Prosím o kontrolu

makinek · Příspěvekod **makinek** » 21 pro 2009 09:26

Dobrý den/Ahoj
Chtěl bych poprosit o kontrolu.
Nedávno jsem pc přeinstalovatl, ale teď jseme s avastem bojovali proti nějakému viru tak jestli je vše čisté.

Děkuji moc předem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:30, on 21.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TC UP\totalcmd.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9497270609
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6694 bytes

Reklama

Damned · Příspěvekod **Damned** » 21 pro 2009 11:52

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

makinek · Příspěvekod **makinek** » 21 pro 2009 13:13

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3402
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.12.2009 13:11:48
mbam-log-2009-12-21 (13-11-46).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106290
Uplynulý čas: 7 minute(s), 47 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Martin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.

Damned · Příspěvekod **Damned** » 21 pro 2009 14:00

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

makinek · Příspěvekod **makinek** » 21 pro 2009 14:51

Log z MbAM nemohu najít nevím kam se uložil :(
COmbofix několikrát restartoval pc 3x to ukázalo nějakou chybu a jednou nějakej rootkit nebo něco takového a potom to test udělalo...

log z combofix:
ComboFix 09-12-20.04 - Martin 21.12.2009 14:33:38.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1634 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091221-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RDPWD
-------\Service_TDTCP

