Prosim o kontrolu logu, asi VIR Vyřešeno

[tomas_ch]

Dobry den,
prosim o kontrolu logu.
Malware hlasi PUM.Disabled.SecurityCenter a notebook strasne dlouho nabiha.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:12, on 28.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\CENTENN.IAL\AUDIT\cagent32.exe
C:\CENTENN.IAL\AUDIT\xferwan.exe
C:\WINDOWS\Explorer.EXE
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NetInst\mgmtagnt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\NetInst\NETREF~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\NetInst\mgmtagnt.exe
C:\PROGRA~1\NetInst\reflectRemoteSettings.exe
c:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\CENTENN.IAL\AUDIT\lpx86.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\temp\vir\tomas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BEIT Systemhaus GmbH
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] REM C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NetInstall NiTray] "C:\Program Files\NetInst\eTray.exe"
O4 - HKLM\..\Run: [Enteo Agent] C:\Program Files\NetInst\niagnt32.exe /AI
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://wm01.gauselmann.com/dwa85W.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1326730403
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9139768468
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O17 - HKLM\Software\..\Telephony: DomainName = gg.gauselmann.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: NotLog - SGLogEx.dll (file missing)
O20 - Winlogon Notify: SGLogNotification - SGLogNotification.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CentennialClientAgent - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\cagent32.exe
O23 - Service: CentennialIPTransferAgent - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\xferwan.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: enteo Runtime Service (ersupext) - FrontRange Solutions Deutschland GmbH - C:\Program Files\NetInst\mgmtagnt.exe
O23 - Service: enteo Core Service (esiCore) - FrontRange Solutions Deutschland GmbH - C:\Program Files\NetInst\mgmtagnt.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LanProbe - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\lpx86.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: HP Connection Manager Service (mdvsrv) - HP - c:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe
O23 - Service: enteo Remote Service (NetReflect_Service) - Frontrange Solutions - C:\PROGRA~1\NetInst\NETREF~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qualcomm Gobi Download Service (QDLService) - QUALCOMM, Inc. - c:\QUALCOMM\QDLService\QDLService.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 15081 bytes


------------------------------------------------------------------------


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.28.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
g019025 :: BW020163 [administrátor]

28.3.2012 12:59:09
mbam-log-2012-03-28 (12-59-09).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 251178
Uplynulý čas: 16 minut, 45 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)



Diky

[Reklama]

[Žbeky]

Odinstaluj SUPERAntiSpyware

Fixni:

Kód: Vybrat vše

O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://wm01.gauselmann.com/dwa85W.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1326730403
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9139768468
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: NotLog - SGLogEx.dll (file missing)
O20 - Winlogon Notify: SGLogNotification - SGLogNotification.dll (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[tomas_ch]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:25, on 28.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\CENTENN.IAL\AUDIT\cagent32.exe
C:\CENTENN.IAL\AUDIT\xferwan.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NetInst\mgmtagnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\NetInst\NETREF~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\NetInst\mgmtagnt.exe
C:\PROGRA~1\NetInst\reflectRemoteSettings.exe
c:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\CENTENN.IAL\AUDIT\lpx86.exe
C:\totalcmd\TOTALCMD.EXE
c:\temp\vir\tomas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BEIT Systemhaus GmbH
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] REM C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [NetInstall NiTray] "C:\Program Files\NetInst\eTray.exe"
O4 - HKLM\..\Run: [Enteo Agent] C:\Program Files\NetInst\niagnt32.exe /AI
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-909772816-612835887-627194967-49487\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'TECH077')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O17 - HKLM\Software\..\Telephony: DomainName = gg.gauselmann.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gg.gauselmann.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CentennialClientAgent - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\cagent32.exe
O23 - Service: CentennialIPTransferAgent - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\xferwan.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: enteo Runtime Service (ersupext) - FrontRange Solutions Deutschland GmbH - C:\Program Files\NetInst\mgmtagnt.exe
O23 - Service: enteo Core Service (esiCore) - FrontRange Solutions Deutschland GmbH - C:\Program Files\NetInst\mgmtagnt.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LanProbe - FrontRange Solutions USA Inc. - C:\CENTENN.IAL\AUDIT\lpx86.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: HP Connection Manager Service (mdvsrv) - HP - c:\Program Files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe
O23 - Service: enteo Remote Service (NetReflect_Service) - Frontrange Solutions - C:\PROGRA~1\NetInst\NETREF~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Qualcomm Gobi Download Service (QDLService) - QUALCOMM, Inc. - c:\QUALCOMM\QDLService\QDLService.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 13330 bytes

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
g019025 :: BW020163 [administrátor]

28.3.2012 17:35:26
mbam-log-2012-03-28 (17-35-26).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 250589
Uplynulý čas: 14 minut, 33 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Umístnění do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


ComboFix 12-03-28.02 - g019025 28.03.2012 17:56:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1912.1026 [GMT 2:00]
Spuštěný z: c:\temp\vir\tomas\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\g019025\Application Data\asocks2
c:\documents and settings\g019025\Application Data\inst.exe
c:\documents and settings\g019025\Application Data\vso_ts_preview.xml
c:\documents and settings\g019025\My Documents\~WRL0004.tmp
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SGGINA.DLL
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 15:46 . 2012-03-28 15:46 -------- d-sh--w- c:\documents and settings\g019025\IECompatCache
2012-03-19 10:42 . 2012-03-19 10:42 -------- d-sh--w- c:\documents and settings\g019025\PrivacIE
2012-03-19 10:37 . 2012-03-19 10:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-03-19 10:35 . 2012-03-19 10:35 -------- d-sh--w- c:\documents and settings\g019025\IETldCache
2012-03-19 10:25 . 2012-03-19 10:26 -------- dc-h--w- c:\windows\ie8
2012-03-19 10:20 . 2012-03-19 10:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 10:20 . 2012-03-19 10:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-08 10:06 . 2012-03-08 10:07 -------- d-----w- c:\program files\TeamViewer
2012-02-28 17:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 12:33 . 2012-02-28 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 16:04 . 2012-01-22 19:52 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-18 17:59 . 2012-02-18 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-18 17:59 . 2010-09-07 07:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-16 20:00 . 2011-05-16 09:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 09:55 . 2012-02-13 09:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-13 09:55 . 2012-02-13 09:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-13 09:45 . 2012-02-13 09:45 25128 ----a-w- c:\windows\system32\drivers\cdprku.sys
2012-01-12 16:53 . 2001-08-23 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 14:39 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-19 10:20 . 2011-03-23 12:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="REM" [X]
"QlbCtrl.exe"="REM" [X]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-09 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 142360]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2004-06-16 20480]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2004-06-16 245760]
"NetInstall NiTray"="c:\program files\NetInst\eTray.exe" [2010-05-07 35824]
"Enteo Agent"="c:\program files\NetInst\niagnt32.exe" [2010-09-30 222712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-09-10 115560]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2010-01-24 241664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ToggleCommentPosition"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 01:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 01:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\NetInst\NiAMH.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-909772816-612835887-627194967-2451\Scripts\Logon\0\0]
"Script"=\\gg.gauselmann.com\sysvol\gg.gauselmann.com\scripts\logon_Prag.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
REM [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discovery User Input]
2010-01-24 15:54 241664 ----a-w- c:\discovery\User Input\userin32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-24 01:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\windows\Network Diagnostic\xpnetdiag.exe"= c:\windows\Network Diagnostic\xpnetdiag.exe:10.0.0.0/255.0.0.0:Disabled:@xpsp3res.dll,-20000
"c:\windows\system32\sessmgr.exe"= c:\windows\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Disabled:@xpsp2res.dll,-22019
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\windows\system32\cba\pds.exe"= c:\windows\system32\cba\pds.exe:10.0.0.0/255.0.0.0:Enabled:COMMON_BASE_AGENT_NAME
"c:\program files\LANDesk\LDClient\issuser.exe"= c:\program files\LANDesk\LDClient\issuser.exe:10.0.0.0/255.0.0.0:Enabled:REMOTE_CONTROL_DISPLAY_NAME
"c:\program files\LANDesk\LDClient\tmcsvc.exe"= c:\program files\LANDesk\LDClient\tmcsvc.exe:10.0.0.0/255.0.0.0:Enabled:SOFTWARE_DIST_DISPLAY_NAME
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22004
"137:UDP"= 137:UDP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22002
.
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [16.6.2004 19:05 18016]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 20:14 24064]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [16.6.2004 19:07 54464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [4.5.2011 19:54 116608]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [28.11.2007 3:42 185896]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [23.11.2005 1:07 122880]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [15.2.2011 18:01 19968]
R2 ersupext;enteo Runtime Service;c:\program files\NetInst\mgmtagnt.exe [13.2.2012 11:41 218616]
R2 esiCore;enteo Core Service;c:\program files\NetInst\mgmtagnt.exe [13.2.2012 11:41 218616]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe [12.6.2008 14:19 575976]
R2 NetReflect_Service;enteo Remote Service;c:\progra~1\NetInst\NETREF~1.EXE [13.2.2012 11:44 896424]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [9.6.2008 8:06 345336]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 17:13 292384]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [18.2.2009 10:46 2058776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [18.2.2009 1:21 238736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13.2.2012 12:13 106104]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 21:31 44800]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [28.4.2010 10:12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [28.4.2010 10:12 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [28.4.2010 10:12 3712]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [18.2.2009 9:25 47616]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S?2 prlzuai;Config System;c:\windows\system32\svchost.exe -k netsvcs [23.8.2001 14:00 14336]
S3 cdprku;cdprku;c:\windows\system32\drivers\cdprku.sys [13.2.2012 11:45 25128]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10.9.2010 9:50 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [18.2.2009 9:40 222512]
S3 LanProbe;LanProbe;c:\centenn.ial\AUDIT\lpx86.exe [13.2.2012 11:43 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [15.4.2010 13:41 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [15.4.2010 13:41 112640]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [15.4.2010 13:41 103680]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8.4.2008 14:12 1112560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
prlzuai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\g019025\Application Data\Mozilla\Firefox\Profiles\eh4pg75s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://orgo-net.blogspot.com/|http://ww ... upeze.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HP Connection Manager.exe - (no file)
Notify-AtiExtEvent - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetReflect_Service]
"ImagePath"="c:\progra~1\NetInst\NETREF~1.EXE /startedbyscm:B486F7BF-40E31D57-NrRemoteComService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prlzuai]
"ServiceDll"="c:\windows\system32\npcob.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(2900)
c:\program files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\centenn.ial\AUDIT\cagent32.exe
c:\centenn.ial\AUDIT\xferwan.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\hasplms.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\program files\LANDesk\LDClient\QIPCLNT.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\windows\system32\SgLogPlayer.exe
c:\progra~1\NetInst\reflectRemoteSettings.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\imapi.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
.
**************************************************************************
.
Celkový čas: 2012-03-28 18:09:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-28 16:09
.
Před spuštěním: 78 228 623 360 bytes free
Po spuštění: 78 107 611 136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8A5E8468B0AAEC72B86AF0B1911D4DF3

