Prosím o kontrolu logů Vyřešeno

[martin386]

A tady je aswMBR:


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-13 14:36:44
-----------------------------
14:36:44.750 OS Version: Windows 5.1.2600 Service Pack 3
14:36:44.750 Number of processors: 2 586 0xF0D
14:36:44.750 ComputerName: LAN UserName: oem
14:36:46.843 Initialize success
14:36:49.796 AVAST engine defs: 12011300
14:36:51.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:36:51.265 Disk 0 Vendor: ST3250318AS CC35 Size: 238474MB BusType: 3
14:36:51.265 Disk 0 MBR read successfully
14:36:51.265 Disk 0 MBR scan
14:36:51.265 Disk 0 Windows XP default MBR code
14:36:51.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
14:36:51.265 Disk 0 scanning sectors +488376000
14:36:51.296 Disk 0 scanning C:\WINDOWS\system32\drivers
14:36:59.171 Service scanning
14:37:00.015 Modules scanning
14:37:05.578 Disk 0 trace - called modules:
14:37:05.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
14:37:05.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a650ab8]
14:37:05.593 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a6539e8]
14:37:05.593 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a653d98]
14:37:05.593 \Driver\atapi[0x8a5f1d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xba0d98b4]
14:37:08.890 AVAST engine scan C:\WINDOWS
14:37:16.031 AVAST engine scan C:\WINDOWS\system32
14:38:53.359 AVAST engine scan C:\WINDOWS\system32\drivers
14:39:13.046 AVAST engine scan C:\Documents and Settings\oem
14:40:06.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\oem\Plocha\MBR.dat"
14:40:06.328 The log file has been saved successfully to "C:\Documents and Settings\oem\Plocha\aswMBR.txt"

[Reklama]

[memphisto]

Logy z Combofixu najdeš na systémovém disku ve stejnojmenné složce

[martin386]

Není to tam , má to být ještě v nějaké složce ?

[jaro3]

Zkus:
C:\Combofix.txt
nebo ve složkách
C:\Combofix
C:\Qoobox

nebo se nevytvoril a budeš muiset udělat sken znovu , je třeba vyčkat určitý čas na vyhotovení logu , trvá to někdy dlouho.

[martin386]

ComboFix 12-01-13.01 - oem 13.01.2012 14:20:29.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1412 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\oem\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

Toto ?

[martin386]

Nebo toto ? toto je tam dnešní datum.
DirLook::
c:\windows\system32\winrm

Driver::
sptd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FBSearch"=-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater =-

DDS::
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}

[jaro3]

Tohle:
ComboFix 12-01-13.01 - oem 13.01.2012 14:20:29.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1412 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\oem\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

a celý log..

[martin386]

víc tam toho není...

[jaro3]

Tak udělej znovu ten script:

Kód: Vybrat vše

DirLook::
c:\windows\system32\winrm

Driver::
sptd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"FBSearch"=-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater =-

DDS::
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}

[martin386]

Tentokrát se to povedlo :-)


