- E:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 06:58:27 ----HDC---- E:\WINDOWS\$NtUninstallKB2592799$
2011-10-13 06:55:23 ----HDC---- E:\WINDOWS\$NtUninstallKB2586448$

======List of files/folders modified in the last 1 month======

2011-11-11 16:25:05 ----RD---- E:\Program Files
2011-11-11 16:19:09 ----D---- E:\WINDOWS\Temp
2011-11-11 16:14:52 ----D---- E:\WINDOWS\Prefetch
2011-11-11 14:24:46 ----D---- E:\WINDOWS\system32
2011-11-11 14:05:56 ----SD---- E:\WINDOWS\Tasks
2011-11-11 13:35:36 ----D---- E:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-11-11 13:35:32 ----D---- E:\WINDOWS
2011-11-11 13:35:30 ----D---- E:\WINDOWS\system32\drivers
2011-11-11 13:32:38 ----SHD---- E:\WINDOWS\Installer
2011-11-11 13:32:19 ----HD---- E:\WINDOWS\inf
2011-11-11 13:32:17 ----SD---- E:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-11-11 13:30:28 ----D---- E:\Documents and Settings\Honza\Data aplikací\Xfire
2011-11-11 13:19:10 ----D---- E:\WINDOWS\system32\CatRoot2
2011-11-11 13:19:08 ----D---- E:\Documents and Settings\Honza\Data aplikací\Skype
2011-11-11 13:17:32 ----D---- E:\Program Files\Steam
2011-11-11 13:17:22 ----D---- E:\Documents and Settings\Honza\Data aplikací\uTorrent
2011-11-11 13:15:47 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-11-11 13:15:05 ----D---- E:\WINDOWS\system32\ReinstallBackups
2011-11-11 13:07:10 ----A---- E:\WINDOWS\NeroDigital.ini
2011-11-09 20:55:23 ----D---- E:\WINDOWS\Microsoft.NET
2011-11-09 20:46:33 ----D---- E:\Documents and Settings
2011-11-09 20:46:30 ----D---- E:\Program Files\NVIDIA Corporation
2011-11-09 20:46:28 ----D---- E:\WINDOWS\Help
2011-11-09 20:46:19 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-11-09 20:34:43 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2011-11-09 20:34:35 ----RSD---- E:\WINDOWS\assembly
2011-11-09 20:34:31 ----D---- E:\WINDOWS\WinSxS
2011-11-09 20:32:01 ----D---- E:\WINDOWS\system32\en-US
2011-11-09 20:07:55 ----D---- E:\WINDOWS\Minidump
2011-11-08 20:21:04 ----D---- E:\Program Files\Mozilla Firefox
2011-11-07 10:03:09 ----D---- E:\Program Files\Application Updater
2011-11-07 09:27:35 ----RD---- E:\Program Files\Skype
2011-11-06 18:43:39 ----D---- E:\Documents and Settings\Honza\Data aplikací\Hamachi
2011-11-03 21:12:06 ----SD---- E:\Documents and Settings\Honza\Data aplikací\Microsoft
2011-11-02 19:39:59 ----D---- E:\WINDOWS\system32\DirectX
2011-11-02 19:39:48 ----D---- E:\Program Files\Common Files\Microsoft Shared
2011-10-29 09:44:11 ----D---- E:\Documents and Settings\Honza\Data aplikací\Adobe
2011-10-29 09:39:56 ----D---- E:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-10-29 09:20:07 ----D---- E:\Program Files\Adobe
2011-10-29 09:19:05 ----D---- E:\Program Files\Common Files\Adobe
2011-10-29 09:17:57 ----D---- E:\WINDOWS\RegisteredPackages
2011-10-29 09:17:23 ----D---- E:\Program Files\Common Files
2011-10-29 09:16:38 ----D---- E:\Documents and Settings\All Users\Data aplikací\Adobe
2011-10-22 19:03:24 ----HD---- E:\Program Files\InstallShield Installation Information
2011-10-19 19:31:14 ----D---- E:\Documents and Settings\Honza\Data aplikací\2K Sports
2011-10-13 06:58:35 ----A---- E:\WINDOWS\imsins.BAK
2011-10-13 06:58:27 ----HD---- E:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvgts;nvgts; E:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-08 168040]
R1 AmdK8;Ovladač procesoru AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; E:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-09-17 232512]
R1 MpFilter;Microsoft Malware Protection Driver; E:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl9ea1a9e7;MpKsl9ea1a9e7; \??\E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C98A5BFC-8FC8-4FA4-9C4D-5F5C1778EA6B}\MpKsl9ea1a9e7.sys []
R3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-09-25 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-10-18 6439528]
R3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 usbaudio;Ovladač zvukové karty USB (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Ambfilt;Ambfilt; E:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Monfilt;Monfilt; E:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre7\bin\jqs.exe [2011-09-17 161664]
R2 MsMpSvc;Microsoft Antimalware Service; E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 NVSvc;NVIDIA Driver Helper Service; E:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon; E:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-10-29 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; E:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Anborn]

Ahoj, zasílám ty výpisy, akorát některé záložky byly prázné, či třeba "detect driver infection" jsem vůbec nenašel.

[Anborn]

Podle toho programu jsou všechny drivery ok.

[Anborn]

Takže zatím se to skenuje. Pokud jsem to teda správně pochopil, tak i když se nenainstalovala konzole pro zotavení, tak jakmile test skončí, mám sem postnout report a ručne nainstalovat opravnou konzoli z instalačního CD?

[Anborn]

Takže combofix skončil, ale internet stále nejede. Když se ho pokusím ručně opravit(click pravým- opravit), tak okamžitě vyskočí chybová hláška "Systém Windows nemohl dokončit opravu problému, protože nelze dokončit následující operaci: Obnovování adresy IP." Jinak tady je ten log z combofixu:

ComboFix 11-11-11.04 - Honza 11.11.2011 17:51:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1605 [GMT 1:00]
Spuštěný z: G:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Honza\Local Settings\Data aplikací\a12606b9\U\800000cf.@
e:\windows\$NtUninstallKB22624$
e:\windows\$NtUninstallKB22624$\2703623865\@
e:\windows\$NtUninstallKB22624$\2703623865\L\ftohaekn
e:\windows\$NtUninstallKB22624$\2703623865\loader.tlb
e:\windows\$NtUninstallKB22624$\2703623865\U\@00000001
e:\windows\$NtUninstallKB22624$\2703623865\U\@000000c0
e:\windows\$NtUninstallKB22624$\2703623865\U\@000000cb
e:\windows\$NtUninstallKB22624$\2703623865\U\@000000cf
e:\windows\$NtUninstallKB22624$\2703623865\U\@80000000
e:\windows\$NtUninstallKB22624$\2703623865\U\@800000c0
e:\windows\$NtUninstallKB22624$\2703623865\U\@800000cb
e:\windows\$NtUninstallKB22624$\2703623865\U\@800000cf
e:\windows\$NtUninstallKB22624$\3831056509
e:\windows\pkunzip.pif
e:\windows\pkzip.pif
e:\windows\system32\
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-11 do 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 15:25 . 2011-11-11 15:25 -------- d-----w- e:\program files\trend micro
2011-11-11 15:25 . 2011-11-11 15:41 -------- d-----w- E:\rsit
2011-11-11 12:34 . 2011-10-18 00:28 6668624 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C98A5BFC-8FC8-4FA4-9C4D-5F5C1778EA6B}\mpengine.dll
2011-11-11 12:33 . 2011-11-11 12:33 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\PCHealth
2011-11-11 12:32 . 2011-11-11 12:32 -------- d-----w- e:\windows\system32\config\systemprofile\Local Settings\Data aplikací\PCHealth
2011-11-11 12:31 . 2011-11-11 12:33 -------- d-----w- e:\program files\Microsoft Security Client
2011-11-11 12:31 . 2011-05-24 17:14 222080 ------w- e:\windows\system32\MpSigStub.exe
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\UpdatusUser
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\All Users\Data aplikací\NVIDIA
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-11-09 19:46 . 2011-08-03 11:49 146024 ----a-w- e:\windows\system32\nvsvc32.exe
2011-11-09 19:46 . 2011-08-03 11:49 145000 ----a-w- e:\windows\system32\nvcolor.exe
2011-11-09 19:46 . 2011-08-03 11:49 600680 ----a-w- e:\windows\system32\easyupdatusapiu.dll
2011-11-09 19:46 . 2011-08-03 11:49 54272 ----a-w- e:\windows\system32\nvwddi.dll
2011-11-09 19:46 . 2011-08-03 11:49 13892200 ----a-w- e:\windows\system32\nvcpl.dll
2011-11-09 19:46 . 2011-08-03 11:49 111208 ----a-w- e:\windows\system32\nvmctray.dll
2011-11-07 08:56 . 2011-11-08 13:00 -------- d-sh--w- e:\documents and settings\Honza\Local Settings\Data aplikací\a12606b9
2011-11-02 18:39 . 2011-11-02 18:39 -------- d-----w- e:\program files\Microsoft XNA
2011-10-30 15:36 . 2011-10-30 15:43 -------- d-----w- e:\documents and settings\Honza\Data aplikací\Mumble
2011-10-30 15:36 . 2011-10-30 15:36 -------- d-----w- e:\program files\Mumble
2011-10-30 07:38 . 2011-10-30 07:38 -------- d-----w- e:\program files\Audacity 1.3 Beta (Unicode)
2011-10-29 08:44 . 2011-10-29 08:44 -------- d-----w- e:\documents and settings\All Users\Data aplikací\Adobe Systems
2011-10-28 12:59 . 2007-12-26 15:30 679936 ----a-w- e:\windows\system32\D3DX81ab.dll
2011-10-28 12:59 . 2007-12-26 15:30 1970176 ----a-w- e:\windows\system32\d3dx9.dll
2011-10-28 12:58 . 2011-10-28 12:58 -------- d-----w- e:\documents and settings\Honza\Data aplikací\GetRightToGo
2011-10-23 08:59 . 2011-10-23 09:06 73 ----a-w- e:\documents and settings\Honza\Data aplikací\temp.bat
2011-10-22 19:49 . 2011-10-22 19:49 -------- d-----w- e:\program files\SplitMediaLabs
2011-10-22 19:49 . 2011-10-22 19:49 -------- d-----w- e:\documents and settings\All Users\Data aplikací\SplitMediaLabs
2011-10-22 19:41 . 2011-10-22 19:41 -------- d-----w- e:\documents and settings\Honza\Data aplikací\SplitMediaLabs
2011-10-22 18:06 . 2011-10-22 18:06 -------- d-----w- e:\windows\system32\Lang
2011-10-22 08:42 . 2011-10-22 08:42 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\SKIDROW
2011-10-20 11:21 . 2011-10-29 08:45 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\Adobe
2011-10-20 11:21 . 2011-10-20 11:21 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\Temp
2011-10-19 14:52 . 2011-10-23 07:33 -------- d-----w- e:\documents and settings\Honza\Data aplikací\TS3Client
2011-10-16 10:42 . 2011-11-07 14:51 -------- d-----w- e:\documents and settings\Honza\Data aplikací\.minecraft
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- e:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 19:55 . 2011-09-17 13:37 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 13:08 . 2011-09-27 13:08 98304 ----a-w- e:\windows\system32\CmdLineExt.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- e:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- e:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- e:\windows\system32\oleacc.dll
2011-09-25 08:02 . 2011-09-25 08:02 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2011-09-20 19:02 . 2011-09-20 19:02 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2011-09-20 19:02 . 2011-09-20 19:02 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2011-09-19 07:07 . 2011-09-19 07:07 15360 ----a-w- e:\windows\system32\bdmjpeg.dll
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- e:\windows\system32\bdmpega.acm
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- e:\windows\system32\bdmpegv.dll
2011-09-17 13:40 . 2011-09-17 13:40 232512 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-09-17 13:39 . 2011-09-17 13:40 544656 ----a-w- e:\windows\system32\deployJava1.dll
2011-09-17 13:39 . 2011-09-17 13:40 128000 ----a-w- e:\windows\system32\javacpl.cpl
2011-09-09 09:12 . 2008-04-14 12:00 602112 ----a-w- e:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-14 12:00 1858944 ----a-w- e:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 12:00 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 12:00 668160 ----a-w- e:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 12:00 61952 ----a-w- e:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 12:00 370176 ----a-w- e:\windows\system32\html.iec
2011-08-29 08:00 . 2011-09-26 16:41 74752 ----a-w- e:\windows\system32\ff_vfw.dll
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- e:\windows\system32\drivers\afd.sys
2011-10-01 06:56 . 2011-09-17 13:35 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="e:\program files\Steam\steam.exe" [2011-09-17 1242448]
"Clownfish"="e:\program files\Clownfish\Clownfish.exe" [2011-09-13 907776]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="e:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SearchSettings"="e:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="e:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
e:\documents and settings\Honza\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Xfire.lnk - d:\xfire\Xfire.exe [2011-10-13 3510680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"e:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Fifa 11\\Game\\fifa.exe"=
"e:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\NBA 2k11\\nba2k11.exe"=
"d:\\Borderlands\\Binaries\\Borderlands.exe"=
"d:\\Xfire\\Xfire.exe"=
"c:\\NBA 2k12\\nba2k12.exe"=
"d:\\Dungeon Defenders\\Binaries\\Win32\\DunDefGame.exe"=
"c:\\Counter-Strike 2D\\CounterStrike2D.exe"=
"e:\\Documents and Settings\\Honza\\Plocha\\Stranded Multiplayer English\\StrandedII.exe"=
"e:\\WINDOWS\\system32\\java.exe"=
"c:\\Counter-Strike 2D\\cs2d_dedicated.exe"=
"d:\\Terraria\\TerrariaServer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\WinSCP\\WinSCP.exe"=
"e:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"e:\\Program Files\\Common Files\\Spigot\\Search Settings\\SearchSettings.exe"=
"e:\\Program Files\\Clownfish\\Clownfish.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [17.9.2011 14:40 232512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9.11.2011 20:46 2255464]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [22.10.2011 19:03 1691480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-11 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\kp7rmb8n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2652)
d:\xfire\xfire_toucan_44598.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
e:\windows\RTHDCPL.EXE
e:\windows\system32\RUNDLL32.EXE
e:\program files\Java\jre7\bin\jqs.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-11 18:01:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-11 17:01
.
Před spuštěním: Volných bajtů: 64 485 933 056
Po spuštění: Volných bajtů: 66 411 311 104
.
- - End Of File - - 2D12DCCCFCE7CD97AE382CF31D68EAED

