Nejde internet pls kontrolu :D Vyřešeno

[autoprd]

No avast je smazal a já je nahradil z jinýho pc aby tam nescházely xD

[Reklama]

[bledulka]

Jo takhle , předpokládám že stejný OS a sp.
Tak já nevím co s Tebou, já nikde nic nevidím .

Mrkni ještě do správce zařízení, zda Ti tam nechybí nějaké drivery

[autoprd]

jen síťový aDaptér ethernet ale ten cyhběl i kdžyž to šlo hele a koukni na ten cf log je tam taky sshnas služba

[jaro3]

sshnas21.dll --byl trojan

twain.dll
twain_32.dll
zaregistroval si ty knihovny??

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
d:\windows\system32\[b]HKCU_GNU.reg
d:\windows\system32\HKLM_GNU.reg
c:\\Média\\MOJE\\sa mp\\samp-server.exe
c:\\Média\\MOJE\\sa mp\\samp022server.win32\\samp-server.exe
d:\Windows\system32\ntkrnlpa.exe
d:\Windows\system32\drivers\NDIS.sys

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[autoprd]

Nezaregistroval, jak xD ?

Jo a ty sampserver.exe sem smazal jsou na nic a vir tam není je to s officiálních stránek gta xD

[jaro3]

Příklad:
jdi přes Start - Spustit, napiš cmd.exe a dej Enter
do příkazového řádku napiš:
regsvr32.exe c:\windows\system32\wups2.dll
dej opět Enter, měla by se objevit zpráva že se registrace knihovny zdařila
restartuj PC

takže tam zadáš cestu a ten soubor.

co ty ostatní?

[autoprd]

ntkrnlpa :http://www.virustotal.com/cs/analisis/dcfe1579cfdefb0c2bd2e3c5720003c7c209ecfba1efc338e71edbb4793cdd98-1277918021

ndis http://www.virustotal.com/cs/analisis/8 ... 1277918067

HKCU_GNU:http://www.virustotal.com/cs/analisis/d0b3c77af2862eddc088be62558e05c83ad9d631871e1bb1ee2a4ed4931afc59-1277918081

HKLM:GNU : http://www.virustotal.com/cs/analisis/8 ... 1277918082

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
d:\windows\system32\A_reg.reg

Folder::
c:\program files\ICQ6Toolbar
c:\program files\Ask.com

Firefox::
FF - ProfilePath - d:\documents and settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[autoprd]

takže já v commandu napíšu regsvr.exe D:\WINDOWS\system32\twain_32.dll a napiíše že nenalezl a tak stejny když dam d:\windows\twain.dll

[jaro3]

Tak si tam ty soubory nedal , nech to , opravíme to potom všechno, udělej ten script , pak budeme pokračovat.

[autoprd]