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ToggleCommentPosition"=-
"NoWelcomeScreen"=-
"NoPublishingWizard"=-
"NoWebServices"=-
"NoOnlinePrintsWizard"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=-
"NoWelcomeScreen"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000000
"TermService"=dword:00000000
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prlzuai]

Driver::
hasplms
prlzuai

NetSvcs::
prlzuai


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

\\gg.gauselmann.com\sysvol\gg.gauselmann.com\scripts\logon_Prag.bat

uStart Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
c:\progra~1\NetInst\NETREF~1.EXE /startedbyscm:B486F7BF-40E31D57-NrRemoteComService"
tohle Ti něco říká?

[tomas_ch]

\\gg.gauselmann.com\sysvol\gg.gauselmann.com\scripts\logon_Prag.bat - to je neco firemniho, to bych radeji nemazal

uStart Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
c:\progra~1\NetInst\NETREF~1.EXE /startedbyscm:B486F7BF-40E31D57-NrRemoteComService"
tohle Ti něco říká? - to je take firemni....


ComboFix 12-03-28.02 - g019025 28.03.2012 19:23:17.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1912.1152 [GMT 2:00]
Spuštěný z: c:\documents and settings\g019025\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\g019025\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HASPLMS
-------\Legacy_PRLZUAI
-------\Service_hasplms
-------\Service_prlzuai
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 16:09 . 2012-03-28 16:09 -------- d-----w- c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP
2012-03-28 15:46 . 2012-03-28 15:46 -------- d-sh--w- c:\documents and settings\g019025\IECompatCache
2012-03-19 10:42 . 2012-03-19 10:42 -------- d-sh--w- c:\documents and settings\g019025\PrivacIE
2012-03-19 10:37 . 2012-03-19 10:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-03-19 10:35 . 2012-03-19 10:35 -------- d-sh--w- c:\documents and settings\g019025\IETldCache
2012-03-19 10:25 . 2012-03-19 10:26 -------- dc-h--w- c:\windows\ie8
2012-03-19 10:20 . 2012-03-19 10:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 10:20 . 2012-03-19 10:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-08 10:06 . 2012-03-08 10:07 -------- d-----w- c:\program files\TeamViewer
2012-02-28 17:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 12:33 . 2012-02-28 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 17:32 . 2012-01-22 19:52 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-02-18 17:59 . 2012-02-18 17:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-18 17:59 . 2010-09-07 07:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-16 20:00 . 2011-05-16 09:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-13 09:55 . 2012-02-13 09:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-13 09:55 . 2012-02-13 09:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-13 09:45 . 2012-02-13 09:45 25128 ----a-w- c:\windows\system32\drivers\cdprku.sys
2012-01-12 16:53 . 2001-08-23 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 14:39 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-19 10:20 . 2011-03-23 12:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_16.04.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 17:32 . 2012-03-28 17:32 16384 c:\windows\Temp\Perflib_Perfdata_d6c.dat
+ 2001-08-23 12:00 . 2012-03-28 16:32 82616 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-03-28 15:29 82616 c:\windows\system32\perfc009.dat
+ 2012-03-28 16:09 . 2012-03-28 16:30 24576 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla3.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 61440 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla1.C2DA9293_BC6A_11D4_B62F_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 24576 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla1.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 24576 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla1.0A320573_80DF_4D7C_8D8D_7198AF0AAC43.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 32768 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla.DDC9D041_01CA_426E_B0B1_C2EE76DEC2BA.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 32768 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla.B0094272_1C09_4C97_9975_23F9A4F287BE.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 61440 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla.63E82B80_048C_11D4_B357_0050DA4F5702.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 24576 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla.457C3773_97C1_4C9D_A5FE_26FB81D5523A.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19714 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.DDC9D041_01CA_426E_B0B1_C2EE76DEC2BA.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 20206 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.C2DA9293_BC6A_11D4_B62F_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19620 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.B0094272_1C09_4C97_9975_23F9A4F287BE.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19694 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.63E82B80_048C_11D4_B357_0050DA4F5702.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19947 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19544 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.457C3773_97C1_4C9D_A5FE_26FB81D5523A.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 19638 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCall.0A320573_80DF_4D7C_8D8D_7198AF0AAC43.dll
+ 2001-08-23 12:00 . 2012-03-28 16:32 488018 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-03-28 15:29 488018 c:\windows\system32\perfh009.dat
+ 2012-03-28 16:09 . 2012-03-28 16:30 221184 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla2.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll
+ 2012-03-28 16:09 . 2012-03-28 16:30 221184 c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP\WiseCustomCalla.6249D4D4_C78D_11D5_B777_00105ACCAF1C.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="REM" [X]
"QlbCtrl.exe"="REM" [X]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-09 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 142360]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2004-06-16 20480]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2004-06-16 245760]
"NetInstall NiTray"="c:\program files\NetInst\eTray.exe" [2010-05-07 35824]
"Enteo Agent"="c:\program files\NetInst\niagnt32.exe" [2010-09-30 222712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-09-10 115560]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2010-01-24 241664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-28 01:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-28 01:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\NetInst\NiAMH.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-909772816-612835887-627194967-2451\Scripts\Logon\0\0]
"Script"=\\gg.gauselmann.com\sysvol\gg.gauselmann.com\scripts\logon_Prag.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
REM [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discovery User Input]
2010-01-24 15:54 241664 ----a-w- c:\discovery\User Input\userin32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-24 01:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\windows\Network Diagnostic\xpnetdiag.exe"= c:\windows\Network Diagnostic\xpnetdiag.exe:10.0.0.0/255.0.0.0:Disabled:@xpsp3res.dll,-20000
"c:\windows\system32\sessmgr.exe"= c:\windows\system32\sessmgr.exe:10.0.0.0/255.0.0.0:Disabled:@xpsp2res.dll,-22019
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\windows\system32\cba\pds.exe"= c:\windows\system32\cba\pds.exe:10.0.0.0/255.0.0.0:Enabled:COMMON_BASE_AGENT_NAME
"c:\program files\LANDesk\LDClient\issuser.exe"= c:\program files\LANDesk\LDClient\issuser.exe:10.0.0.0/255.0.0.0:Enabled:REMOTE_CONTROL_DISPLAY_NAME
"c:\program files\LANDesk\LDClient\tmcsvc.exe"= c:\program files\LANDesk\LDClient\tmcsvc.exe:10.0.0.0/255.0.0.0:Enabled:SOFTWARE_DIST_DISPLAY_NAME
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22004
"137:UDP"= 137:UDP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:10.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22002
.
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [16.6.2004 19:05 18016]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 20:14 24064]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [16.6.2004 19:07 54464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [4.5.2011 19:54 116608]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [28.11.2007 3:42 185896]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [23.11.2005 1:07 122880]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [15.2.2011 18:01 19968]
R2 ersupext;enteo Runtime Service;c:\program files\NetInst\mgmtagnt.exe [13.2.2012 11:41 218616]
R2 esiCore;enteo Core Service;c:\program files\NetInst\mgmtagnt.exe [13.2.2012 11:41 218616]
R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe [12.6.2008 14:19 575976]
R2 NetReflect_Service;enteo Remote Service;c:\progra~1\NetInst\NETREF~1.EXE [13.2.2012 11:44 896424]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [9.6.2008 8:06 345336]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 17:13 292384]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [18.2.2009 10:46 2058776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [18.2.2009 1:21 238736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13.2.2012 12:13 106104]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 21:31 44800]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [28.4.2010 10:12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [28.4.2010 10:12 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [28.4.2010 10:12 3712]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [18.2.2009 9:25 47616]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 cdprku;cdprku;c:\windows\system32\drivers\cdprku.sys [13.2.2012 11:45 25128]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10.9.2010 9:50 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [18.2.2009 9:40 222512]
S3 LanProbe;LanProbe;c:\centenn.ial\AUDIT\lpx86.exe [13.2.2012 11:43 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [15.4.2010 13:41 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [15.4.2010 13:41 112640]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [15.4.2010 13:41 103680]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8.4.2008 14:12 1112560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = https://webmail.gauselmann.com/open_webmail.nsf?Open
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\g019025\Application Data\Mozilla\Firefox\Profiles\eh4pg75s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://orgo-net.blogspot.com/|http://ww ... upeze.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetReflect_Service]
"ImagePath"="c:\progra~1\NetInst\NETREF~1.EXE /startedbyscm:B486F7BF-40E31D57-NrRemoteComService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(3280)
c:\program files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\centenn.ial\AUDIT\cagent32.exe
c:\centenn.ial\AUDIT\xferwan.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\program files\LANDesk\LDClient\QIPCLNT.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Utimaco\SafeGuard Easy\WKSCFGSRV.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\progra~1\NetInst\reflectRemoteSettings.exe
c:\windows\system32\SgLogPlayer.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\imapi.exe
c:\windows\system32\msiexec.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\system32\MsiExec.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Celkový čas: 2012-03-28 19:37:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-28 17:36
ComboFix2.txt 2012-03-28 16:09
.
Před spuštěním: 78 170 316 800 bytes free
Po spuštění: Volných bajtů: 78 134 927 360
.
- - End Of File - - 9925000E89C59D3C3333BC759C2B56CC