[Anborn]

Aha, to jsem nevěděl a doufám, že to nějak zásadně nevadí. (Spouštěl jsem to z flashky)

[Anborn]

Konzole je nainstalována, internet stále nejde...
EDIT: Firewall se též nedaří spustit.

[Anborn]

Takže po bodech:

1. Až opět spustím combofix, mám sem znovu hodit log?

2. Tdsskiller spustím hned po CF.

3. Opravdu nevím, co se na tom PC dělo. Jak jsem říkal, v tu dobu jsem byl 150 km daleko. To, že něco není s PC v pořádke jsem se od mladšího bratra dozvěděl až po tom, co provedl sken a viry nechal smazat. Bohužel z něj teď dokážu vytáhnout jen pár informací a to že těch infekcí bylo 10-15 a většina byla na disku E:(což není nějak hodnotná informace)

EDIT: Combofix opět hlásí, že konzole není nainstalovaná, i když jsem ji již nainstaloval a po restartu jsem viděl nabídku zda spustit windows, nebo psustit konzoli. Co mám tedy udělat?

[Anborn]

2. udělal jsem vše podle návodu, ovšak ten Tdsskiller po scanu neukázal žádné okno, kde bych měl ty "Dané" věci přeskakovat, takže přikládám aspoň report

Co mám tedy udělat s tím combofixem, když nemůže opět najít konzoli?

