prosím o preventivní kontrolu logu

[jerabina]

Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Fix/FixMBR“ a následně na „Save Log“ a ulož si log na plochu. Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

File::
c:\windows\system32\eEmpty.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć
*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Reklama]

[mafian]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-05 20:50:15
-----------------------------
20:50:15.353 OS Version: Windows 5.1.2600 Service Pack 3
20:50:15.353 Number of processors: 4 586 0x402
20:50:15.353 ComputerName: ADMIN UserName:
20:50:17.822 Initialize success
20:50:17.915 VM: initialized successfully
20:50:17.915 VM: Amd CPU BiosDisabled
20:50:37.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:50:37.241 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476938MB BusType: 3
20:50:37.303 Disk 0 MBR read successfully
20:50:37.303 Disk 0 MBR scan
20:50:37.303 Disk 0 Windows 7 default MBR code
20:50:37.616 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70001 MB offset 63
20:50:37.647 Disk 0 Boot: NTFS code=1
20:50:37.662 Disk 0 Partition - 00 0F Extended LBA 61059 MB offset 143364060
20:50:37.662 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 345875 MB offset 268414020
20:50:37.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61059 MB offset 143364123
20:50:37.678 Disk 0 scanning sectors +976768065
20:50:37.694 Disk 0 scanning C:\WINDOWS\system32\drivers
20:50:42.021 Service scanning
20:50:47.474 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:50:49.583 Modules scanning
20:50:49.583 \Driver\atapi DriverInit @ 0x8b1c6298 suspicious
20:50:49.583 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b23c1f8 suspicious
20:50:49.598 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b23c1f8 suspicious
20:50:49.598 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b23c1f8 suspicious
20:50:49.598 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b23c1f8 suspicious
20:50:49.598 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b23c1f8 suspicious
20:50:49.598 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b23c1f8 suspicious
20:50:49.614 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b23c1f8 suspicious
20:50:49.614 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b23c1f8 suspicious
20:50:49.614 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b23c1f8 suspicious
20:50:49.614 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b23c1f8 suspicious
20:50:49.614 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b06a1f8 suspicious
20:50:49.614 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b06a1f8 suspicious
20:50:49.645 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b06a1f8 suspicious
20:50:49.661 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b06a1f8 suspicious
20:50:49.661 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8b06a1f8 suspicious
20:50:49.661 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b06a1f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b1c71f8 suspicious
20:50:49.661 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b1c71f8 suspicious
20:50:49.676 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b1c71f8 suspicious
20:50:49.676 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b1c71f8 suspicious
20:50:49.676 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b1c71f8 suspicious
20:50:49.676 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8a108500 suspicious
20:50:49.692 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8a108500 suspicious
20:50:49.692 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8a108500 suspicious
20:50:49.692 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8a108500 suspicious
20:50:49.692 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8a108500 suspicious
20:50:49.692 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8b050500 suspicious
20:50:49.708 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b050500 suspicious
20:50:49.708 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8b050500 suspicious
20:50:49.708 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8b050500 suspicious
20:50:49.708 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b050500 suspicious
20:50:49.708 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b050500 suspicious
20:50:49.723 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b050500 suspicious
20:50:49.723 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b050500 suspicious
20:50:49.723 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8b050500 suspicious
20:50:49.723 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b050500 suspicious
20:50:49.739 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b0661f8 suspicious
20:50:49.755 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_CREATE ] @ 0x8af1e500 suspicious
20:50:49.755 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_CLOSE ] @ 0x8af1e500 suspicious
20:50:49.755 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8af1e500 suspicious
20:50:49.770 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8af1e500 suspicious
20:50:49.770 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_POWER ] @ 0x8af1e500 suspicious
20:50:49.770 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8af1e500 suspicious
20:50:49.770 Disk 0 trace - called modules:
20:50:49.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spaz.sys >>UNKNOWN [0x8b1e7938]<<
20:50:49.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b182ab8]
20:50:49.786 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8b245eb0]
20:50:49.801 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b171940]
20:50:49.801 Disk 0 statistics 94293/0/0 @ 11,29 MB/s
20:50:49.801 Scan finished successfully
20:50:57.363 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\uživatel\Dokumenty\MBR.dat"
20:50:57.378 The log file has been saved successfully to "C:\Documents and Settings\uživatel\Dokumenty\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-09 18:48:24
-----------------------------
18:48:24.140 OS Version: Windows 5.1.2600 Service Pack 3
18:48:24.140 Number of processors: 4 586 0x402
18:48:24.140 ComputerName: ADMIN UserName:
18:48:25.109 Initialize success
18:48:25.187 VM: initialized successfully
18:48:25.187 VM: Amd CPU BiosDisabled
18:48:35.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:48:35.015 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476938MB BusType: 3
18:48:35.109 Disk 0 MBR read successfully
18:48:35.109 Disk 0 MBR scan
18:48:35.109 Disk 0 Windows 7 default MBR code
18:48:37.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70001 MB offset 63
18:48:37.703 Disk 0 Boot: NTFS code=1
18:48:37.703 Disk 0 Partition - 00 0F Extended LBA 61059 MB offset 143364060
18:48:37.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 345875 MB offset 268414020
18:48:37.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61059 MB offset 143364123
18:48:37.765 Disk 0 scanning sectors +976768065
18:48:37.859 Disk 0 scanning C:\WINDOWS\system32\drivers
18:48:43.625 Service scanning
18:48:55.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:48:57.609 Modules scanning
18:48:57.609 \Driver\atapi DriverInit @ 0x8b013298 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b0891f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ae301f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b0141f8 suspicious
18:48:57.609 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8ac28500 suspicious
18:48:57.609 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ac28500 suspicious
18:48:57.609 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ac28500 suspicious
18:48:57.609 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ac28500 suspicious
18:48:57.609 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8ac28500 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ae131f8 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ae2f500 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_CREATE ] @ 0x8ad541f8 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_CLOSE ] @ 0x8ad541f8 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8ad541f8 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8ad541f8 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_POWER ] @ 0x8ad541f8 suspicious
18:48:57.609 \Driver\dtsoftbus01 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8ad541f8 suspicious
18:48:57.609 Disk 0 trace - called modules:
18:48:57.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzy.sys >>UNKNOWN [0x8b034938]<<
18:48:57.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afcfab8]
18:48:57.640 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000075[0x8b092aa8]
18:48:57.640 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8afd0d98]
18:48:57.640 Disk 0 statistics 94293/0/0 @ 6,23 MB/s
18:48:57.640 Scan finished successfully
18:50:23.015 Verifying
18:50:33.031 Disk 0 Windows 501 MBR fixed successfully
18:50:46.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\uživatel\Dokumenty\MBR.dat"
18:50:46.625 The log file has been saved successfully to "C:\Documents and Settings\uživatel\Dokumenty\aswMBR.txt"