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 11:56 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 11:56 . 2009-12-21 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 11:56 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 08:20 . 2009-12-21 08:20 -------- d-----w- c:\program files\CCleaner
2009-12-17 16:58 . 2009-12-19 18:50 -------- d-----w- c:\program files\rajce
2009-12-13 09:44 . 2009-12-13 09:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-13 09:43 . 2009-12-14 11:14 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 09:43 . 2009-12-13 09:44 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 07:31 . 2009-12-13 07:31 737280 ----a-w- c:\windows\iun6002.exe
2009-12-13 07:31 . 2009-12-13 07:31 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-12-12 20:57 . 2008-05-09 10:56 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-12-12 20:57 . 2008-05-09 10:56 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-12-12 20:57 . 2008-05-09 10:56 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-12-12 20:57 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-12-12 20:57 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\program files\Windows Sidebar
2009-12-12 12:38 . 2009-12-12 12:46 -------- d-----w- c:\program files\Nero
2009-12-12 12:38 . 2009-12-12 12:47 -------- d-----w- c:\program files\Common Files\Nero
2009-12-12 11:03 . 2009-12-12 11:03 -------- d-----w- c:\program files\Alcohol Soft
2009-12-12 11:00 . 2009-12-12 11:00 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-12 08:43 . 2009-12-12 08:43 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-12 08:43 . 2009-12-12 08:43 -------- d-----w- c:\program files\Reference Assemblies
2009-12-12 08:42 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-12 08:42 . 2009-12-12 08:43 -------- d-----w- C:\296b0f10cb70562f61e0
2009-12-12 08:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-12 08:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-12 08:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-12 08:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-12 08:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-12 08:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-12 08:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-12 08:42 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-12 07:41 . 2006-03-02 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-12 07:41 . 2006-03-02 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-12 07:41 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-12 07:41 . 2008-04-14 02:30 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-12 07:41 . 2008-04-14 03:21 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-12 07:41 . 2008-04-14 03:22 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-11 17:54 . 2009-12-11 17:57 -------- d-----w- c:\program files\nLite
2009-12-10 18:08 . 2009-12-10 18:08 -------- d-----w- c:\program files\MSBuild
2009-12-10 18:07 . 2009-12-10 18:07 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 18:05 . 2009-12-10 18:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-10 18:05 . 2009-12-10 18:05 -------- d-----w- c:\windows\SHELLNEW
2009-12-10 14:26 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-10 14:26 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-10 14:26 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-10 14:26 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-10 14:26 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-10 14:26 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-09 19:26 . 2009-06-25 08:27 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-12-09 19:26 . 2009-03-21 14:09 988160 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-12-09 19:26 . 2009-06-15 10:45 78336 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-12-09 19:26 . 2009-07-17 16:17 1437696 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-09 19:23 . 2009-06-10 06:16 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-09 19:23 . 2009-06-25 08:27 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2009-12-09 19:18 . 2008-10-23 12:42 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-12-09 19:18 . 2009-08-14 15:15 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-09 19:18 . 2008-06-24 16:44 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2009-12-09 19:18 . 2009-07-29 04:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-12-09 19:18 . 2009-07-29 04:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-12-09 19:18 . 2008-07-07 20:29 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-12-09 19:18 . 2009-06-10 14:15 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-12-09 19:18 . 2009-05-07 15:33 346624 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-12-09 19:18 . 2009-06-03 19:11 1293824 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-12-09 19:14 . 2009-09-04 21:05 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-09 19:14 . 2008-06-17 19:02 8465408 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-12-09 19:14 . 2009-08-25 09:19 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-12-09 19:13 . 2009-09-11 14:19 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-12-09 19:13 . 2009-06-25 08:27 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-12-09 19:13 . 2009-06-25 08:27 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-12-09 19:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-12-09 19:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-09 19:10 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-09 19:10 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-09 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-09 06:54 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-12-09 06:54 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-12-09 06:54 . 2008-04-14 03:20 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2009-12-09 06:54 . 2008-04-14 03:20 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2009-12-09 06:54 . 2006-03-02 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2009-12-09 06:54 . 2008-04-14 03:20 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2009-12-09 06:54 . 2006-03-02 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2009-12-09 06:52 . 2006-03-02 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-09 06:41 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-09 06:41 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-09 06:41 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-09 06:41 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-08 21:03 . 2009-12-21 08:22 -------- d-----w- c:\program files\trend micro
2009-12-08 20:22 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 16:12 . 2009-12-04 16:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-01 08:04 . 2009-12-01 08:04 -------- d-----w- c:\windows\Hewlett-Packard
2009-12-01 07:56 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-01 07:56 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-01 07:56 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-01 07:56 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-01 07:56 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-01 07:56 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-01 07:56 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-01 07:56 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-01 07:55 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-01 07:55 . 2009-12-01 07:55 -------- d-----w- c:\program files\Alwil Software
2009-11-30 13:46 . 2009-11-30 13:46 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-30 09:15 . 2009-11-30 09:15 -------- d-----w- c:\program files\MSXML 4.0
2009-11-30 06:43 . 2009-11-30 06:44 -------- d-----w- c:\program files\Common Files\HP
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-30 06:31 . 2006-04-10 13:03 48128 ----a-w- c:\windows\system32\hpzll054.dll
2009-11-30 06:31 . 2006-04-10 13:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2009-11-30 06:31 . 2006-01-03 17:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-11-30 06:31 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-30 06:31 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-11-30 06:31 . 2006-03-03 20:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-11-30 06:31 . 2006-03-03 20:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-11-30 06:31 . 2006-03-03 20:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-11-30 06:31 . 2006-03-03 20:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-11-30 06:31 . 2006-03-03 20:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-11-30 06:31 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 06:29 . 2009-12-01 08:04 -------- d-----w- c:\program files\HP
2009-11-30 06:22 . 2009-11-30 06:46 127768 ----a-w- c:\windows\hpoins11.dat
2009-11-30 06:11 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-29 18:51 . 2009-11-29 18:51 -------- d-----w- C:\outlook
2009-11-29 18:46 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-29 18:46 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-29 16:29 . 2009-12-10 14:25 -------- d-----w- c:\program files\Opera
2009-11-29 16:21 . 2009-12-12 12:08 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 21:11 . 2006-03-02 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 21:11 . 2006-03-02 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 06:50 . 2009-11-29 10:23 22944 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 12:37 . 2009-11-29 10:25 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-29 12:37 . 2009-11-29 10:25 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-29 11:00 . 2009-11-29 10:25 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-29 10:26 . 2009-11-29 10:26 -------- d-----w- c:\program files\microsoft frontpage
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"Gainward"="c:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\!!!!SYSTEMOVEJ\\!!!!1\\QIP\\qip.exe"=
"d:\\!strong\\StrongDC.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [29.11.2009 16:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [29.11.2009 16:38 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.12.2009 8:56 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.12.2009 8:56 20560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2009 12:00 639224]
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 14:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A144300]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> 0x8a144300
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xba605bb0
PacketIndicateHandler -> NDIS.sys @ 0xba612a21
SendHandler -> NDIS.sys @ 0xba5f087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2009-12-21 14:46:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-21 13:46

Před spuštěním: Volných bajtů: 25 877 331 968
Po spuštění: Volných bajtů: 27 532 587 008

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - FB4CF954EC9198078A790A9B342C2CA9