18:32:13.0703 2524 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
18:32:13.0703 2524 ============================================================
18:32:13.0703 2524 Current date / time: 2011/11/11 18:32:13.0703
18:32:13.0703 2524 SystemInfo:
18:32:13.0703 2524
18:32:13.0703 2524 OS Version: 5.1.2600 ServicePack: 3.0
18:32:13.0703 2524 Product type: Workstation
18:32:13.0703 2524 ComputerName: PC
18:32:13.0703 2524 UserName: Honza
18:32:13.0703 2524 Windows directory: E:\WINDOWS
18:32:13.0703 2524 System windows directory: E:\WINDOWS
18:32:13.0703 2524 Processor architecture: Intel x86
18:32:13.0703 2524 Number of processors: 2
18:32:13.0703 2524 Page size: 0x1000
18:32:13.0703 2524 Boot type: Normal boot
18:32:13.0703 2524 ============================================================
18:32:14.0671 2524 Initialize success
18:32:34.0968 2100 ============================================================
18:32:34.0968 2100 Scan started
18:32:34.0968 2100 Mode: Manual; SigCheck; TDLFS;
18:32:34.0968 2100 ============================================================
18:32:35.0328 2100 Abiosdsk - ok
18:32:35.0328 2100 abp480n5 - ok
18:32:35.0375 2100 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) E:\WINDOWS\system32\DRIVERS\ACPI.sys
18:32:35.0796 2100 ACPI - ok
18:32:35.0859 2100 ACPIEC (afdff022a01f0b11c776f0860c3b282f) E:\WINDOWS\system32\drivers\ACPIEC.sys
18:32:35.0953 2100 ACPIEC - ok
18:32:35.0953 2100 adpu160m - ok
18:32:36.0000 2100 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
18:32:36.0109 2100 aec - ok
18:32:36.0109 2100 Aha154x - ok
18:32:36.0125 2100 aic78u2 - ok
18:32:36.0125 2100 aic78xx - ok
18:32:36.0140 2100 AliIde - ok
18:32:36.0218 2100 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys
18:32:36.0296 2100 Ambfilt - ok
18:32:36.0343 2100 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) E:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:32:36.0359 2100 AmdK8 - ok
18:32:36.0359 2100 amsint - ok
18:32:36.0375 2100 asc - ok
18:32:36.0375 2100 asc3350p - ok
18:32:36.0390 2100 asc3550 - ok
18:32:36.0421 2100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:32:36.0515 2100 AsyncMac - ok
18:32:36.0531 2100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
18:32:36.0656 2100 atapi - ok
18:32:36.0656 2100 Atdisk - ok
18:32:36.0671 2100 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:32:36.0781 2100 Atmarpc - ok
18:32:36.0812 2100 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
18:32:36.0906 2100 audstub - ok
18:32:36.0953 2100 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
18:32:37.0046 2100 Beep - ok
18:32:37.0156 2100 catchme - ok
18:32:37.0187 2100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
18:32:37.0296 2100 cbidf2k - ok
18:32:37.0312 2100 cd20xrnt - ok
18:32:37.0343 2100 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
18:32:37.0453 2100 Cdaudio - ok
18:32:37.0453 2100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
18:32:37.0593 2100 Cdfs - ok
18:32:37.0609 2100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
18:32:37.0718 2100 Cdrom - ok
18:32:37.0718 2100 Changer - ok
18:32:37.0750 2100 CmdIde - ok
18:32:37.0765 2100 Cpqarray - ok
18:32:37.0765 2100 dac2w2k - ok
18:32:37.0781 2100 dac960nt - ok
18:32:37.0796 2100 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
18:32:37.0906 2100 Disk - ok
18:32:37.0953 2100 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) E:\WINDOWS\system32\drivers\dmboot.sys
18:32:38.0078 2100 dmboot - ok
18:32:38.0078 2100 dmio (fff1720af51171f32f1ead5cf71f2810) E:\WINDOWS\system32\drivers\dmio.sys
18:32:38.0187 2100 dmio - ok
18:32:38.0203 2100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
18:32:38.0312 2100 dmload - ok
18:32:38.0343 2100 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
18:32:38.0453 2100 DMusic - ok
18:32:38.0468 2100 dpti2o - ok
18:32:38.0468 2100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
18:32:38.0578 2100 drmkaud - ok
18:32:38.0640 2100 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) E:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
18:32:38.0656 2100 dtsoftbus01 - ok
18:32:38.0671 2100 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
18:32:38.0765 2100 Fastfat - ok
18:32:38.0781 2100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys
18:32:38.0906 2100 Fdc - ok
18:32:38.0906 2100 Fips (ac366695a0796560aa37215ad5762aaf) E:\WINDOWS\system32\drivers\Fips.sys
18:32:39.0015 2100 Fips - ok
18:32:39.0031 2100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys
18:32:39.0140 2100 Flpydisk - ok
18:32:39.0171 2100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:32:39.0265 2100 FltMgr - ok
18:32:39.0281 2100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
18:32:39.0375 2100 Fs_Rec - ok
18:32:39.0390 2100 Ftdisk (4e664d8541db4a66b73a24257e322e1f) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:32:39.0484 2100 Ftdisk - ok
18:32:39.0515 2100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
18:32:39.0609 2100 Gpc - ok
18:32:39.0640 2100 hamachi (7929a161f9951d173ca9900fe7067391) E:\WINDOWS\system32\DRIVERS\hamachi.sys
18:32:39.0640 2100 hamachi - ok
18:32:39.0656 2100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:32:39.0750 2100 HDAudBus - ok
18:32:39.0781 2100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
18:32:39.0890 2100 hidusb - ok
18:32:39.0890 2100 hpn - ok
18:32:39.0921 2100 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
18:32:39.0968 2100 HTTP - ok
18:32:39.0984 2100 i2omgmt - ok
18:32:39.0984 2100 i2omp - ok
18:32:40.0031 2100 i8042prt (c528e27945367191e7bae364930b6932) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:32:40.0125 2100 i8042prt - ok
18:32:40.0140 2100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
18:32:40.0234 2100 Imapi - ok
18:32:40.0250 2100 ini910u - ok
18:32:40.0437 2100 IntcAzAudAddService (58dabdef7a35f9e3ab1fabd2cbaf3d13) E:\WINDOWS\system32\drivers\RtkHDAud.sys
18:32:40.0625 2100 IntcAzAudAddService - ok
18:32:40.0625 2100 IntelIde - ok
18:32:40.0671 2100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:32:40.0781 2100 Ip6Fw - ok
18:32:40.0796 2100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:32:40.0906 2100 IpFilterDriver - ok
18:32:40.0906 2100 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
18:32:41.0000 2100 IpInIp - ok
18:32:41.0031 2100 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
18:32:41.0125 2100 IpNat - ok
18:32:41.0140 2100 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
18:32:41.0234 2100 IPSec - ok
18:32:41.0250 2100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
18:32:41.0281 2100 IRENUM - ok
18:32:41.0296 2100 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) E:\WINDOWS\system32\DRIVERS\isapnp.sys
18:32:41.0406 2100 isapnp - ok
18:32:41.0437 2100 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:32:41.0546 2100 Kbdclass - ok
18:32:41.0593 2100 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
18:32:41.0703 2100 kmixer - ok
18:32:41.0718 2100 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
18:32:41.0750 2100 KSecDD - ok
18:32:41.0765 2100 lbrtfdc - ok
18:32:41.0796 2100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
18:32:41.0875 2100 mnmdd - ok
18:32:41.0890 2100 Modem (44032b0c6d9954d3fd26438330b99ee7) E:\WINDOWS\system32\drivers\Modem.sys
18:32:41.0984 2100 Modem - ok
18:32:42.0031 2100 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys
18:32:42.0125 2100 Monfilt - ok
18:32:42.0140 2100 Mouclass (4cb582831dbde63ce43b45d771218374) E:\WINDOWS\system32\DRIVERS\mouclass.sys
18:32:42.0234 2100 Mouclass - ok
18:32:42.0250 2100 mouhid (bb269eba740737ab749b214d568b6812) E:\WINDOWS\system32\DRIVERS\mouhid.sys
18:32:42.0359 2100 mouhid - ok
18:32:42.0375 2100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
18:32:42.0453 2100 MountMgr - ok
18:32:42.0500 2100 MpFilter (fee0baded54222e9f1dae9541212aab1) E:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:32:42.0500 2100 MpFilter - ok
18:32:42.0593 2100 MpKsl786fd131 (5f53edfead46fa7adb78eee9ecce8fdf) E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{309A047E-30B8-40FB-8A60-24E7F0B6C161}\MpKsl786fd131.sys
18:32:42.0609 2100 MpKsl786fd131 - ok
18:32:42.0609 2100 mraid35x - ok
18:32:42.0625 2100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:32:42.0718 2100 MRxDAV - ok
18:32:42.0765 2100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:32:42.0812 2100 MRxSmb - ok
18:32:42.0828 2100 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
18:32:42.0921 2100 Msfs - ok
18:32:42.0953 2100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
18:32:43.0046 2100 MSKSSRV - ok
18:32:43.0062 2100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:32:43.0156 2100 MSPCLOCK - ok
18:32:43.0171 2100 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
18:32:43.0250 2100 MSPQM - ok