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 19:40:49
-----------------------------
19:40:49.359 OS Version: Windows 5.1.2600 Service Pack 3
19:40:49.359 Number of processors: 2 586 0x170A
19:40:49.359 ComputerName: BW020163 UserName: g019025
19:40:50.875 Initialize success
19:40:59.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:40:59.093 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
19:40:59.125 Disk 0 MBR read successfully
19:40:59.125 Disk 0 MBR scan
19:40:59.125 Disk 0 Windows XP default MBR code found via API
19:40:59.125 Disk 0 unknown MBR code
19:40:59.125 Disk 0 MBR hidden
19:40:59.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 238472 MB offset 63
19:40:59.140 Disk 0 scanning sectors +488392065
19:40:59.156 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
19:40:59.156 Disk 0 trace - called modules:
19:40:59.171 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
19:40:59.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5a3030]
19:40:59.171 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> [0x8a6203f0]
19:40:59.171 5 hpdskflt.sys[f77284e5] -> nt!IofCallDriver -> \Device\000000ad[0x8a622370]
19:40:59.171 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a04b030]
19:40:59.187 Scan finished successfully
19:41:39.546 Disk 0 MBR has been saved successfully to "C:\temp\vir\tomas\MBR.dat"
19:41:39.546 The log file has been saved successfully to "C:\temp\vir\tomas\aswMBR.txt"

[Žbeky]

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

[tomas_ch]