ComboFix 10-06-28.01 - PoKaRko 30.06.2010 19:38:26.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1511 [GMT 2:00]
Spuštěný z: d:\documents and settings\PoKaRko\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\PoKaRko\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100629-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"d:\windows\system32\A_reg.reg"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cb_1aa.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1a9.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
d:\windows\system32\A_reg.reg
d:\windows\system32\tmp.reg
d:\windows\system32\twain.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_Service
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 13:50 . 2010-03-26 13:31 358944 ----a-w- d:\windows\vncutil.exe
2010-06-30 13:50 . 2008-06-25 09:52 20480 ----a-w- d:\windows\USB_VIDEO_REG.exe
2010-06-30 13:44 . 2007-03-21 18:54 69632 ----a-w- d:\windows\system32\TWUNK_32.EXE
2010-06-30 13:44 . 2007-03-21 18:54 48560 ----a-w- d:\windows\system32\TWUNK_16.EXE
2010-06-30 13:42 . 2007-03-21 18:54 77312 ----a-w- d:\windows\system32\twain_32.dll
2010-06-29 13:20 . 2010-06-02 02:55 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-29 13:20 . 2010-06-02 02:55 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-29 13:20 . 2010-06-02 02:55 239960 ----a-w- d:\windows\system32\xactengine3_7.dll
2010-06-29 13:20 . 2010-05-26 09:41 2106216 ----a-w- d:\windows\system32\D3DCompiler_43.dll
2010-06-29 13:20 . 2010-05-26 09:41 248672 ----a-w- d:\windows\system32\d3dx11_43.dll
2010-06-29 13:20 . 2010-05-26 09:41 1868128 ----a-w- d:\windows\system32\d3dcsx_43.dll
2010-06-29 13:20 . 2010-05-26 09:41 470880 ----a-w- d:\windows\system32\d3dx10_43.dll
2010-06-29 13:20 . 2010-05-26 09:41 1998168 ----a-w- d:\windows\system32\D3DX9_43.dll
2010-06-28 14:33 . 2009-06-16 22:02 616600 ----a-w- d:\windows\system32\FontInstaller.dll
2010-06-28 14:33 . 2010-06-28 14:33 -------- d-----w- c:\program files\High-Logic FontCreator6
2010-06-28 11:37 . 2009-02-26 14:34 94650 ----a-w- d:\windows\system32\HKCU_GNU.reg
2010-06-28 11:37 . 2009-02-26 14:34 2004 ----a-w- d:\windows\system32\HKLM_GNU.reg
2010-06-28 11:37 . 2008-12-17 23:22 57344 ----a-w- d:\windows\system32\ff_vfw.dll
2010-06-28 11:37 . 2008-06-15 08:01 60273 ----a-w- d:\windows\system32\pthreadGC2.dll
2010-06-28 11:37 . 2008-06-15 08:01 258352 ----a-w- d:\windows\system32\unicows.dll
2010-06-26 18:15 . 2010-06-26 18:15 -------- d-----w- c:\program files\Adobe Media Player
2010-06-26 18:13 . 2010-06-26 18:13 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-06-26 18:05 . 2010-06-26 18:05 -------- d-----w- c:\program files\CENZURA HD
2010-06-25 18:36 . 2010-06-25 18:36 -------- d-----w- c:\program files\rgcaudio software
2010-06-20 09:14 . 2010-06-20 09:14 -------- d-----w- c:\program files\Creative Labs
2010-06-20 09:14 . 1999-07-06 12:13 40960 ----a-w- d:\windows\system32\eax.dll
2010-06-20 09:13 . 2010-06-20 09:14 -------- d-----w- c:\program files\EidosNet
2010-06-20 09:13 . 2010-06-20 09:13 -------- d-----w- c:\program files\Eidos Interactive
2010-06-19 18:06 . 2010-06-19 18:07 -------- d-----w- d:\windows\system32\drivers\UMDF
2010-06-19 18:05 . 2009-03-25 15:48 109864 ----a-w- d:\windows\system32\drivers\s1018unic.sys
2010-06-19 18:05 . 2009-03-25 15:48 10792 ----a-w- d:\windows\system32\drivers\s1018cr.sys
2010-06-19 18:05 . 2009-03-25 15:48 106208 ----a-w- d:\windows\system32\drivers\s1018mgmt.sys
2010-06-19 18:05 . 2009-03-25 15:48 26024 ----a-w- d:\windows\system32\drivers\s1018nd5.sys
2010-06-19 18:05 . 2009-03-25 15:48 104744 ----a-w- d:\windows\system32\drivers\s1018obex.sys
2010-06-19 18:05 . 2009-03-25 15:48 15016 ----a-w- d:\windows\system32\drivers\s1018mdfl.sys