18:32:43.0265 2100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:32:43.0359 2100 mssmbios - ok
18:32:43.0390 2100 Mup (de6a75f5c270e756c5508d94b6cf68f5) E:\WINDOWS\system32\drivers\Mup.sys
18:32:43.0406 2100 Mup - ok
18:32:43.0421 2100 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
18:32:43.0515 2100 NDIS - ok
18:32:43.0546 2100 NdisTapi (0109c4f3850dfbab279542515386ae22) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:32:43.0562 2100 NdisTapi - ok
18:32:43.0593 2100 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:32:43.0687 2100 Ndisuio - ok
18:32:43.0687 2100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:43.0781 2100 NdisWan - ok
18:32:43.0812 2100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
18:32:43.0859 2100 NDProxy - ok
18:32:43.0875 2100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
18:32:43.0953 2100 NetBIOS - ok
18:32:43.0968 2100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
18:32:44.0046 2100 NetBT - ok
18:32:44.0078 2100 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
18:32:44.0156 2100 Npfs - ok
18:32:44.0187 2100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
18:32:44.0265 2100 Ntfs - ok
18:32:44.0296 2100 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
18:32:44.0390 2100 Null - ok
18:32:44.0687 2100 nv (6733e80a193fc36f41c24142b0c45c0e) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:32:45.0203 2100 nv - ok
18:32:45.0250 2100 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:32:45.0265 2100 NVENETFD - ok
18:32:45.0296 2100 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) E:\WINDOWS\system32\DRIVERS\nvgts.sys
18:32:45.0312 2100 nvgts - ok
18:32:45.0328 2100 nvnetbus (c529b614ef88be0f62b886c67b516550) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:32:45.0359 2100 nvnetbus - ok
18:32:45.0406 2100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:32:45.0500 2100 NwlnkFlt - ok
18:32:45.0515 2100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:32:45.0609 2100 NwlnkFwd - ok
18:32:45.0625 2100 Parport (46f8db73b4a53e543f8e371dc7c75bae) E:\WINDOWS\system32\drivers\Parport.sys
18:32:45.0703 2100 Parport - ok
18:32:45.0718 2100 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
18:32:45.0796 2100 PartMgr - ok
18:32:45.0828 2100 ParVdm (1fae19d0457176318bba4a8795656ebc) E:\WINDOWS\system32\drivers\ParVdm.sys
18:32:45.0921 2100 ParVdm - ok
18:32:45.0937 2100 PCI (6ce351d149cb4befc702951e471e1730) E:\WINDOWS\system32\DRIVERS\pci.sys
18:32:46.0015 2100 PCI - ok
18:32:46.0015 2100 PCIDump - ok
18:32:46.0031 2100 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) E:\WINDOWS\system32\DRIVERS\pciide.sys
18:32:46.0109 2100 PCIIde - ok
18:32:46.0125 2100 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) E:\WINDOWS\system32\drivers\Pcmcia.sys
18:32:46.0234 2100 Pcmcia - ok
18:32:46.0234 2100 PDCOMP - ok
18:32:46.0250 2100 PDFRAME - ok
18:32:46.0250 2100 PDRELI - ok
18:32:46.0265 2100 PDRFRAME - ok
18:32:46.0265 2100 perc2 - ok
18:32:46.0281 2100 perc2hib - ok
18:32:46.0312 2100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
18:32:46.0406 2100 PptpMiniport - ok
18:32:46.0437 2100 Processor (7eb15dce4ec3a0220bd796a15c18186e) E:\WINDOWS\system32\DRIVERS\processr.sys
18:32:46.0515 2100 Processor - ok
18:32:46.0531 2100 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
18:32:46.0609 2100 PSched - ok
18:32:46.0625 2100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
18:32:46.0718 2100 Ptilink - ok
18:32:46.0718 2100 ql1080 - ok
18:32:46.0734 2100 Ql10wnt - ok
18:32:46.0734 2100 ql12160 - ok
18:32:46.0750 2100 ql1240 - ok
18:32:46.0765 2100 ql1280 - ok
18:32:46.0765 2100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
18:32:46.0859 2100 RasAcd - ok
18:32:46.0875 2100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:32:46.0953 2100 Rasl2tp - ok
18:32:46.0968 2100 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:32:47.0046 2100 RasPppoe - ok
18:32:47.0062 2100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
18:32:47.0140 2100 Raspti - ok
18:32:47.0156 2100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
18:32:47.0250 2100 Rdbss - ok
18:32:47.0250 2100 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:32:47.0343 2100 RDPCDD - ok
18:32:47.0375 2100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) E:\WINDOWS\system32\drivers\RDPWD.sys
18:32:47.0406 2100 RDPWD - ok
18:32:47.0453 2100 redbook (611bfd220305be3a85ae876ea47d4aa5) E:\WINDOWS\system32\DRIVERS\redbook.sys
18:32:47.0531 2100 redbook - ok
18:32:47.0578 2100 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
18:32:47.0609 2100 Secdrv - ok
18:32:47.0625 2100 Serial (b842729337c9b921615c40d3c1a1af96) E:\WINDOWS\system32\drivers\Serial.sys
18:32:47.0703 2100 Serial - ok
18:32:47.0734 2100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
18:32:47.0812 2100 Sfloppy - ok
18:32:47.0812 2100 Simbad - ok
18:32:47.0828 2100 Sparrow - ok
18:32:47.0859 2100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
18:32:47.0937 2100 splitter - ok
18:32:47.0953 2100 sr (94610c8653635e4459316a0050d55ce7) E:\WINDOWS\system32\DRIVERS\sr.sys
18:32:48.0000 2100 sr - ok
18:32:48.0031 2100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
18:32:48.0062 2100 Srv - ok
18:32:48.0078 2100 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
18:32:48.0156 2100 swenum - ok
18:32:48.0171 2100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
18:32:48.0265 2100 swmidi - ok
18:32:48.0265 2100 symc810 - ok
18:32:48.0281 2100 symc8xx - ok
18:32:48.0281 2100 sym_hi - ok
18:32:48.0296 2100 sym_u3 - ok
18:32:48.0312 2100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
18:32:48.0390 2100 sysaudio - ok
18:32:48.0453 2100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
18:32:48.0468 2100 Tcpip - ok
18:32:48.0500 2100 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
18:32:48.0578 2100 TDPIPE - ok
18:32:48.0609 2100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
18:32:48.0687 2100 TDTCP - ok
18:32:48.0703 2100 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
18:32:48.0781 2100 TermDD - ok
18:32:48.0796 2100 TosIde - ok
18:32:48.0812 2100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
18:32:48.0890 2100 Udfs - ok
18:32:48.0890 2100 ultra - ok
18:32:48.0921 2100 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
18:32:49.0000 2100 Update - ok
18:32:49.0031 2100 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
18:32:49.0109 2100 usbaudio - ok
18:32:49.0140 2100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:32:49.0218 2100 usbccgp - ok
18:32:49.0234 2100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
18:32:49.0312 2100 usbehci - ok
18:32:49.0328 2100 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
18:32:49.0406 2100 usbhub - ok
18:32:49.0421 2100 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
18:32:49.0500 2100 usbohci - ok
18:32:49.0531 2100 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
18:32:49.0609 2100 usbprint - ok
18:32:49.0609 2100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
18:32:49.0703 2100 usbscan - ok
18:32:49.0718 2100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:32:49.0812 2100 USBSTOR - ok
18:32:49.0828 2100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
18:32:49.0921 2100 VgaSave - ok
18:32:49.0921 2100 ViaIde - ok
18:32:49.0937 2100 VolSnap (28a4b296b47782173c346e376cb374d1) E:\WINDOWS\system32\drivers\VolSnap.sys
18:32:50.0015 2100 VolSnap - ok
18:32:50.0031 2100 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
18:32:50.0109 2100 Wanarp - ok
18:32:50.0125 2100 WDICA - ok
18:32:50.0125 2100 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
18:32:50.0218 2100 wdmaud - ok
18:32:50.0296 2100 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
18:32:50.0484 2100 \Device\Harddisk0\DR0 - ok
18:32:50.0500 2100 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR4
18:32:50.0609 2100 \Device\Harddisk1\DR4 - ok
18:32:50.0609 2100 Boot (0x1200) (a6c3271e5f6ac0170be0a406a07592f1) \Device\Harddisk0\DR0\Partition0
18:32:50.0625 2100 \Device\Harddisk0\DR0\Partition0 - ok
18:32:50.0625 2100 Boot (0x1200) (435fce45616c57db3d9e13c57171ed36) \Device\Harddisk0\DR0\Partition1
18:32:50.0625 2100 \Device\Harddisk0\DR0\Partition1 - ok
18:32:50.0640 2100 Boot (0x1200) (ed51159628ced6fbec203b2c43a81ff0) \Device\Harddisk0\DR0\Partition2
18:32:50.0640 2100 \Device\Harddisk0\DR0\Partition2 - ok
18:32:50.0640 2100 Boot (0x1200) (12fddda4974fb404e8f500ba31971496) \Device\Harddisk1\DR4\Partition0
18:32:50.0640 2100 \Device\Harddisk1\DR4\Partition0 - ok
18:32:50.0640 2100 ============================================================
18:32:50.0640 2100 Scan finished
18:32:50.0640 2100 ============================================================
18:32:50.0750 1208 Detected object count: 0
18:32:50.0750 1208 Actual detected object count: 0
18:33:43.0593 1872 Deinitialize success