20:07:11.0875 4792 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:07:11.0968 4792 ============================================================
20:07:11.0968 4792 Current date / time: 2012/03/28 20:07:11.0968
20:07:11.0968 4792 SystemInfo:
20:07:11.0968 4792
20:07:11.0968 4792 OS Version: 5.1.2600 ServicePack: 3.0
20:07:11.0968 4792 Product type: Workstation
20:07:11.0968 4792 ComputerName: BW020163
20:07:11.0968 4792 UserName: g019025
20:07:11.0968 4792 Windows directory: C:\WINDOWS
20:07:11.0968 4792 System windows directory: C:\WINDOWS
20:07:11.0968 4792 Processor architecture: Intel x86
20:07:11.0968 4792 Number of processors: 2
20:07:11.0968 4792 Page size: 0x1000
20:07:11.0968 4792 Boot type: Normal boot
20:07:11.0968 4792 ============================================================
20:07:12.0312 4792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:07:12.0312 4792 \Device\Harddisk0\DR0:
20:07:12.0312 4792 MBR used
20:07:12.0312 4792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
20:07:12.0312 4792 Initialize success
20:07:12.0312 4792 ============================================================
20:07:18.0062 5624 ============================================================
20:07:18.0062 5624 Scan started
20:07:18.0062 5624 Mode: Manual;
20:07:18.0062 5624 ============================================================
20:07:18.0062 5624 !SASCORE - ok
20:07:18.0093 5624 Abiosdsk - ok
20:07:18.0093 5624 abp480n5 - ok
20:07:18.0109 5624 Accelerometer - ok
20:07:18.0109 5624 accoca - ok
20:07:18.0109 5624 ACPI - ok
20:07:18.0125 5624 ACPIEC - ok
20:07:18.0125 5624 ADIHdAudAddService - ok
20:07:18.0125 5624 adpu160m - ok
20:07:18.0140 5624 AEAudio - ok
20:07:18.0140 5624 aec - ok
20:07:18.0156 5624 AES-256 - ok
20:07:18.0156 5624 AFD - ok
20:07:18.0156 5624 AgereModemAudio - ok
20:07:18.0171 5624 AgereSoftModem - ok
20:07:18.0171 5624 Aha154x - ok
20:07:18.0171 5624 aic78u2 - ok
20:07:18.0187 5624 aic78xx - ok
20:07:18.0187 5624 aksfridge - ok
20:07:18.0187 5624 akshasp - ok
20:07:18.0203 5624 akshhl - ok
20:07:18.0203 5624 aksusb - ok
20:07:18.0203 5624 Alerter - ok
20:07:18.0203 5624 ALG - ok
20:07:18.0203 5624 AliIde - ok
20:07:18.0203 5624 amsint - ok
20:07:18.0203 5624 AppMgmt - ok
20:07:18.0218 5624 Arp1394 - ok
20:07:18.0218 5624 asc - ok
20:07:18.0218 5624 asc3350p - ok
20:07:18.0218 5624 asc3550 - ok
20:07:18.0218 5624 aspnet_state - ok
20:07:18.0218 5624 AsyncMac - ok
20:07:18.0234 5624 atapi - ok
20:07:18.0234 5624 Atdisk - ok
20:07:18.0234 5624 Atmarpc - ok
20:07:18.0234 5624 AudioSrv - ok
20:07:18.0234 5624 audstub - ok
20:07:18.0234 5624 Beep - ok
20:07:18.0234 5624 BITS - ok
20:07:18.0250 5624 Browser - ok
20:07:18.0250 5624 btaudio - ok
20:07:18.0250 5624 BTDriver - ok
20:07:18.0250 5624 BTKRNL - ok
20:07:18.0250 5624 btwdins - ok
20:07:18.0250 5624 BTWDNDIS - ok
20:07:18.0250 5624 BTWUSB - ok
20:07:18.0250 5624 catchme - ok
20:07:18.0265 5624 CBA8 - ok
20:07:18.0265 5624 cbidf2k - ok
20:07:18.0265 5624 ccEvtMgr - ok
20:07:18.0265 5624 ccSetMgr - ok
20:07:18.0265 5624 cd20xrnt - ok
20:07:18.0265 5624 Cdaudio - ok
20:07:18.0265 5624 Cdfs - ok
20:07:18.0265 5624 cdprku - ok
20:07:18.0281 5624 Cdrom - ok
20:07:18.0281 5624 CentennialClientAgent - ok
20:07:18.0281 5624 CentennialIPTransferAgent - ok
20:07:18.0281 5624 Changer - ok
20:07:18.0281 5624 cisvc - ok
20:07:18.0281 5624 ClipSrv - ok
20:07:18.0281 5624 clr_optimization_v2.0.50727_32 - ok
20:07:18.0296 5624 clr_optimization_v4.0.30319_32 - ok
20:07:18.0296 5624 CmBatt - ok
20:07:18.0296 5624 CmdIde - ok
20:07:18.0296 5624 COH_Mon - ok
20:07:18.0296 5624 Com4QLBEx - ok
20:07:18.0296 5624 Compbatt - ok
20:07:18.0296 5624 COMSysApp - ok
20:07:18.0312 5624 Cpqarray - ok
20:07:18.0312 5624 CronService - ok
20:07:18.0312 5624 CryptSvc - ok
20:07:18.0312 5624 CVirtA - ok
20:07:18.0312 5624 CVPND - ok
20:07:18.0312 5624 CVPNDRVA - ok
20:07:18.0312 5624 dac2w2k - ok
20:07:18.0328 5624 dac960nt - ok
20:07:18.0328 5624 DcomLaunch - ok
20:07:18.0328 5624 Dhcp - ok
20:07:18.0328 5624 Disk - ok
20:07:18.0328 5624 dmadmin - ok
20:07:18.0328 5624 dmboot - ok
20:07:18.0328 5624 dmio - ok
20:07:18.0328 5624 dmload - ok
20:07:18.0343 5624 dmserver - ok
20:07:18.0343 5624 DMusic - ok
20:07:18.0343 5624 DNE - ok
20:07:18.0343 5624 Dnscache - ok
20:07:18.0343 5624 Dot3svc - ok
20:07:18.0343 5624 Dot4 - ok
20:07:18.0343 5624 Dot4Print - ok
20:07:18.0343 5624 dot4usb - ok
20:07:18.0359 5624 dpti2o - ok
20:07:18.0359 5624 drmkaud - ok
20:07:18.0359 5624 e1yexpress - ok
20:07:18.0359 5624 EapHost - ok
20:07:18.0359 5624 eeCtrl - ok
20:07:18.0359 5624 EraserUtilRebootDrv - ok
20:07:18.0359 5624 ersupext - ok
20:07:18.0375 5624 ERSvc - ok
20:07:18.0375 5624 esiCore - ok
20:07:18.0375 5624 Eventlog - ok
20:07:18.0375 5624 EventSystem - ok
20:07:18.0375 5624 Fastfat - ok
20:07:18.0375 5624 FastUserSwitchingCompatibility - ok
20:07:18.0375 5624 Fdc - ok
20:07:18.0375 5624 Fips - ok
20:07:18.0390 5624 Flpydisk - ok
20:07:18.0390 5624 FltMgr - ok
20:07:18.0390 5624 FontCache3.0.0.0 - ok
20:07:18.0390 5624 Fs_Rec - ok
20:07:18.0390 5624 FTDIBUS - ok
20:07:18.0390 5624 Ftdisk - ok
20:07:18.0390 5624 FTSER2K - ok
20:07:18.0390 5624 Gpc - ok
20:07:18.0390 5624 hardlock - ok
20:07:18.0406 5624 HBtnKey - ok
20:07:18.0406 5624 HDAudBus - ok
20:07:18.0406 5624 HECI - ok
20:07:18.0406 5624 helpsvc - ok
20:07:18.0406 5624 HidServ - ok
20:07:18.0406 5624 hidusb - ok
20:07:18.0406 5624 hkmsvc - ok
20:07:18.0421 5624 hpdskflt - ok
20:07:18.0421 5624 hpn - ok
20:07:18.0421 5624 HpqKbFiltr - ok
20:07:18.0421 5624 hpqwmiex - ok
20:07:18.0421 5624 hpt3xx - ok
20:07:18.0421 5624 HPZid412 - ok
20:07:18.0421 5624 HPZipr12 - ok
20:07:18.0421 5624 HPZius12 - ok
20:07:18.0437 5624 HTTP - ok
20:07:18.0437 5624 HTTPFilter - ok
20:07:18.0437 5624 i2omgmt - ok
20:07:18.0437 5624 i2omp - ok
20:07:18.0437 5624 i8042prt - ok
20:07:18.0437 5624 ialm - ok
20:07:18.0437 5624 iaStor - ok
20:07:18.0437 5624 IDriverT - ok
20:07:18.0453 5624 idsvc - ok
20:07:18.0453 5624 IFXTPM - ok
20:07:18.0453 5624 Imapi - ok
20:07:18.0453 5624 ImapiService - ok
20:07:18.0453 5624 ini910u - ok
20:07:18.0453 5624 Intel Local Scheduler Service - ok
20:07:18.0453 5624 Intel PDS - ok
20:07:18.0468 5624 Intel QIP Client Service - ok
20:07:18.0468 5624 IntelIde - ok
20:07:18.0468 5624 intelppm - ok
20:07:18.0468 5624 ip6fw - ok
20:07:18.0468 5624 IpFilterDriver - ok
20:07:18.0468 5624 IpInIp - ok
20:07:18.0468 5624 IpNat - ok
20:07:18.0468 5624 IPSec - ok
20:07:18.0484 5624 IRENUM - ok
20:07:18.0484 5624 isapnp - ok
20:07:18.0484 5624 IviRegMgr - ok
20:07:18.0484 5624 JavaQuickStarterService - ok
20:07:18.0484 5624 Kbdclass - ok
20:07:18.0484 5624 kbdhid - ok
20:07:18.0484 5624 kmixer - ok
20:07:18.0500 5624 KSecDD - ok
20:07:18.0500 5624 lanmanserver - ok
20:07:18.0500 5624 lanmanworkstation - ok
20:07:18.0500 5624 LanProbe - ok
20:07:18.0500 5624 lbrtfdc - ok
20:07:18.0500 5624 ldblank - ok
20:07:18.0500 5624 ldmirror - ok
20:07:18.0515 5624 LightScribeService - ok
20:07:18.0515 5624 LiveUpdate - ok
20:07:18.0515 5624 LmHosts - ok
20:07:18.0515 5624 LMS - ok
20:07:18.0515 5624 mdvsrv - ok
20:07:18.0515 5624 Messenger - ok
20:07:18.0515 5624 mirrorflt - ok
20:07:18.0531 5624 mnmdd - ok
20:07:18.0531 5624 mnmsrvc - ok
20:07:18.0531 5624 Modem - ok