2010-06-19 18:05 . 2009-03-25 15:48 12200 ----a-w- d:\windows\system32\drivers\s1018cmnt.sys
2010-06-19 18:05 . 2009-03-25 15:48 12200 ----a-w- d:\windows\system32\drivers\s1018cm.sys
2010-06-19 18:05 . 2009-03-25 15:48 114728 ----a-w- d:\windows\system32\drivers\s1018mdm.sys
2010-06-19 18:05 . 2009-03-25 15:48 86824 ----a-w- d:\windows\system32\drivers\s1018bus.sys
2010-06-19 18:05 . 2009-03-25 15:48 12200 ----a-w- d:\windows\system32\drivers\s1018whnt.sys
2010-06-19 18:05 . 2009-03-25 15:48 12200 ----a-w- d:\windows\system32\drivers\s1018wh.sys
2010-06-17 16:48 . 2005-12-15 13:27 34639 ----a-w- d:\windows\system32\drivers\UFS2XX.sys
2010-06-17 16:48 . 2005-12-24 17:10 77824 ----a-w- d:\windows\system32\UFS2XXUN.exe
2010-06-17 16:48 . 2005-12-24 12:41 81920 ----a-w- d:\windows\system32\UFS2XX.dll
2010-06-16 19:21 . 2010-06-16 19:21 -------- d-----w- c:\program files\Digiarty
2010-06-16 16:13 . 2010-06-16 16:13 -------- d-----w- c:\program files\Ubisoft
2010-06-16 16:10 . 2010-06-20 08:26 -------- d-----w- c:\program files\ICQ7.2
2010-06-13 14:51 . 2010-06-13 14:51 -------- d-----w- d:\windows\system32\cs-CZ
2010-06-13 14:44 . 2010-06-13 14:44 -------- d-----w- d:\windows\system32\xlive
2010-06-13 14:44 . 2010-06-13 14:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-13 14:39 . 2010-06-13 14:49 -------- d-----w- d:\windows\system32\NtmsData
2010-06-13 14:25 . 2010-06-13 14:25 -------- d-----w- d:\program files\Common Files\EZB Systems
2010-06-13 14:25 . 2010-06-13 14:25 -------- d-----w- c:\program files\UltraISO
2010-06-13 06:39 . 2010-06-13 06:39 94080 ----a-w- d:\windows\system32\drivers\ezplay.sys
2010-06-12 22:32 . 2010-06-12 22:34 -------- d-----w- c:\program files\IDM Computer Solutions
2010-06-11 21:20 . 2010-06-11 21:20 -------- d-----w- c:\program files\WinImage
2010-06-11 21:02 . 2010-06-11 21:02 -------- d-----w- c:\program files\DIFX
2010-06-11 21:02 . 2009-05-12 13:53 16896 ----a-w- d:\windows\system32\drivers\FlashUSB.sys
2010-06-11 20:12 . 2008-11-11 11:42 24832 ----a-w- d:\windows\system32\drivers\lgusbmodem.sys
2010-06-11 20:12 . 2008-11-11 11:41 19968 ----a-w- d:\windows\system32\drivers\lgusbdiag.sys
2010-06-11 20:12 . 2008-11-11 11:41 13056 ----a-w- d:\windows\system32\drivers\lgusbbus.sys
2010-06-11 20:12 . 2010-06-11 20:12 -------- d-----w- c:\program files\LG Electronics
2010-06-11 20:11 . 2007-11-08 14:26 1164728 ----a-w- d:\windows\system32\NMSDVDXU.dll
2010-06-11 20:10 . 2010-06-14 14:55 -------- d-----w- c:\program files\LG PC Suite II
2010-06-09 19:48 . 2010-06-09 19:48 45056 ----a-w- d:\windows\TRNOEH.DLL
2010-06-09 19:48 . 2010-06-09 19:48 294912 ----a-w- d:\windows\TrnWord.dll
2010-06-09 19:48 . 2010-06-09 19:48 26624 ----a-w- d:\windows\OETRN.EXE
2010-06-09 19:48 . 2010-06-09 19:48 200704 ----a-w- d:\windows\TRNOET.DLL
2010-06-09 19:47 . 2010-06-09 19:47 516096 ----a-w- d:\windows\UN32.EXE
2010-06-05 07:19 . 2010-06-05 07:23 -------- d-----w- c:\program files\Valve
2010-06-04 15:24 . 2010-06-04 15:24 -------- d-----w- c:\program files\ImTOO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 18:45 . 2009-11-29 19:49 -------- d-----w- c:\program files\Cheat Engine
2010-06-29 14:52 . 2010-01-02 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 14:40 . 2009-12-11 21:25 -------- d-----w- c:\program files\FreeFixer
2010-06-28 11:37 . 2009-11-29 13:12 -------- d-----w- c:\program files\Cucusoft
2010-06-27 09:58 . 2001-11-24 18:02 491064 ----a-w- d:\windows\system32\perfh005.dat
2010-06-27 09:58 . 2001-11-24 18:02 98588 ----a-w- d:\windows\system32\perfc005.dat
2010-06-27 07:53 . 2009-11-28 22:20 -------- d-----w- c:\program files\Metin2_CZ