ComboFix 12-01-13.03 - oem 13.01.2012 19:38:26.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1601 [GMT 1:00]
Spuštěný z: c:\documents and settings\oem\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\oem\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-13 do 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 13:14 . 2012-01-13 13:14 765440 ----a-r- c:\documents and settings\oem\Data aplikací\Microsoft\Installer\{23BF7533-1747-4744-94FF-CF716FBB5597}\VVCap.exe
2012-01-13 13:14 . 2012-01-13 13:14 -------- d-----w- c:\program files\VVCap
2012-01-12 21:14 . 2012-01-12 21:14 388096 ----a-r- c:\documents and settings\oem\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-04 06:26 . 2012-01-04 06:26 -------- d-----w- C:\c218d694f0ed759a57001d
2012-01-02 21:14 . 2012-01-02 21:14 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\SKIDROW
2012-01-02 20:13 . 2012-01-02 20:13 -------- d-----w- c:\program files\RailSimulator.com
2012-01-02 15:30 . 2012-01-02 15:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-02 15:13 . 2010-01-12 19:32 -------- d-s---w- c:\documents and settings\Administrator
2012-01-01 16:20 . 2012-01-01 16:20 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-01 15:53 . 2012-01-02 14:26 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\Yandex
2012-01-01 15:53 . 2012-01-02 14:25 -------- d-----w- c:\documents and settings\oem\Data aplikací\Yandex
2012-01-01 15:49 . 2012-01-01 15:49 -------- d-----w- c:\documents and settings\oem\Data aplikací\DAEMON Tools Pro
2012-01-01 15:49 . 2012-01-01 15:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2012-01-01 15:14 . 2012-01-01 15:14 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\2K Games
2011-12-30 22:02 . 2011-12-30 22:02 -------- d-----w- c:\windows\system32\winrm
2011-12-30 22:02 . 2011-12-30 22:02 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-30 22:01 . 2011-12-30 22:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-30 20:41 . 2011-12-31 11:56 2586 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-30 20:28 . 2011-11-19 10:52 17280 ----a-w- c:\windows\system32\roboot.exe
2011-12-30 19:49 . 2011-12-30 19:49 84267 ----a-w- c:\windows\cscmondump.bin
2011-12-25 04:21 . 2011-10-19 21:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-25 00:14 . 2011-12-25 00:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-12-25 00:13 . 2012-01-02 20:15 -------- d-----w- c:\documents and settings\oem\Data aplikací\IObit
2011-12-25 00:13 . 2011-12-30 20:49 -------- d-----w- c:\program files\IObit
2011-12-25 00:12 . 2011-12-25 00:12 -------- d-----w- c:\documents and settings\oem\Data aplikací\GlarySoft
2011-12-24 23:56 . 2011-12-24 23:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-24 23:56 . 2011-12-24 23:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-24 22:30 . 2011-12-24 22:30 -------- d-----r- c:\program files\Skype
2011-12-24 18:04 . 2010-01-09 20:36 -------- d-----w- c:\program files\G9 16-in-1
2011-12-24 18:02 . 2010-01-09 19:24 -------- d-----w- c:\program files\OscarG9
2011-12-20 19:21 . 2010-01-11 18:35 -------- d-----w- c:\program files\totalcmd
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-18 14:13 . 2011-12-18 14:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-18 14:01 . 2011-12-18 14:01 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 15:51 . 2009-10-04 12:05 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-25 18:28 . 2011-01-29 21:10 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-25 18:28 . 2011-01-29 21:10 271200 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-16 19:59 . 2011-01-29 21:11 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-16 19:59 . 2011-01-29 21:10 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-10 14:24 . 2010-01-12 19:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 20:16 . 2011-03-15 10:55 138056 -c--a-w- c:\documents and settings\oem\Data aplikací\PnkBstrK.sys
2011-12-03 20:16 . 2011-01-29 21:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-03 20:16 . 2011-12-03 20:16 837192 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-02 18:07 . 2009-03-18 16:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-11-28 18:01 . 2010-06-29 08:37 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-04-21 18:05 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-02-28 14:48 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-04-21 18:05 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-04-21 18:05 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-04-21 18:05 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-04-21 18:05 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-04-21 18:05 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-04-21 18:05 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-04-21 18:05 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 14:40 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 16:15 . 2011-09-16 04:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 16:12 . 2011-11-21 16:12 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-05 14:20 . 2011-11-05 14:20 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-05 14:20 . 2010-07-19 19:13 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 20:36 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:36 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\winrm ----
.
2009-10-09 15:16 . 2009-10-09 15:16 105686 ------w- c:\windows\system32\winrm\0405\winrm.ini
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_20.00.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-13 13:32 . 2012-01-13 13:32 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2012-01-13 13:14 . 2012-01-13 13:14 1550848 c:\windows\Installer\4ac2b6e.msi
+ 2012-01-12 21:14 . 2012-01-12 21:14 1094656 c:\windows\Installer\13d031a.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-20 641400]
"VVCap"="c:\program files\VVCap\VVCap.exe" [2010-03-28 765440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-10-20 14:03 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 15:48 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.4.2010 19:05 314456]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [25.12.2011 1:13 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.4.2010 19:05 20568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.9.2011 16:05 47360]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [21.11.2011 17:12 111872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2012-01-13 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2011-12-25 16:59]
.
2012-01-13 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-12-25 14:41]
.
2011-12-30 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-13 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2012-01-13 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
mStart Page = hxxp://home.sweetim.com/?st=1&barid={65A88AE9-CD1A-456A-B465-D67D76646182}
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Download all by YouTube Robot - c:\program files\YouTubeRobot\downall.htm
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\downlink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: ????3?? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\oem\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-329068152-484061587-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\oem\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5556)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-01-13 19:52:06
ComboFix-quarantined-files.txt 2012-01-13 18:52
ComboFix2.txt 2012-01-12 20:04
.
Před spuštěním: Volných bajtů: 126 094 249 984
Po spuštění: Volných bajtů: 126 089 363 456
.
- - End Of File - - 63F5C92B287D32EBCEE4D55AF36EB89D

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[martin386]

Muzu vymazat i ostatní programy ? HJT,TDSS apod ? :)