20:07:18.0531 5624 Mouclass - ok
20:07:18.0531 5624 mouhid - ok
20:07:18.0531 5624 MountMgr - ok
20:07:18.0531 5624 mraid35x - ok
20:07:18.0531 5624 MRxDAV - ok
20:07:18.0546 5624 MRxSmb - ok
20:07:18.0546 5624 MSDTC - ok
20:07:18.0546 5624 Msfs - ok
20:07:18.0546 5624 MSIServer - ok
20:07:18.0546 5624 MSKSSRV - ok
20:07:18.0546 5624 MSPCLOCK - ok
20:07:18.0562 5624 MSPQM - ok
20:07:18.0562 5624 mssmbios - ok
20:07:18.0562 5624 Mup - ok
20:07:18.0562 5624 napagent - ok
20:07:18.0562 5624 NAVENG - ok
20:07:18.0562 5624 NAVEX15 - ok
20:07:18.0562 5624 NDIS - ok
20:07:18.0562 5624 NdisTapi - ok
20:07:18.0578 5624 Ndisuio - ok
20:07:18.0578 5624 NdisWan - ok
20:07:18.0578 5624 NDProxy - ok
20:07:18.0578 5624 NetBIOS - ok
20:07:18.0578 5624 NetBT - ok
20:07:18.0578 5624 NetDDE - ok
20:07:18.0578 5624 NetDDEdsdm - ok
20:07:18.0593 5624 Netlogon - ok
20:07:18.0593 5624 Netman - ok
20:07:18.0593 5624 NetReflect_Service - ok
20:07:18.0593 5624 NetTcpPortSharing - ok
20:07:18.0593 5624 NETw5x32 - ok
20:07:18.0593 5624 NIC1394 - ok
20:07:18.0593 5624 Nla - ok
20:07:18.0593 5624 nm - ok
20:07:18.0609 5624 Npfs - ok
20:07:18.0609 5624 NSNDIS5 - ok
20:07:18.0609 5624 Ntfs - ok
20:07:18.0609 5624 NtLmSsp - ok
20:07:18.0609 5624 NtmsSvc - ok
20:07:18.0609 5624 NuidFltr - ok
20:07:18.0609 5624 Null - ok
20:07:18.0609 5624 NwlnkFlt - ok
20:07:18.0625 5624 NwlnkFwd - ok
20:07:18.0625 5624 ohci1394 - ok
20:07:18.0625 5624 ose - ok
20:07:18.0625 5624 osppsvc - ok
20:07:18.0625 5624 Parport - ok
20:07:18.0625 5624 PartMgr - ok
20:07:18.0625 5624 ParVdm - ok
20:07:18.0625 5624 PCI - ok
20:07:18.0640 5624 PCIDump - ok
20:07:18.0640 5624 PCIIde - ok
20:07:18.0640 5624 Pcmcia - ok
20:07:18.0640 5624 PDCOMP - ok
20:07:18.0640 5624 PDFRAME - ok
20:07:18.0640 5624 PDRELI - ok
20:07:18.0640 5624 PDRFRAME - ok
20:07:18.0640 5624 perc2 - ok
20:07:18.0656 5624 perc2hib - ok
20:07:18.0656 5624 PlugPlay - ok
20:07:18.0656 5624 Pml Driver HPZ12 - ok
20:07:18.0656 5624 PolicyAgent - ok
20:07:18.0656 5624 PptpMiniport - ok
20:07:18.0656 5624 Processor - ok
20:07:18.0671 5624 ProtectedStorage - ok
20:07:18.0671 5624 Ptilink - ok
20:07:18.0671 5624 PxHelp20 - ok
20:07:18.0671 5624 QCFilterhp - ok
20:07:18.0671 5624 qcusbnethp - ok
20:07:18.0671 5624 qcusbserhp - ok
20:07:18.0671 5624 QDLService - ok
20:07:18.0687 5624 ql1080 - ok
20:07:18.0687 5624 Ql10wnt - ok
20:07:18.0687 5624 ql12160 - ok
20:07:18.0687 5624 ql1240 - ok
20:07:18.0687 5624 ql1280 - ok
20:07:18.0687 5624 RasAcd - ok
20:07:18.0687 5624 RasAuto - ok
20:07:18.0687 5624 Rasl2tp - ok
20:07:18.0703 5624 RasMan - ok
20:07:18.0703 5624 RasPppoe - ok
20:07:18.0703 5624 Raspti - ok
20:07:18.0703 5624 Rdbss - ok
20:07:18.0703 5624 RDPCDD - ok
20:07:18.0703 5624 rdpdr - ok
20:07:18.0703 5624 RDPWD - ok
20:07:18.0718 5624 RDSessMgr - ok
20:07:18.0718 5624 redbook - ok
20:07:18.0718 5624 RemoteAccess - ok
20:07:18.0718 5624 RemoteRegistry - ok
20:07:18.0718 5624 rimmptsk - ok
20:07:18.0718 5624 rismc32 - ok
20:07:18.0718 5624 RoxMediaDB10 - ok
20:07:18.0734 5624 RpcLocator - ok
20:07:18.0734 5624 RpcSs - ok
20:07:18.0734 5624 RSVP - ok
20:07:18.0734 5624 SamSs - ok
20:07:18.0734 5624 SASDIFSV - ok
20:07:18.0734 5624 SASKUTIL - ok
20:07:18.0734 5624 SCardSvr - ok
20:07:18.0734 5624 Schedule - ok
20:07:18.0765 5624 sdbus - ok
20:07:18.0765 5624 Secdrv - ok
20:07:18.0765 5624 seclogon - ok
20:07:18.0765 5624 SENS - ok
20:07:18.0765 5624 Ser2pl - ok
20:07:18.0765 5624 Serenum - ok
20:07:18.0765 5624 Serial - ok
20:07:18.0781 5624 SFAUDIO - ok
20:07:18.0781 5624 Sfloppy - ok
20:07:18.0781 5624 SgeCtl - ok
20:07:18.0781 5624 SgeFlt - ok
20:07:18.0781 5624 SgLogPlayer - ok
20:07:18.0796 5624 SharedAccess - ok
20:07:18.0796 5624 ShellHWDetection - ok
20:07:18.0796 5624 Simbad - ok
20:07:18.0796 5624 SmcService - ok
20:07:18.0796 5624 SNAC - ok
20:07:18.0796 5624 SONYPVU1 - ok
20:07:18.0812 5624 Sparrow - ok
20:07:18.0812 5624 SPBBCDrv - ok
20:07:18.0812 5624 splitter - ok
20:07:18.0812 5624 Spooler - ok
20:07:18.0812 5624 sr - ok
20:07:18.0812 5624 srservice - ok
20:07:18.0812 5624 SRTSP - ok
20:07:18.0828 5624 SRTSPL - ok
20:07:18.0828 5624 SRTSPX - ok
20:07:18.0828 5624 Srv - ok
20:07:18.0828 5624 SSDPSRV - ok
20:07:18.0828 5624 stisvc - ok
20:07:18.0828 5624 stllssvr - ok
20:07:18.0828 5624 swenum - ok
20:07:18.0828 5624 SWIHPWMI - ok
20:07:18.0843 5624 swmidi - ok
20:07:18.0843 5624 SwPrv - ok
20:07:18.0843 5624 Symantec AntiVirus - ok
20:07:18.0843 5624 symc810 - ok
20:07:18.0843 5624 symc8xx - ok
20:07:18.0843 5624 SymEvent - ok
20:07:18.0859 5624 sym_hi - ok
20:07:18.0859 5624 sym_u3 - ok
20:07:18.0859 5624 SynTP - ok
20:07:18.0859 5624 sysaudio - ok
20:07:18.0859 5624 SysmonLog - ok
20:07:18.0859 5624 TapiSrv - ok
20:07:18.0859 5624 Tcpip - ok
20:07:18.0859 5624 TDPIPE - ok
20:07:18.0875 5624 TDTCP - ok
20:07:18.0875 5624 Teefer2 - ok
20:07:18.0875 5624 TermDD - ok
20:07:18.0875 5624 TermService - ok
20:07:18.0875 5624 Themes - ok
20:07:18.0875 5624 TlntSvr - ok
20:07:18.0875 5624 TomTomHOMEService - ok
20:07:18.0890 5624 TosIde - ok
20:07:18.0890 5624 TrkWks - ok
20:07:18.0890 5624 Udfs - ok
20:07:18.0890 5624 ultra - ok
20:07:18.0890 5624 UNS - ok
20:07:18.0890 5624 Update - ok
20:07:18.0890 5624 upnphost - ok
20:07:18.0890 5624 UPS - ok
20:07:18.0906 5624 usbccgp - ok
20:07:18.0906 5624 usbehci - ok
20:07:18.0906 5624 usbhub - ok
20:07:18.0906 5624 usbprint - ok
20:07:18.0906 5624 usbser - ok
20:07:18.0906 5624 USBSTOR - ok
20:07:18.0906 5624 usbuhci - ok
20:07:18.0921 5624 VgaSave - ok
20:07:18.0921 5624 ViaIde - ok
20:07:18.0921 5624 VolSnap - ok
20:07:18.0921 5624 vsdatant - ok
20:07:18.0921 5624 VSS - ok
20:07:18.0921 5624 W32Time - ok
20:07:18.0921 5624 Wanarp - ok
20:07:18.0921 5624 Wdf01000 - ok
20:07:18.0937 5624 WDICA - ok
20:07:18.0937 5624 wdmaud - ok
20:07:18.0937 5624 WebClient - ok
20:07:18.0937 5624 winmgmt - ok
20:07:18.0937 5624 WmdmPmSN - ok
20:07:18.0953 5624 Wmi - ok
20:07:18.0953 5624 WmiAcpi - ok
20:07:18.0953 5624 WmiApSrv - ok
20:07:18.0953 5624 WMPNetworkSvc - ok
20:07:18.0953 5624 WpdUsb - ok
20:07:18.0953 5624 WPFFontCache_v0400 - ok
20:07:18.0953 5624 WPS - ok
20:07:18.0968 5624 WpsHelper - ok
20:07:18.0968 5624 WS2IFSL - ok
20:07:18.0968 5624 wscsvc - ok
20:07:18.0968 5624 wuauserv - ok
20:07:18.0968 5624 WudfPf - ok
20:07:18.0968 5624 WudfRd - ok
20:07:18.0968 5624 WudfSvc - ok
20:07:18.0984 5624 WZCSVC - ok
20:07:18.0984 5624 xmlprov - ok
20:07:19.0015 5624 MBR (0x1B8) (55b1d73e6b30f5b5fc43b3148ff1b52d) \Device\Harddisk0\DR0
20:07:19.0140 5624 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
20:07:19.0140 5624 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
20:07:19.0140 5624 Boot (0x1200) (46e7e8e535fa6e16352de8f299563f33) \Device\Harddisk0\DR0\Partition0
20:07:19.0140 5624 \Device\Harddisk0\DR0\Partition0 - ok
20:07:19.0140 5624 ============================================================
20:07:19.0140 5624 Scan finished
20:07:19.0140 5624 ============================================================
20:07:19.0140 3788 Detected object count: 1
20:07:19.0140 3788 Actual detected object count: 1
20:07:29.0687 3788 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
20:07:29.0687 3788 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
20:07:49.0218 4824 Deinitialize success