2010-06-26 22:47 . 2010-01-24 00:44 -------- d-----w- d:\program files\Common Files\Adobe
2010-06-25 18:38 . 2010-05-07 18:24 -------- d-----w- c:\program files\VstPlugins
2010-06-25 18:33 . 2009-12-18 22:28 -------- d-----w- c:\program files\Image-Line
2010-06-16 16:13 . 2009-10-17 13:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 06:39 . 2009-12-02 17:22 -------- d-----w- c:\program files\VSO
2010-06-09 16:11 . 2009-10-18 12:10 -------- d-----w- c:\program files\CCleaner
2010-06-09 15:22 . 2010-02-11 10:54 66872 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-05-30 08:54 . 2010-05-18 07:21 -------- d-----w- c:\program files\Styler
2010-05-30 08:50 . 2010-05-20 19:41 -------- d-----w- c:\program files\AntiFirewall
2010-05-29 22:55 . 2010-05-29 22:55 -------- d-----w- c:\program files\MTA San Andreas
2010-05-27 12:47 . 2010-04-09 21:18 -------- d-----w- c:\program files\IDoser
2010-05-22 11:38 . 2010-03-14 12:33 -------- d-----w- c:\program files\Startup Manager
2010-05-22 11:38 . 2010-03-02 14:58 -------- d-----w- c:\program files\GStudio7
2010-05-22 11:38 . 2010-02-20 20:37 -------- d-----w- c:\program files\VirtualDJ
2010-05-22 11:36 . 2010-05-22 11:36 -------- d-----w- c:\program files\7-Zip
2010-05-21 17:27 . 2010-05-21 17:27 1700352 ----a-w- d:\windows\system32\gdiplus.dll
2010-05-21 17:26 . 2009-10-17 14:39 -------- d-----w- c:\program files\uTorrent
2010-05-20 19:39 . 2010-05-20 19:39 -------- d-----w- c:\program files\Kismet
2010-05-20 19:38 . 2010-05-20 19:38 -------- d-----w- c:\program files\WinPcap
2010-05-20 19:38 . 2010-05-20 19:38 -------- d-----w- c:\program files\CACE Technologies
2010-05-20 19:36 . 2010-05-20 19:36 -------- d-----w- c:\program files\Network Stumbler
2010-05-18 14:04 . 2010-05-18 14:04 -------- d-----w- c:\program files\KONAMI
2010-05-18 07:42 . 2010-05-18 07:42 -------- d-----w- c:\program files\VistaSwitcher
2010-05-17 11:46 . 2010-05-17 11:45 -------- d-----w- c:\program files\Winamp
2010-05-12 23:12 . 2010-05-12 23:12 -------- d-----w- c:\program files\FreeArc
2010-05-12 23:10 . 2010-05-12 23:10 -------- d-----w- c:\program files\GnuWin32
2010-05-12 23:03 . 2010-05-12 23:03 -------- d-----w- c:\program files\KGB Archiver
2010-05-11 14:50 . 2009-10-24 18:01 -------- d-----w- c:\program files\IObit
2010-05-08 21:53 . 2010-05-08 21:53 281760 ----a-w- d:\windows\system32\drivers\atksgt.sys
2010-05-08 21:53 . 2010-05-08 21:53 25888 ----a-w- d:\windows\system32\drivers\lirsgt.sys
2010-05-08 21:53 . 2010-01-13 21:03 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-08 21:52 . 2010-05-08 21:52 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-05-08 11:51 . 2010-05-08 11:51 -------- d-----w- c:\program files\DoISO
2010-05-08 11:50 . 2010-01-22 16:57 87643 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-08 11:50 . 2010-01-22 16:57 3052 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-08 11:50 . 2010-05-08 11:50 -------- d-----w- c:\program files\Windows Resource Kits
2010-05-05 11:36 . 2010-05-05 11:36 -------- d-----w- c:\program files\Demo_Kernel for SQL Database
2010-05-05 11:25 . 2010-05-05 11:25 -------- d-----w- c:\program files\Alcohol Soft
2010-04-29 13:39 . 2010-01-23 08:56 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-23 08:56 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-18 12:06 . 2010-06-30 13:49 28712 ----a-w- d:\windows\DIIUnin.dat
2010-04-18 11:55 . 2010-06-30 13:49 94208 ----a-w- d:\windows\DIIUnin.exe
2010-04-18 11:55 . 2010-06-30 13:49 2829 ----a-w- d:\windows\DIIUnin.pif
2010-04-16 23:31 . 2010-06-30 13:49 0 ----a-w- d:\windows\nsreg.dat
2010-04-08 16:17 . 2010-04-08 16:17 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2010-04-04 16:52 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
.