[Anborn]

Ok, písnu sem pak výsledky. Jinak moc děkuju za tvůj čas a ochotu

EDIT: Pokud jsem to správně pochopil, tak ten WinSockXpFix měl spravit internet, ale ten pořád nefunguje... Až skončí scan, tak sem postnu log.

EDIT2: Aha, tak už víme příčinu nákazy.. Brácha a jeho hry.. Divné je, že ho avast nenašel. Ty infikovaný soubory jsem už smazal, tak snad půjde léčení lépe.

Status: Detected (events: 2)
11.11.2011 20:49:19 Detected Trojan program Trojan.Win32.Chifrax.a E:\Documents and Settings\Honza\Plocha\Terraria.v1.0.6.1.cracked-THETA.rar//Terraria.v1.0.6.1.cracked-THETA/t-terra8.rar//Terraria.exe High
11.11.2011 20:59:10 Detected Trojan program Trojan.Win32.Chifrax.a E:\Documents and Settings\Honza\Plocha\Terraria.v1.0.6.1.cracked-THETA\t-terra8.rar//Terraria.exe High

[Anborn]

Tak jsem to resetoval, oscanoval a protože to po mě chtělo CD, tak to tam asi i něco kopírovalo, ale internet(pokud mu to mělo pomoct) stále nejede...

[Anborn]

Na ubuntu 10.10 live CD internet funguje

[Anborn]

RKU:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x89DBAA00 [4] System
0x89B55598 [144] E:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x89A77798 [152] E:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x89C987A0 [364] E:\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x89B5A990 [376] E:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x88FA5510 [400] E:\Program Files\Steam\Steam.exe (Valve Corporation, Steam)
0x89C57DA0 [440] E:\WINDOWS\system32\smss.exe (Microsoft Corporation, Správce relací systému Windows NT)
0x8905DCC8 [488] E:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x88CE6DA0 [512] E:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x89B40298 [556] E:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x89AA46A8 [568] E:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x88FA5020 [572] E:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x89A69DA0 [732] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8990C640 [780] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88C8B990 [812] E:\WINDOWS\explorer.exe (Microsoft Corporation, Průzkumník Windows)
0x89C71610 [952] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89BA7AE8 [1012] E:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation, Java(TM) Quick Starter Service)
0x89B3C718 [1020] E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation, Antimalware Service Executable)
0x89A87DA0 [1056] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x898C36C0 [1128] E:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 280.26)
0x898F3990 [1136] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89B7D350 [1368] E:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89B92878 [1524] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation, Microsoft Security Client User Interface)
0x88C34378 [1584] E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG, Nero BackItUp)
0x88C72938 [1696] E:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88C79DA0 [1704] E:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x89A42378 [1736] E:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation, Windows User Mode Driver Manager)
0x88C34990 [1944] E:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc., Search Settings)
0x898CE3D8 [1988] E:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x88F30020 [2620] E:\Program Files\Clownfish\Clownfish.exe
0x89BEA940 [3672] D:\Xfire\Xfire.exe (Xfire Inc., Xfire)
==============================================
>Drivers
==============================================
0xB70D1000 E:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12546048 bytes (NVIDIA Corporation, NVIDIA Windows XP Miniport Driver, Version 280.26 )
0xABA07000 E:\WINDOWS\system32\drivers\RtkHDAud.sys 6737920 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBD012000 E:\WINDOWS\System32\nv4_disp.dll 4214784 bytes (NVIDIA Corporation, NVIDIA Windows XP Display driver, Version 280.26 )
0x804D7000 E:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 E:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7E17000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA6B3000 E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6C5F000 E:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA776000 E:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA669F000 E:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD417000 E:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB6C22000 E:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 249856 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xACA00000 E:\WINDOWS\system32\DRIVERS\NVNRM.SYS 212992 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA676F000 E:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DEA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA755B000 E:\WINDOWS\System32\Drivers\dump_nvgts.sys 180224 bytes
0xB7F05000 nvgts.sys 180224 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0xA62A4000 E:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA723000 E:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7D3C000 E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA74E000 E:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA92F000 E:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xAB9E3000 E:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7D64000 E:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA62CF000 E:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xB7D19000 E:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 E:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7ECD000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7DD0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7EED000 E:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7EA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB70A6000 E:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA62F2000 E:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB70BD000 E:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA7CF000 E:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 E:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xACA34000 E:\WINDOWS\system32\DRIVERS\NVENETFD.sys 73728 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB7EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7095000 E:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8178000 E:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB8298000 E:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB81A8000 E:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB3948000 E:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB81B8000 E:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB005B000 E:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB82E8000 E:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB3978000 E:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xA65E7000 E:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xB80E8000 E:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA65F7000 E:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xB8188000 E:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB8208000 E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8228000 E:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAAC0F000 E:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8198000 E:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8218000 E:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB3988000 E:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB82C8000 E:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA6637000 E:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAAC4F000 E:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8238000 E:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAAC3F000 E:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAABFF000 E:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAAF21000 E:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83F8000 E:\WINDOWS\system32\DRIVERS\nvnetbus.sys 32768 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xAAF11000 E:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB83F0000 E:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8370000 E:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 E:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8458000 E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB83E0000 E:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8450000 E:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB32A4000 E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{57D48208-22AC-4B09-A41A-0856F38E0A72}\MpKsl6942957f.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB8388000 E:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8448000 E:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xAAF29000 E:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8438000 E:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8440000 E:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8410000 E:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB83E8000 E:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB3284000 E:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB854C000 E:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xB7D94000 E:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA77DD000 E:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB84B8000 E:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB855C000 E:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAFFF7000 E:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA881E000 E:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7DAC000 E:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAFFF3000 E:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8658000 E:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB8656000 E:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 E:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB865A000 E:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB865C000 E:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85BA000 E:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xB85E6000 E:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8618000 E:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 E:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB87AF000 E:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB090C000 E:\WINDOWS\system32\drivers\drmkaud.sys 4096 bytes (Microsoft Corporation, Microsoft Kernel DRM Audio Descrambler Filter)
0xAA804000 E:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB869E000 E:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[1704]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x014D20A0-->73300B30 [unknown_code_page]
[1704]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x014D20A4-->00402C6C [Skype.exe]
[3672]Xfire.exe-->gdi32.dll-->BitBlt, Type: Inline - RelativeJump 0x77F16F79-->03742588 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->0374316C [xfire_toucan_44598.dll]
[3672]Xfire.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->03742B10 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->BeginPaint, Type: Inline - RelativeJump 0x7E378FE9-->037423C5 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E36EA3B-->03742C5B [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->03742E41 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->03742BB7 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E37974E-->037428A4 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->GetDC, Type: Inline - RelativeJump 0x7E3686C7-->03742459 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->InvalidateRect, Type: Inline - RelativeJump 0x7E378FD5-->037426D0 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->InvalidateRgn, Type: Inline - RelativeJump 0x7E37CDFE-->0374276E [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->IsWindowVisible, Type: Inline - RelativeJump 0x7E379E3D-->03742EFA [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->IsWindowVisible, Type: Code Mismatch 0x7E379E3D + 5 [00 00]
[3672]Xfire.exe-->user32.dll-->RedrawWindow, Type: Inline - RelativeJump 0x7E379944-->037429D7 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->RegisterClassA, Type: Inline - RelativeJump 0x7E37EA5E-->03742A78 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->ReleaseDC, Type: Inline - RelativeJump 0x7E36869D-->037424ED [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->SetCapture, Type: Inline - RelativeJump 0x7E37C35E-->0374280C [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->SetFocus, Type: Inline - RelativeJump 0x7E37B112-->03742638 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump 0x7E3742ED-->03742DA9 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->SetWindowPos, Type: Inline - RelativeJump 0x7E3799F3-->03742CFF [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->037430C2 [xfire_toucan_44598.dll]
[3672]Xfire.exe-->user32.dll-->WindowFromPoint, Type: Inline - RelativeJump 0x7E379766-->0374293C [xfire_toucan_44598.dll]
[812]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->5D067774 [shimeng.dll]
[812]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A71188-->5D067774 [shimeng.dll]
[812]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5D067774 [shimeng.dll]
[812]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5D067774 [shimeng.dll]
[812]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5D067774 [shimeng.dll]
[812]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5D067774 [shimeng.dll]
[812]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771A1248-->5D067774 [shimeng.dll]
[812]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A9109C-->5D067774 [shimeng.dll]