[jaro3]

20:07:29.0687 3788 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
20:07:29.0687 3788 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

Proč si to přeskočil????

Udělej to ještě jednou a nezasahuj do toho!!

[tomas_ch]

nic jsem nepreskakoval....
ted jsem to spustil znovu.... potreboval bych ti poslat screen v jpg.
jak se to tu sakra posila?

???? co s tim?

diky

log je zde:

17:30:21.0656 3268 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:30:21.0656 3268 ============================================================
17:30:21.0656 3268 Current date / time: 2012/03/29 17:30:21.0656
17:30:21.0656 3268 SystemInfo:
17:30:21.0656 3268
17:30:21.0656 3268 OS Version: 5.1.2600 ServicePack: 3.0
17:30:21.0656 3268 Product type: Workstation
17:30:21.0656 3268 ComputerName: BW020163
17:30:21.0656 3268 UserName: g019025
17:30:21.0656 3268 Windows directory: C:\WINDOWS
17:30:21.0656 3268 System windows directory: C:\WINDOWS
17:30:21.0656 3268 Processor architecture: Intel x86
17:30:21.0656 3268 Number of processors: 2
17:30:21.0656 3268 Page size: 0x1000
17:30:21.0656 3268 Boot type: Normal boot
17:30:21.0656 3268 ============================================================
17:30:22.0078 3268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:30:22.0078 3268 \Device\Harddisk0\DR0:
17:30:22.0078 3268 MBR used
17:30:22.0078 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:30:22.0078 3268 Initialize success
17:30:22.0078 3268 ============================================================
17:30:31.0328 2652 ============================================================
17:30:31.0328 2652 Scan started
17:30:31.0328 2652 Mode: Manual;
17:30:31.0328 2652 ============================================================
17:30:31.0328 2652 !SASCORE - ok
17:30:31.0343 2652 Abiosdsk - ok
17:30:31.0359 2652 abp480n5 - ok
17:30:31.0359 2652 Accelerometer - ok
17:30:31.0359 2652 accoca - ok
17:30:31.0375 2652 ACPI - ok
17:30:31.0375 2652 ACPIEC - ok
17:30:31.0375 2652 ADIHdAudAddService - ok
17:30:31.0390 2652 adpu160m - ok
17:30:31.0390 2652 AEAudio - ok
17:30:31.0406 2652 aec - ok
17:30:31.0406 2652 AES-256 - ok
17:30:31.0406 2652 AFD - ok
17:30:31.0421 2652 AgereModemAudio - ok
17:30:31.0421 2652 AgereSoftModem - ok
17:30:31.0421 2652 Aha154x - ok
17:30:31.0437 2652 aic78u2 - ok
17:30:31.0437 2652 aic78xx - ok
17:30:31.0437 2652 aksfridge - ok
17:30:31.0453 2652 akshasp - ok
17:30:31.0453 2652 akshhl - ok
17:30:31.0453 2652 aksusb - ok
17:30:31.0468 2652 Alerter - ok
17:30:31.0468 2652 ALG - ok
17:30:31.0468 2652 AliIde - ok
17:30:31.0484 2652 amsint - ok
17:30:31.0484 2652 AppMgmt - ok
17:30:31.0484 2652 Arp1394 - ok
17:30:31.0484 2652 asc - ok
17:30:31.0484 2652 asc3350p - ok
17:30:31.0484 2652 asc3550 - ok
17:30:31.0500 2652 aspnet_state - ok
17:30:31.0500 2652 AsyncMac - ok
17:30:31.0500 2652 atapi - ok
17:30:31.0500 2652 Atdisk - ok
17:30:31.0500 2652 Atmarpc - ok
17:30:31.0500 2652 AudioSrv - ok
17:30:31.0500 2652 audstub - ok
17:30:31.0515 2652 Beep - ok
17:30:31.0515 2652 BITS - ok
17:30:31.0515 2652 Browser - ok
17:30:31.0515 2652 btaudio - ok
17:30:31.0515 2652 BTDriver - ok
17:30:31.0515 2652 BTKRNL - ok
17:30:31.0515 2652 btwdins - ok
17:30:31.0515 2652 BTWDNDIS - ok
17:30:31.0515 2652 BTWUSB - ok
17:30:31.0531 2652 catchme - ok
17:30:31.0531 2652 CBA8 - ok
17:30:31.0531 2652 cbidf2k - ok
17:30:31.0531 2652 ccEvtMgr - ok
17:30:31.0531 2652 ccSetMgr - ok
17:30:31.0531 2652 cd20xrnt - ok
17:30:31.0531 2652 Cdaudio - ok
17:30:31.0531 2652 Cdfs - ok
17:30:31.0546 2652 cdprku - ok
17:30:31.0546 2652 Cdrom - ok
17:30:31.0546 2652 CentennialClientAgent - ok
17:30:31.0546 2652 CentennialIPTransferAgent - ok
17:30:31.0546 2652 Changer - ok
17:30:31.0546 2652 cisvc - ok
17:30:31.0546 2652 ClipSrv - ok
17:30:31.0562 2652 clr_optimization_v2.0.50727_32 - ok
17:30:31.0562 2652 clr_optimization_v4.0.30319_32 - ok
17:30:31.0562 2652 CmBatt - ok
17:30:31.0562 2652 CmdIde - ok
17:30:31.0562 2652 COH_Mon - ok
17:30:31.0562 2652 Com4QLBEx - ok
17:30:31.0562 2652 Compbatt - ok
17:30:31.0578 2652 COMSysApp - ok
17:30:31.0578 2652 Cpqarray - ok
17:30:31.0578 2652 CronService - ok
17:30:31.0578 2652 CryptSvc - ok
17:30:31.0578 2652 CVirtA - ok
17:30:31.0578 2652 CVPND - ok
17:30:31.0578 2652 CVPNDRVA - ok
17:30:31.0593 2652 dac2w2k - ok
17:30:31.0593 2652 dac960nt - ok
17:30:31.0593 2652 DcomLaunch - ok
17:30:31.0593 2652 Dhcp - ok
17:30:31.0593 2652 Disk - ok
17:30:31.0593 2652 dmadmin - ok
17:30:31.0593 2652 dmboot - ok
17:30:31.0593 2652 dmio - ok
17:30:31.0609 2652 dmload - ok
17:30:31.0609 2652 dmserver - ok
17:30:31.0609 2652 DMusic - ok
17:30:31.0609 2652 DNE - ok
17:30:31.0609 2652 Dnscache - ok
17:30:31.0609 2652 Dot3svc - ok
17:30:31.0609 2652 Dot4 - ok
17:30:31.0609 2652 Dot4Print - ok
17:30:31.0625 2652 dot4usb - ok
17:30:31.0625 2652 dpti2o - ok
17:30:31.0625 2652 drmkaud - ok
17:30:31.0625 2652 e1yexpress - ok
17:30:31.0625 2652 EapHost - ok
17:30:31.0625 2652 eeCtrl - ok
17:30:31.0625 2652 EraserUtilRebootDrv - ok
17:30:31.0625 2652 ersupext - ok
17:30:31.0640 2652 ERSvc - ok
17:30:31.0640 2652 esiCore - ok
17:30:31.0640 2652 Eventlog - ok