------- Sigcheck -------

[-] 2001-11-24 17:58 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . d:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-29_18.47.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-11-24 18:06 . 2001-11-24 18:06 94784 d:\windows\twain.dll
+ 2001-11-24 18:06 . 2001-10-25 16:00 94784 d:\windows\twain.dll
+ 2010-06-30 17:45 . 2010-06-30 17:45 16384 d:\windows\Temp\Perflib_Perfdata_3f0.dat
+ 2010-06-30 17:45 . 2010-06-30 17:45 16384 d:\windows\Temp\Perflib_Perfdata_3b4.dat
+ 2001-11-24 18:06 . 2001-10-25 16:00 94784 d:\windows\system32\dllcache\twain.dll
- 2001-11-24 18:06 . 2001-11-24 18:06 94784 d:\windows\system32\dllcache\twain.dll
+ 2010-06-30 13:49 . 2008-07-03 11:28 94208 d:\windows\PLFSetL.exe
+ 2010-06-30 13:49 . 2007-11-01 14:55 27176 d:\windows\BtwIEProxy.exe
+ 2010-06-30 13:49 . 2008-11-05 16:33 58880 d:\windows\arservice.exe
+ 2010-06-30 13:49 . 2008-11-05 16:33 77312 d:\windows\arpwrmsg.exe
+ 2010-06-30 13:49 . 2008-11-05 16:33 69312 d:\windows\arpower.dll
+ 2010-06-30 13:49 . 2008-11-05 16:33 50176 d:\windows\armcex.dll
+ 2010-06-30 13:49 . 2006-10-26 05:08 50752 d:\windows\agrsmdel.exe
+ 2001-11-24 18:09 . 2001-10-25 15:00 256419 d:\windows\winhelp.exe
- 2001-11-24 18:09 . 2001-11-24 18:09 256419 d:\windows\winhelp.exe
+ 2001-11-24 18:09 . 2001-10-25 15:00 256419 d:\windows\system32\dllcache\winhelp.exe
- 2001-11-24 18:09 . 2001-11-24 18:09 256419 d:\windows\system32\dllcache\winhelp.exe
+ 2010-06-30 13:49 . 2010-03-26 13:31 129568 d:\windows\RtkAudioService.exe
+ 2010-06-30 13:49 . 2008-07-29 14:59 200704 d:\windows\PLFSetI.exe
+ 2010-06-30 13:49 . 2008-12-30 09:12 626688 d:\windows\Image.dll
+ 2010-06-30 13:49 . 2008-09-09 14:32 106496 d:\windows\FixUVC.exe
+ 2010-06-30 13:49 . 2010-03-26 13:31 1833504 d:\windows\SkyTel.exe
+ 2010-06-30 13:49 . 2010-03-26 13:31 1489440 d:\windows\RtlUpd.exe
+ 2010-06-30 13:49 . 2008-09-20 00:48 1200128 d:\windows\RtkUpd.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\hry\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"d:\\Documents and Settings\\PoKaRko\\Plocha\\metin\\PortMap.exe"=
"c:\\Program Files\\PremiumSoft\\Navicat Lite 8.2\\navicat.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin.exe"=
"c:\\hry\\NBA 2K10 RePack by Chikatila\\nba2k10.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\hry\\Metin2_CZ\\metin2.bin"=
"c:\\hry\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Metin2_CZ\\metin2 unpatched.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [23.1.2010 18:57 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [23.1.2010 18:57 5248]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [19.2.2010 15:56 114768]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [28.2.2010 0:32 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [28.2.2010 0:32 41616]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [19.2.2010 15:56 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 Egatebus;Egatebus;d:\windows\system32\drivers\egatebus.sys [19.5.2006 10:22 15328]
R3 Egaterdr;Egaterdr;d:\windows\system32\drivers\egaterdr.sys [19.5.2006 10:22 13440]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 16:02 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [17.12.2009 15:02 110096]
S0 vax347s;vax347s;d:\windows\system32\drivers\vax347s.sys [5.5.2010 13:25 5248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 FlashUSB;FlashUSB;d:\windows\system32\drivers\FlashUSB.sys [11.6.2010 23:02 16896]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [25.2.2009 9:16 13352]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [21.6.2007 22:55 42512]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);d:\windows\system32\drivers\s1018bus.sys [19.6.2010 20:05 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;d:\windows\system32\drivers\s1018mdfl.sys [19.6.2010 20:05 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;d:\windows\system32\drivers\s1018mdm.sys [19.6.2010 20:05 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s1018mgmt.sys [19.6.2010 20:05 