to další dodělám večer

[Orcus]

OK, až doděláš, dodej log.

[mafian]

ComboFix 15-05-09.01 - uživatel 10.05.2015 10:54:12.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2658 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel\Plocha\CFScript.txt
AV: AVG Internet Security 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2015 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\eEmpty.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\eEmpty.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-10 do 2015-05-10 )))))))))))))))))))))))))))))))
.
.
2015-04-28 13:58 . 2015-04-29 18:34 -------- d-----w- C:\FRST
2015-04-28 08:11 . 2015-04-28 07:57 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-28 07:57 . 2015-04-28 08:08 -------- d-----w- C:\zoek_backup
2015-04-25 11:01 . 2001-10-24 10:24 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2015-04-25 11:00 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2015-04-25 10:59 . 2001-08-17 19:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2015-04-25 10:58 . 2001-10-24 10:24 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2015-04-25 10:57 . 2001-10-24 09:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2015-04-25 09:48 . 2015-04-25 09:48 -------- d-----w- C:\RegBackup
2015-04-24 09:16 . 2015-04-24 09:16 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-24 09:16 . 2015-04-24 09:16 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-24 09:03 . 2015-04-25 09:44 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-28 07:50 . 2015-01-12 09:20 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-25 11:08 . 2012-04-04 08:37 63488 ----a-w- c:\windows\system32\E_FD4BGCE.DLL
2015-03-25 09:24 . 2014-06-17 14:17 209376 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-02-25 16:28 . 2011-07-10 23:14 210912 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-03-25 3723728]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-11-17 16:18 2773328 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2000-01-01 00:00 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
2013-12-13 15:36 831488 ----a-w- c:\program files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\program files\OO Software\Defrag\oodtray.exe
"RTHDCPL"=RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\Microsoft-Office-2010-v1.0-CZ-Portable\\Microsoft Office 2010 Portable CZ by Sparrow v1.0\\MSO_2010_by_Sparrow.dat"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\uživatel\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56411:TCP"= 56411:TCP:Pando Media Booster
"56411:UDP"= 56411:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 4:50 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 4:46 265184]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 27416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2011 12:39 691696]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [13.5.2014 14:17 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [17.6.2014 16:17 209376]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 4:45 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 210912]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6.3.2014 13:31 43296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 18:21 239168]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2015\avgfws.exe [25.3.2015 11:29 1516968]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [25.3.2015 11:34 3416016]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [25.3.2015 11:21 309232]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [17.11.2011 18:17 2489680]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 20:31 2156952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16.4.2012 17:18 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 20:52 30944]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2.11.2012 13:53 43648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.9.2012 11:47 1691480]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [23.2.2009 0:16 7168]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 20:52 30944]
S3 etdrv;etdrv;c:\windows\etdrv.sys [23.7.2014 10:34 17488]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [2.6.2014 23:09 23040]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - SASKUTIL
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.100.0.100 10.10.10.10
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\5hb9nwi2.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 78.41.21.46
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.ssl - 78.41.21.46
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-10 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć
*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\System32\locator.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera_crashreporter.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
c:\program files\Opera\29.0.1795.47\opera.exe
.
**************************************************************************
.
Celkový čas: 2015-05-10 11:06:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-10 09:06
ComboFix2.txt 2015-05-05 19:03
.
Před spuštěním: Volných bajtů: 10 882 150 400
Po spuštění: Volných bajtů: 10 847 543 296
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8A8C1B30691FF2DFF857676BC035721A
390BC326F8DC9CA4922C5FB5BE1BFE42

[mople71]

Co problémy?

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + informuj o problémech.