17:30:31.0640 2652 EventSystem - ok
17:30:31.0640 2652 Fastfat - ok
17:30:31.0640 2652 FastUserSwitchingCompatibility - ok
17:30:31.0640 2652 Fdc - ok
17:30:31.0640 2652 Fips - ok
17:30:31.0656 2652 Flpydisk - ok
17:30:31.0656 2652 FltMgr - ok
17:30:31.0656 2652 FontCache3.0.0.0 - ok
17:30:31.0656 2652 Fs_Rec - ok
17:30:31.0656 2652 FTDIBUS - ok
17:30:31.0656 2652 Ftdisk - ok
17:30:31.0656 2652 FTSER2K - ok
17:30:31.0656 2652 Gpc - ok
17:30:31.0671 2652 hardlock - ok
17:30:31.0671 2652 HBtnKey - ok
17:30:31.0671 2652 HDAudBus - ok
17:30:31.0671 2652 HECI - ok
17:30:31.0671 2652 helpsvc - ok
17:30:31.0671 2652 HidServ - ok
17:30:31.0671 2652 hidusb - ok
17:30:31.0671 2652 hkmsvc - ok
17:30:31.0687 2652 hpdskflt - ok
17:30:31.0687 2652 hpn - ok
17:30:31.0687 2652 HpqKbFiltr - ok
17:30:31.0687 2652 hpqwmiex - ok
17:30:31.0687 2652 hpt3xx - ok
17:30:31.0687 2652 HPZid412 - ok
17:30:31.0687 2652 HPZipr12 - ok
17:30:31.0703 2652 HPZius12 - ok
17:30:31.0703 2652 HTTP - ok
17:30:31.0703 2652 HTTPFilter - ok
17:30:31.0703 2652 i2omgmt - ok
17:30:31.0703 2652 i2omp - ok
17:30:31.0703 2652 i8042prt - ok
17:30:31.0703 2652 ialm - ok
17:30:31.0703 2652 iaStor - ok
17:30:31.0718 2652 IDriverT - ok
17:30:31.0718 2652 idsvc - ok
17:30:31.0718 2652 IFXTPM - ok
17:30:31.0718 2652 Imapi - ok
17:30:31.0718 2652 ImapiService - ok
17:30:31.0718 2652 ini910u - ok
17:30:31.0718 2652 Intel Local Scheduler Service - ok
17:30:31.0734 2652 Intel PDS - ok
17:30:31.0734 2652 Intel QIP Client Service - ok
17:30:31.0734 2652 IntelIde - ok
17:30:31.0734 2652 intelppm - ok
17:30:31.0734 2652 ip6fw - ok
17:30:31.0734 2652 IpFilterDriver - ok
17:30:31.0734 2652 IpInIp - ok
17:30:31.0750 2652 IpNat - ok
17:30:31.0750 2652 IPSec - ok
17:30:31.0750 2652 IRENUM - ok
17:30:31.0750 2652 isapnp - ok
17:30:31.0750 2652 IviRegMgr - ok
17:30:31.0750 2652 JavaQuickStarterService - ok
17:30:31.0750 2652 Kbdclass - ok
17:30:31.0765 2652 kbdhid - ok
17:30:31.0765 2652 kmixer - ok
17:30:31.0765 2652 KSecDD - ok
17:30:31.0765 2652 lanmanserver - ok
17:30:31.0765 2652 lanmanworkstation - ok
17:30:31.0765 2652 LanProbe - ok
17:30:31.0765 2652 lbrtfdc - ok
17:30:31.0781 2652 ldblank - ok
17:30:31.0781 2652 ldmirror - ok
17:30:31.0781 2652 LightScribeService - ok
17:30:31.0781 2652 LiveUpdate - ok
17:30:31.0781 2652 LmHosts - ok
17:30:31.0781 2652 LMS - ok
17:30:31.0781 2652 mdvsrv - ok
17:30:31.0781 2652 Messenger - ok
17:30:31.0796 2652 mirrorflt - ok
17:30:31.0796 2652 mnmdd - ok
17:30:31.0796 2652 mnmsrvc - ok
17:30:31.0796 2652 Modem - ok
17:30:31.0796 2652 Mouclass - ok
17:30:31.0796 2652 mouhid - ok
17:30:31.0796 2652 MountMgr - ok
17:30:31.0812 2652 mraid35x - ok
17:30:31.0812 2652 MRxDAV - ok
17:30:31.0812 2652 MRxSmb - ok
17:30:31.0812 2652 MSDTC - ok
17:30:31.0812 2652 Msfs - ok
17:30:31.0812 2652 MSIServer - ok
17:30:31.0812 2652 MSKSSRV - ok
17:30:31.0828 2652 MSPCLOCK - ok
17:30:31.0828 2652 MSPQM - ok
17:30:31.0828 2652 mssmbios - ok
17:30:31.0828 2652 Mup - ok
17:30:31.0828 2652 napagent - ok
17:30:31.0828 2652 NAVENG - ok
17:30:31.0828 2652 NAVEX15 - ok
17:30:31.0828 2652 NDIS - ok
17:30:31.0843 2652 NdisTapi - ok
17:30:31.0843 2652 Ndisuio - ok
17:30:31.0843 2652 NdisWan - ok
17:30:31.0843 2652 NDProxy - ok
17:30:31.0843 2652 NetBIOS - ok
17:30:31.0843 2652 NetBT - ok
17:30:31.0843 2652 NetDDE - ok
17:30:31.0859 2652 NetDDEdsdm - ok
17:30:31.0859 2652 Netlogon - ok
17:30:31.0859 2652 Netman - ok
17:30:31.0859 2652 NetReflect_Service - ok
17:30:31.0859 2652 NetTcpPortSharing - ok
17:30:31.0859 2652 NETw5x32 - ok
17:30:31.0859 2652 NIC1394 - ok
17:30:31.0859 2652 Nla - ok
17:30:31.0875 2652 nm - ok
17:30:31.0875 2652 Npfs - ok
17:30:31.0875 2652 NSNDIS5 - ok
17:30:31.0875 2652 Ntfs - ok
17:30:31.0875 2652 NtLmSsp - ok
17:30:31.0875 2652 NtmsSvc - ok
17:30:31.0875 2652 NuidFltr - ok
17:30:31.0875 2652 Null - ok
17:30:31.0890 2652 NwlnkFlt - ok
17:30:31.0890 2652 NwlnkFwd - ok
17:30:31.0890 2652 ohci1394 - ok
17:30:31.0890 2652 ose - ok
17:30:31.0890 2652 osppsvc - ok
17:30:31.0890 2652 Parport - ok
17:30:31.0890 2652 PartMgr - ok
17:30:31.0906 2652 ParVdm - ok
17:30:31.0906 2652 PCI - ok
17:30:31.0906 2652 PCIDump - ok
17:30:31.0906 2652 PCIIde - ok
17:30:31.0906 2652 Pcmcia - ok
17:30:31.0906 2652 PDCOMP - ok
17:30:31.0906 2652 PDFRAME - ok
17:30:31.0906 2652 PDRELI - ok
17:30:31.0921 2652 PDRFRAME - ok
17:30:31.0921 2652 perc2 - ok
17:30:31.0921 2652 perc2hib - ok
17:30:31.0921 2652 PlugPlay - ok
17:30:31.0921 2652 Pml Driver HPZ12 - ok
17:30:31.0937 2652 PolicyAgent - ok
17:30:31.0937 2652 PptpMiniport - ok
17:30:31.0937 2652 Processor - ok
17:30:31.0937 2652 ProtectedStorage - ok
17:30:31.0937 2652 Ptilink - ok
17:30:31.0937 2652 PxHelp20 - ok
17:30:31.0937 2652 QCFilterhp - ok
17:30:31.0937 2652 qcusbnethp - ok
17:30:31.0953 2652 qcusbserhp - ok
17:30:31.0953 2652 QDLService - ok
17:30:31.0953 2652 ql1080 - ok
17:30:31.0953 2652 Ql10wnt - ok
17:30:31.0953 2652 ql12160 - ok
17:30:31.0953 2652 ql1240 - ok
17:30:31.0953 2652 ql1280 - ok
17:30:31.0953 2652 RasAcd - ok
17:30:31.0968 2652 RasAuto - ok
17:30:31.0968 2652 Rasl2tp - ok
17:30:31.0968 2652 RasMan - ok