ComboFix:

ComboFix 11-11-12.02 - Honza 12.11.2011 15:23:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1430 [GMT 1:00]
Spuštěný z: E:\turbina.com
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.intelppm
-------\Service_.IPSec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-12 do 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 14:27 . 2011-11-12 14:27 56200 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{57D48208-22AC-4B09-A41A-0856F38E0A72}\offreg.dll
2011-11-12 13:56 . 2011-11-12 13:56 35712 ----a-w- e:\windows\system32\drivers\BlackBox.sys
2011-11-12 13:56 . 2011-02-26 15:07 139264 ----a-w- E:\RKUnhookerLE.EXE
2011-11-12 11:24 . 2008-04-14 07:52 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll
2011-11-12 11:22 . 2008-04-14 06:43 31744 -c--a-w- e:\windows\system32\dllcache\wceusbsh.sys
2011-11-12 11:21 . 2001-08-17 20:28 794399 -c--a-w- e:\windows\system32\dllcache\usr1806v.sys
2011-11-12 11:20 . 2001-10-24 11:24 440576 -c--a-w- e:\windows\system32\dllcache\tridkb.dll
2011-11-12 11:19 . 2001-08-17 19:50 36640 -c--a-w- e:\windows\system32\dllcache\t2r4mini.sys
2011-11-12 11:18 . 2001-08-17 20:51 61824 -c--a-w- e:\windows\system32\dllcache\speed.sys
2011-11-12 11:17 . 2008-04-14 07:52 73796 -c--a-w- e:\windows\system32\dllcache\slserv.exe
2011-11-12 11:16 . 2001-08-17 20:53 6912 -c--a-w- e:\windows\system32\dllcache\seaddsmc.sys
2011-11-12 11:15 . 2008-04-13 21:05 20992 -c--a-w- e:\windows\system32\dllcache\rtl8139.sys
2011-11-12 11:14 . 2001-08-17 20:28 130942 -c--a-w- e:\windows\system32\dllcache\ptserlv.sys
2011-11-12 11:13 . 2001-10-24 11:25 86016 -c--a-w- e:\windows\system32\dllcache\pctspk.exe
2011-11-12 11:12 . 2001-08-17 19:50 198144 -c--a-w- e:\windows\system32\dllcache\nv3.sys
2011-11-12 11:11 . 2001-10-24 11:24 35392 -c--a-w- e:\windows\system32\dllcache\n9i128.dll
2011-11-12 11:10 . 2001-08-17 20:52 17280 -c--a-w- e:\windows\system32\dllcache\mraid35x.sys
2011-11-12 11:09 . 2001-08-17 19:12 70730 -c--a-w- e:\windows\system32\dllcache\lne100tx.sys
2011-11-12 11:08 . 2001-10-24 11:24 90200 -c--a-w- e:\windows\system32\dllcache\io8ports.dll
2011-11-12 11:07 . 2008-04-13 23:11 18560 -c--a-w- e:\windows\system32\dllcache\i2omp.sys
2011-11-12 11:06 . 2001-10-24 11:23 31232 -c--a-w- e:\windows\system32\dllcache\hpgt42tk.dll
2011-11-12 11:05 . 2008-04-13 21:05 34173 -c--a-w- e:\windows\system32\dllcache\forehe.sys
2011-11-12 11:04 . 2001-08-17 19:11 70174 -c--a-w- e:\windows\system32\dllcache\el98xn5.sys
2011-11-12 11:03 . 2001-10-24 11:24 65622 -c--a-w- e:\windows\system32\dllcache\digiasyn.dll
2011-11-12 11:02 . 2008-04-13 23:11 8192 -c--a-w- e:\windows\system32\dllcache\changer.sys
2011-11-12 11:01 . 2008-04-14 07:51 11359 -c--a-w- e:\windows\system32\dllcache\atv02nt5.dll
2011-11-12 11:00 . 2001-10-24 11:24 66048 -c--a-w- e:\windows\system32\dllcache\s3legacy.dll
2011-11-11 18:14 . 2011-10-18 00:28 6668624 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{57D48208-22AC-4B09-A41A-0856F38E0A72}\mpengine.dll
2011-11-11 17:29 . 2011-11-11 17:23 1564976 ----a-w- E:\tdsskiller.exe
2011-11-11 15:25 . 2011-11-11 15:25 -------- d-----w- e:\program files\trend micro
2011-11-11 15:25 . 2011-11-11 15:41 -------- d-----w- E:\rsit
2011-11-11 12:33 . 2011-11-11 12:33 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\PCHealth
2011-11-11 12:32 . 2011-11-11 12:32 -------- d-----w- e:\windows\system32\config\systemprofile\Local Settings\Data aplikací\PCHealth
2011-11-11 12:31 . 2011-11-11 12:33 -------- d-----w- e:\program files\Microsoft Security Client
2011-11-11 12:31 . 2011-05-24 17:14 222080 ------w- e:\windows\system32\MpSigStub.exe
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\UpdatusUser
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\All Users\Data aplikací\NVIDIA
2011-11-09 19:46 . 2011-11-09 19:46 -------- d-----w- e:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-11-09 19:46 . 2011-08-03 11:49 146024 ----a-w- e:\windows\system32\nvsvc32.exe
2011-11-09 19:46 . 2011-08-03 11:49 145000 ----a-w- e:\windows\system32\nvcolor.exe
2011-11-09 19:46 . 2011-08-03 11:49 600680 ----a-w- e:\windows\system32\easyupdatusapiu.dll
2011-11-09 19:46 . 2011-08-03 11:49 54272 ----a-w- e:\windows\system32\nvwddi.dll
2011-11-09 19:46 . 2011-08-03 11:49 13892200 ----a-w- e:\windows\system32\nvcpl.dll
2011-11-09 19:46 . 2011-08-03 11:49 111208 ----a-w- e:\windows\system32\nvmctray.dll
2011-11-07 08:56 . 2011-11-08 13:00 -------- d-sh--w- e:\documents and settings\Honza\Local Settings\Data aplikací\a12606b9
2011-11-02 18:39 . 2011-11-02 18:39 -------- d-----w- e:\program files\Microsoft XNA
2011-10-30 15:36 . 2011-10-30 15:43 -------- d-----w- e:\documents and settings\Honza\Data aplikací\Mumble
2011-10-30 15:36 . 2011-10-30 15:36 -------- d-----w- e:\program files\Mumble
2011-10-30 07:38 . 2011-10-30 07:38 -------- d-----w- e:\program files\Audacity 1.3 Beta (Unicode)
2011-10-29 08:44 . 2011-10-29 08:44 -------- d-----w- e:\documents and settings\All Users\Data aplikací\Adobe Systems
2011-10-28 12:59 . 2007-12-26 15:30 679936 ----a-w- e:\windows\system32\D3DX81ab.dll
2011-10-28 12:59 . 2007-12-26 15:30 1970176 ----a-w- e:\windows\system32\d3dx9.dll
2011-10-28 12:58 . 2011-10-28 12:58 -------- d-----w- e:\documents and settings\Honza\Data aplikací\GetRightToGo