Damned · Příspěvekod **Damned** » 21 pro 2009 15:28

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\emptyregdb.dat

MBR::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

makinek · Příspěvekod **makinek** » 21 pro 2009 20:07

COmbofix:
ComboFix 09-12-20.08 - Martin 21.12.2009 18:53:05.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1631 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091221-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\emptyregdb.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\emptyregdb.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 11:56 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 11:56 . 2009-12-21 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 11:56 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 08:20 . 2009-12-21 08:20 -------- d-----w- c:\program files\CCleaner
2009-12-17 16:58 . 2009-12-19 18:50 -------- d-----w- c:\program files\rajce
2009-12-13 09:44 . 2009-12-13 09:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-13 09:43 . 2009-12-14 11:14 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 09:43 . 2009-12-13 09:44 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 07:31 . 2009-12-13 07:31 737280 ----a-w- c:\windows\iun6002.exe
2009-12-13 07:31 . 2009-12-13 07:31 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-12-12 20:57 . 2008-05-09 10:56 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-12-12 20:57 . 2008-05-09 10:56 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-12-12 20:57 . 2008-05-09 10:56 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-12-12 20:57 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-12-12 20:57 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\program files\Windows Sidebar
2009-12-12 12:38 . 2009-12-12 12:46 -------- d-----w- c:\program files\Nero
2009-12-12 12:38 . 2009-12-12 12:47 -------- d-----w- c:\program files\Common Files\Nero
2009-12-12 11:03 . 2009-12-12 11:03 -------- d-----w- c:\program files\Alcohol Soft
2009-12-12 11:00 . 2009-12-12 11:00 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-12 08:43 . 2009-12-12 08:43 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-12 08:43 . 2009-12-12 08:43 -------- d-----w- c:\program files\Reference Assemblies
2009-12-12 08:42 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-12 08:42 . 2009-12-12 08:43 -------- d-----w- C:\296b0f10cb70562f61e0
2009-12-12 08:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-12 08:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-12 08:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-12 08:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-12 08:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-12 08:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-12 08:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-12 08:42 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-12 07:41 . 2006-03-02 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-12 07:41 . 2006-03-02 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-12 07:41 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-12 07:41 . 2008-04-14 02:30 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-12 07:41 . 2008-04-14 03:21 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-12 07:41 . 2008-04-14 03:22 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-11 17:54 . 2009-12-11 17:57 -------- d-----w- c:\program files\nLite
2009-12-10 18:08 . 2009-12-10 18:08 -------- d-----w- c:\program files\MSBuild
2009-12-10 18:07 . 2009-12-10 18:07 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 18:05 . 2009-12-10 18:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-10 18:05 . 2009-12-10 18:05 -------- d-----w- c:\windows\SHELLNEW
2009-12-10 14:26 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-10 14:26 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-10 14:26 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-10 14:26 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-10 14:26 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-10 14:26 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-09 19:26 . 2009-06-25 08:27 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-12-09 19:26 . 2009-03-21 14:09 988160 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-12-09 19:26 . 2009-06-15 10:45 78336 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-12-09 19:26 . 2009-07-17 16:17 1437696 -c----w- c:\windows\system32\dllcache\query.dll
2009-12-09 19:23 . 2009-06-10 06:16 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-09 19:23 . 2009-06-25 08:27 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2009-12-09 19:18 . 2008-10-23 12:42 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-12-09 19:18 . 2009-08-14 15:15 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-09 19:18 . 2008-06-24 16:44 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2009-12-09 19:18 . 2009-07-29 04:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-12-09 19:18 . 2009-07-29 04:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-12-09 19:18 . 2008-07-07 20:29 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-12-09 19:18 . 2009-06-10 14:15 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-12-09 19:18 . 2009-05-07 15:33 346624 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-12-09 19:18 . 2009-06-03 19:11 1293824 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-12-09 19:14 . 2009-09-04 21:05 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-12-09 19:14 . 2008-06-17 19:02 8465408 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-12-09 19:14 . 2009-08-25 09:19 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-12-09 19:13 . 2009-09-11 14:19 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-12-09 19:13 . 2009-06-25 08:27 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-12-09 19:13 . 2009-06-25 08:27 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-12-09 19:13 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-12-09 19:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-09 19:10 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-09 19:10 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-09 19:10 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-09 06:54 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-12-09 06:54 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-12-09 06:54 . 2008-04-14 03:20 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2009-12-09 06:54 . 2008-04-14 03:20 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2009-12-09 06:54 . 2006-03-02 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2009-12-09 06:54 . 2008-04-14 03:20 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2009-12-09 06:54 . 2006-03-02 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2009-12-09 06:52 . 2006-03-02 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-09 06:41 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-09 06:41 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-09 06:41 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-09 06:41 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-08 21:03 . 2009-12-21 08:22 -------- d-----w- c:\program files\trend micro