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);d:\windows\system32\drivers\s1018nd5.sys [19.6.2010 20:05 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;d:\windows\system32\drivers\s1018obex.sys [19.6.2010 20:05 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);d:\windows\system32\drivers\s1018unic.sys [19.6.2010 20:05 109864]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 vax347b;vax347b;d:\windows\system32\drivers\vax347b.sys [5.5.2010 13:25 159616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-25 d:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-30 d:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-10-24 12:11]
.
.
------- Doplňkový sken -------
.
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - d:\documents and settings\PoKaRko\Data aplikací\Mozilla\Firefox\Profiles\1ii8yyw2.default\
FF - prefs.js: browser.startup.homepage - http:/google.cz/#
FF - component: d:\program files\NetSoftware\gemgecko\components\gemgecko.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 19:47
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5D8C70]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f31cb8
\Driver\atapi -> 0x8a5d8c70
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d88bc3
PacketIndicateHandler -> NDIS.sys @ 0xb9d94b21
SendHandler -> NDIS.sys @ 0xb9d88d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB6646591F5D92751C729385B3C602CB2997419178C218A60F1616AF49EB09598C79F28C9E4C50A6255F28DD6B58B1D6D8B59381380B795F321F8F2B207F189922D735218E280D062DB0ED8E57929A27E81C52DC9C33D266FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808FEBC9E127BECC74C8ECE25319F9729766C89337ACDAEA72F3D7856039496B730859CD608777C2A872537D295A84F1AACD3519E5E718EFBE3EC5477AE61B2EEB690B70668571A6C7A88BC288F5011B9E4083516EF945EB737BDDF5445A169F4F025D06FF8796C18943C6F11F72E389C037E015D074A00555EACBDA33D87474604ED02E1F54DC7518EBB8411E70C00AAEE9A22C9425C3B20922EB7B0D6773AB61C8C0E3B5E75E58F247154BBC36B0C9E96B8A9C50248B8BA1229B5DA148A176BE614D6F0F548609B1640DBBAAC7F5F8A6925CC4FEA3C88189D784717BB8F94DD170EE48B42CE3994A57C3D4B0C2E654F5D22E7F8E51E1C82FB6B9FE856874F5C6474642690CA546E9BEEBBBF8D946BA6696677E9A1864A957645166FB228448708B8A4F2EE2BFBEE455540FBA181A19B0C9A9D5A0F424D425ABCA558E2DA58D6C13D1A343019D9326FDF5979FB791E0FC45E219AE1D0434E787B6BE53E3DD392535CDB436BED802570B3364595335AB298C3698B15E6AED029232CF05DA0E0D804E0A68C7CB7620C9DEA2C02A91AB39090CF86A4E36DF5B842C5CE641F8A8E1B9D0BDA0F82BAD97BD39135E3394DEA82B8FC29EED081E345A568DDBF25355121EF0EFA61DFEB21E172A8ED3588A126B92238298AA172268B31880794D68DFE82CC132FA9BC765B7ADD2615D09E1EEE38E0E5FDA75D46CF734D959E0C5CB455AD8B36C42503380B5AFCF192AA487DB2D88ED9C78D52B3583C626F9BE1A50172E407062B2463C499E63B69EDC695B0C14446DEC59691A99774DD709863E4FBD93D9C87F3894FE1525C88DDD3BE5BD9537BAAB3E0AFF0C5CD81B161D2740FE1F2A130345A507F0B66475994154030517ED25F8921DD095E9C9CD403AF8DDD25884EA7F43882EEED698DA445A70CF1A2C2F18C86B335B6FA0BD1BE8735B852EB4B55ED2C0D41DBECD4E2659D23F6408D0054DE44EC601C5A02036E958F962B0F4D9D722DFEC04A9E84D39BBF45EAFE04FCC809D1411E1DE95263E5C78AD8F09C8760A64054C9004EB8BECBBF6EE455306275BCB0CA40E250ACFCA82F9B47EC54D3AB802179B70AF917D57D2724F6326BBD4F35D7C72E5B66282CC24DD7BCAC2EF1DFFC7FFDFAB55326A13BF08FC442C57F23ADAF19603836BDA1C098FB2A83D206B3997F161818C2537A95117C0AFC83FE12669645E56D034EE2B4FD6611079E96B258"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1896)
d:\windows\system32\Ati2evxx.dll
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2988)
d:\windows\system32\msi.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\browselc.dll
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
d:\windows\system32\shdoclc.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-06-30 19:50:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-30 17:50

Před spuštěním: Volných bajtů: 28 565 663 744
Po spuštění: Volných bajtů: 28 539 584 512

- - End Of File - - 76BFB27BA5008A3F28FB88DCE5E4ED57

[jaro3]

Stáhni si Dial-a-fix

Klikni na kladívko-další možnosti:

SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).

Klikni na službu a potom na GO.