2011-10-23 08:59 . 2011-10-23 09:06 73 ----a-w- e:\documents and settings\Honza\Data aplikací\temp.bat
2011-10-22 19:49 . 2011-10-22 19:49 -------- d-----w- e:\program files\SplitMediaLabs
2011-10-22 19:49 . 2011-10-22 19:49 -------- d-----w- e:\documents and settings\All Users\Data aplikací\SplitMediaLabs
2011-10-22 19:41 . 2011-10-22 19:41 -------- d-----w- e:\documents and settings\Honza\Data aplikací\SplitMediaLabs
2011-10-22 18:06 . 2011-10-22 18:06 -------- d-----w- e:\windows\system32\Lang
2011-10-22 08:42 . 2011-10-22 08:42 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\SKIDROW
2011-10-20 11:21 . 2011-10-29 08:45 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\Adobe
2011-10-20 11:21 . 2011-10-20 11:21 -------- d-----w- e:\documents and settings\Honza\Local Settings\Data aplikací\Temp
2011-10-19 14:52 . 2011-10-23 07:33 -------- d-----w- e:\documents and settings\Honza\Data aplikací\TS3Client
2011-10-16 10:42 . 2011-11-07 14:51 -------- d-----w- e:\documents and settings\Honza\Data aplikací\.minecraft
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- e:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 19:55 . 2011-09-17 13:37 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 13:08 . 2011-09-27 13:08 98304 ----a-w- e:\windows\system32\CmdLineExt.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- e:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- e:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- e:\windows\system32\oleacc.dll
2011-09-25 08:02 . 2011-09-25 08:02 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2011-09-20 19:02 . 2011-09-20 19:02 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2011-09-20 19:02 . 2011-09-20 19:02 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2011-09-19 07:07 . 2011-09-19 07:07 15360 ----a-w- e:\windows\system32\bdmjpeg.dll
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- e:\windows\system32\bdmpega.acm
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- e:\windows\system32\bdmpegv.dll
2011-09-17 13:40 . 2011-09-17 13:40 232512 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-09-17 13:39 . 2011-09-17 13:40 544656 ----a-w- e:\windows\system32\deployJava1.dll
2011-09-17 13:39 . 2011-09-17 13:40 128000 ----a-w- e:\windows\system32\javacpl.cpl
2011-09-09 09:12 . 2008-04-14 12:00 602112 ----a-w- e:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-14 12:00 1858944 ----a-w- e:\windows\system32\win32k.sys
2011-09-05 13:56 . 2008-04-14 12:00 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-09-05 13:56 . 2008-04-14 12:00 668160 ----a-w- e:\windows\system32\wininet.dll
2011-09-05 13:56 . 2008-04-14 12:00 61952 ----a-w- e:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2008-04-14 12:00 370176 ----a-w- e:\windows\system32\html.iec
2011-08-29 08:00 . 2011-09-26 16:41 74752 ----a-w- e:\windows\system32\ff_vfw.dll
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- e:\windows\system32\drivers\afd.sys
2011-10-01 06:56 . 2011-09-17 13:35 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="e:\program files\Steam\steam.exe" [2011-09-17 1242448]
"Clownfish"="e:\program files\Clownfish\Clownfish.exe" [2011-09-13 907776]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="e:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SearchSettings"="e:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"nwiz"="e:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
e:\documents and settings\Honza\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Xfire.lnk - d:\xfire\Xfire.exe [2011-10-13 3510680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 E266110A;E266110A;e:\windows\system32\E266110A.exe [x]
R3 F78C9320;F78C9320;e:\windows\system32\F78C9320.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-17 232512]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-12 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\kp7rmb8n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 15:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2780)
d:\xfire\xfire_toucan_44598.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
e:\windows\RTHDCPL.EXE
e:\windows\system32\RUNDLL32.EXE
e:\program files\Java\jre7\bin\jqs.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\windows\system32\imapi.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-12 15:30:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-12 14:29
.
Před spuštěním: Volných bajtů: 78 294 663 168
Po spuštění: Volných bajtů: 78 214 594 560
.
- - End Of File - - 83870C973625A9E91B8EF1DFF1036DC5

EDIT:
ComboFix pořád chtěl stahovat opravnou konzoli...

[Anborn]

Takže se to celé nějak zhoršilo, zapl jsem PC a při bootování to hlásilo, že systém se nemohl nabootovat kvůli nějakým chybějícím systémovým souborům, které se odmítaly nakopírovat přes opravnou konzoli... Takže jsem sáhl po reinstalaci systému. Chvála bohu, že jsem rodinu přinutil zálohovat důležitý věci, protože by měli po nich. Tímto bych ti chtěl poděkovat za tvůj čas i tvoji snahu a mrzí mě, že jsme toho šmejda nedokázali zcela zlikvidovat. Ještě musím přijít s nějakým řešením pro bráchu, aby zase něco nestáhl z pochybných stránek a bezmyšlenkovitě to neotevřel... Ještě jednou díky a zatím ahoj. PS: Doufám, že už se tu nebudu muset ukázat

[Anborn]

V pohodě, stejně by ho to zanedlouho čekalo, takže není co řešit. Snad se tu už nebudu muset ukazovat