2009-12-08 20:22 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-04 16:12 . 2009-12-04 16:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-01 08:04 . 2009-12-01 08:04 -------- d-----w- c:\windows\Hewlett-Packard
2009-12-01 07:56 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-01 07:56 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-01 07:56 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-01 07:56 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-01 07:56 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-01 07:56 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-01 07:56 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-01 07:56 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-01 07:55 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-01 07:55 . 2009-12-01 07:55 -------- d-----w- c:\program files\Alwil Software
2009-11-30 13:46 . 2009-11-30 13:46 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-30 09:15 . 2009-11-30 09:15 -------- d-----w- c:\program files\MSXML 4.0
2009-11-30 06:43 . 2009-11-30 06:44 -------- d-----w- c:\program files\Common Files\HP
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-30 06:42 . 2009-11-30 06:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-30 06:31 . 2006-04-10 13:03 48128 ----a-w- c:\windows\system32\hpzll054.dll
2009-11-30 06:31 . 2006-04-10 13:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2009-11-30 06:31 . 2006-01-03 17:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-11-30 06:31 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-30 06:31 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-11-30 06:31 . 2006-03-03 20:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-11-30 06:31 . 2006-03-03 20:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-11-30 06:31 . 2006-03-03 20:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-11-30 06:31 . 2006-03-03 20:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-11-30 06:31 . 2006-03-03 20:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-11-30 06:31 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-30 06:29 . 2009-12-01 08:04 -------- d-----w- c:\program files\HP
2009-11-30 06:22 . 2009-11-30 06:46 127768 ----a-w- c:\windows\hpoins11.dat
2009-11-30 06:11 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-29 18:51 . 2009-11-29 18:51 -------- d-----w- C:\outlook
2009-11-29 18:46 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-29 18:46 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-29 16:29 . 2009-12-10 14:25 -------- d-----w- c:\program files\Opera
2009-11-29 16:21 . 2009-12-12 12:08 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 21:11 . 2006-03-02 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2009-12-12 21:11 . 2006-03-02 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2009-11-29 12:37 . 2009-11-29 10:25 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-29 12:37 . 2009-11-29 10:25 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-29 11:00 . 2009-11-29 10:25 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-29 10:26 . 2009-11-29 10:26 -------- d-----w- c:\program files\microsoft frontpage
2009-10-29 07:43 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-21_13.42.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 17:51 . 2009-12-21 17:51 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"Gainward"="c:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"nwiz"="nwiz.exe" [2007-02-23 1622016]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\!!!!SYSTEMOVEJ\\!!!!1\\QIP\\qip.exe"=
"d:\\!strong\\StrongDC.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [29.11.2009 16:38 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [29.11.2009 16:38 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.12.2009 8:56 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.12.2009 8:56 20560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.12.2009 12:00 639224]
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 19:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A17DF00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> 0x8a17df00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xba605bb0
PacketIndicateHandler -> NDIS.sys @ 0xba612a21
SendHandler -> NDIS.sys @ 0xba5f087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(712)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2009-12-21 19:05:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-21 18:05
ComboFix2.txt 2009-12-21 13:46

Před spuštěním: Volných bajtů: 32 136 556 544
Po spuštění: Volných bajtů: 32 095 006 720

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 86B06607ACE1704C3AA12CD50ADAC086

Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:42, on 21.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9497270609
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6267 bytes

Damned · Příspěvekod **Damned** » 22 pro 2009 11:01

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

makinek · Příspěvekod **makinek** » 22 pro 2009 21:36

test jel přes 8h výsledek 9hrozeb a 96infekcí.
Lečit nebo karanténa nikde nebyla, dole bylo akorát opravit klikl jsem na to a najednou to napsalo, že vše bylo smazáno

Damned · Příspěvekod **Damned** » 22 pro 2009 21:44

Jak se chová PC?

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Kdo je online