17:30:31.0968 2652 RasPppoe - ok
17:30:31.0968 2652 Raspti - ok
17:30:31.0968 2652 Rdbss - ok
17:30:31.0968 2652 RDPCDD - ok
17:30:31.0984 2652 rdpdr - ok
17:30:31.0984 2652 RDPWD - ok
17:30:31.0984 2652 RDSessMgr - ok
17:30:31.0984 2652 redbook - ok
17:30:31.0984 2652 RemoteAccess - ok
17:30:31.0984 2652 RemoteRegistry - ok
17:30:31.0984 2652 rimmptsk - ok
17:30:31.0984 2652 rismc32 - ok
17:30:32.0000 2652 RoxMediaDB10 - ok
17:30:32.0000 2652 RpcLocator - ok
17:30:32.0000 2652 RpcSs - ok
17:30:32.0000 2652 RSVP - ok
17:30:32.0000 2652 SamSs - ok
17:30:32.0000 2652 SASDIFSV - ok
17:30:32.0000 2652 SASKUTIL - ok
17:30:32.0015 2652 SCardSvr - ok
17:30:32.0015 2652 Schedule - ok
17:30:32.0031 2652 sdbus - ok
17:30:32.0031 2652 Secdrv - ok
17:30:32.0031 2652 seclogon - ok
17:30:32.0046 2652 SENS - ok
17:30:32.0046 2652 Ser2pl - ok
17:30:32.0046 2652 Serenum - ok
17:30:32.0046 2652 Serial - ok
17:30:32.0046 2652 SFAUDIO - ok
17:30:32.0062 2652 Sfloppy - ok
17:30:32.0062 2652 SgeCtl - ok
17:30:32.0062 2652 SgeFlt - ok
17:30:32.0062 2652 SgLogPlayer - ok
17:30:32.0062 2652 SharedAccess - ok
17:30:32.0062 2652 ShellHWDetection - ok
17:30:32.0062 2652 Simbad - ok
17:30:32.0062 2652 SmcService - ok
17:30:32.0078 2652 SNAC - ok
17:30:32.0078 2652 SONYPVU1 - ok
17:30:32.0078 2652 Sparrow - ok
17:30:32.0078 2652 SPBBCDrv - ok
17:30:32.0078 2652 splitter - ok
17:30:32.0093 2652 Spooler - ok
17:30:32.0093 2652 sr - ok
17:30:32.0093 2652 srservice - ok
17:30:32.0093 2652 SRTSP - ok
17:30:32.0093 2652 SRTSPL - ok
17:30:32.0093 2652 SRTSPX - ok
17:30:32.0093 2652 Srv - ok
17:30:32.0093 2652 SSDPSRV - ok
17:30:32.0109 2652 stisvc - ok
17:30:32.0109 2652 stllssvr - ok
17:30:32.0109 2652 swenum - ok
17:30:32.0109 2652 SWIHPWMI - ok
17:30:32.0109 2652 swmidi - ok
17:30:32.0109 2652 SwPrv - ok
17:30:32.0125 2652 Symantec AntiVirus - ok
17:30:32.0125 2652 symc810 - ok
17:30:32.0125 2652 symc8xx - ok
17:30:32.0125 2652 SymEvent - ok
17:30:32.0125 2652 sym_hi - ok
17:30:32.0125 2652 sym_u3 - ok
17:30:32.0125 2652 SynTP - ok
17:30:32.0125 2652 sysaudio - ok
17:30:32.0140 2652 SysmonLog - ok
17:30:32.0140 2652 TapiSrv - ok
17:30:32.0140 2652 Tcpip - ok
17:30:32.0140 2652 TDPIPE - ok
17:30:32.0140 2652 TDTCP - ok
17:30:32.0140 2652 Teefer2 - ok
17:30:32.0140 2652 TermDD - ok
17:30:32.0140 2652 TermService - ok
17:30:32.0156 2652 Themes - ok
17:30:32.0156 2652 TlntSvr - ok
17:30:32.0156 2652 TomTomHOMEService - ok
17:30:32.0156 2652 TosIde - ok
17:30:32.0156 2652 TrkWks - ok
17:30:32.0156 2652 Udfs - ok
17:30:32.0156 2652 ultra - ok
17:30:32.0171 2652 UNS - ok
17:30:32.0171 2652 Update - ok
17:30:32.0171 2652 upnphost - ok
17:30:32.0171 2652 UPS - ok
17:30:32.0171 2652 usbccgp - ok
17:30:32.0171 2652 usbehci - ok
17:30:32.0171 2652 usbhub - ok
17:30:32.0171 2652 usbprint - ok
17:30:32.0187 2652 usbser - ok
17:30:32.0187 2652 USBSTOR - ok
17:30:32.0187 2652 usbuhci - ok
17:30:32.0187 2652 VgaSave - ok
17:30:32.0187 2652 ViaIde - ok
17:30:32.0187 2652 VolSnap - ok
17:30:32.0187 2652 vsdatant - ok
17:30:32.0203 2652 VSS - ok
17:30:32.0203 2652 W32Time - ok
17:30:32.0203 2652 Wanarp - ok
17:30:32.0203 2652 Wdf01000 - ok
17:30:32.0203 2652 WDICA - ok
17:30:32.0203 2652 wdmaud - ok
17:30:32.0203 2652 WebClient - ok
17:30:32.0218 2652 winmgmt - ok
17:30:32.0218 2652 WmdmPmSN - ok
17:30:32.0218 2652 Wmi - ok
17:30:32.0218 2652 WmiAcpi - ok
17:30:32.0218 2652 WmiApSrv - ok
17:30:32.0234 2652 WMPNetworkSvc - ok
17:30:32.0234 2652 WpdUsb - ok
17:30:32.0234 2652 WPFFontCache_v0400 - ok
17:30:32.0234 2652 WPS - ok
17:30:32.0234 2652 WpsHelper - ok
17:30:32.0234 2652 WS2IFSL - ok
17:30:32.0234 2652 wscsvc - ok
17:30:32.0234 2652 wuauserv - ok
17:30:32.0250 2652 WudfPf - ok
17:30:32.0250 2652 WudfRd - ok
17:30:32.0250 2652 WudfSvc - ok
17:30:32.0250 2652 WZCSVC - ok
17:30:32.0250 2652 xmlprov - ok
17:30:32.0281 2652 MBR (0x1B8) (55b1d73e6b30f5b5fc43b3148ff1b52d) \Device\Harddisk0\DR0
17:30:32.0406 2652 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
17:30:32.0406 2652 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
17:30:32.0406 2652 Boot (0x1200) (46e7e8e535fa6e16352de8f299563f33) \Device\Harddisk0\DR0\Partition0
17:30:32.0406 2652 \Device\Harddisk0\DR0\Partition0 - ok
17:30:32.0406 2652 ============================================================
17:30:32.0406 2652 Scan finished
17:30:32.0406 2652 ============================================================
17:30:32.0406 2764 Detected object count: 1
17:30:32.0406 2764 Actual detected object count: 1

[jaro3]

Spusť znovu aswMBR , dej sken a poté klikni na „Fix MBR“

Zavři program , restartuj PC ,
Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.

po restartu znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

File::
c:\windows\Temp\Perflib_Perfdata_d6c.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh009.dat

Folder::
c:\windows\D6E0101535D044AEBE268A7F8EB83710.TMP

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[tomas_ch]

Tak mi to umrelo.... po restartu bliklo logo HP a potom konec.... vlevo nahore je pismeno "j" a vedle blika kurzor

[jaro3]

pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.