Prosím o kontrolu logu

[spocený ladič]

Prosím o kontrolu logu z Combofixu, protože při změně na letní čas se mi hodiny změnili o 6 hodin dopředu. Panda nic nového nenašla,krom dvou starých známích :Trojan Generic Malware a AdWare SaveNow v C/Volume ... asi plané poplachy. Eset online scaner nic nenašel, ale jistota je jistota !!

ComboFix 10-04-03.02 - User 2010-04-04 22:50:34.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1022.707 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\k\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-04 do 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-04 20:22 . 2010-04-04 20:22 390144 ----a-w- c:\windows\system32\CF7367.exe
2010-04-04 20:11 . 2010-04-04 20:11 390144 ----a-w- c:\windows\system32\CF5277.exe
2010-04-04 18:35 . 2010-04-04 18:35 -------- d-sh--w- c:\documents and settings\k\PrivacIE
2010-03-30 18:54 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-03-30 16:51 . 2010-03-30 16:51 -------- d-----w- c:\program files\Common Files\Skype
2010-03-27 23:00 . 2010-03-27 23:02 -------- d-----w- c:\windows\Logs
2010-03-11 09:08 . 2009-10-23 15:28 3558912 begin_of_the_skype_highlighting              28 3558912      end_of_the_skype_highlighting -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:43 . 2007-09-05 19:01 -------- d-----w- c:\program files\SpeedFan
2010-04-04 18:16 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 18:16 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-04-03 23:12 . 2009-01-09 22:39 1713 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-04-01 20:16 . 2007-01-17 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 18:17 . 2007-04-14 20:39 -------- d-----w- c:\program files\Java
2010-03-09 02:28 . 2008-11-26 12:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-05 17:31 . 2010-02-05 17:31 -------- d-----w- c:\program files\Schlecker
2010-01-09 13:39 . 2010-01-09 13:39 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2005-09-09 17:55 . 2008-06-09 20:20 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-09 17:55 . 2008-06-09 20:19 37766164 ----a-w- c:\program files\Data1.cab
.

------- Sigcheck -------

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2010-02-25 11070976]

[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BFC32E1D-EE75-4A48-BC60-104E11EE2431}"= "c:\windows\WebIE.dll" [2007-07-30 491520]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"= "c:\program files\ICQ6Toolbar\ICQToolBar.dll" [2009-06-01 962808]

[HKEY_CLASSES_ROOT\clsid\{bfc32e1d-ee75-4a48-bc60-104e11ee2431}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{13480EFC-B7FE-4037-8EC1-59D126E19805}]
[HKEY_CLASSES_ROOT\WebTranslator.WebBar]

[HKEY_CLASSES_ROOT\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}]
[HKEY_CLASSES_ROOT\ICQToolBar.IEHook]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8465408]

[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-29 721904]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
S2 gupdate1c9e2e71589afbc;Google Update Service (gupdate1c9e2e71589afbc);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S3 cpuz;cpuz;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 18:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {BD9B26CD-444B-4FE8-84E0-3FBC787B5A84} = 89.185.230.1,81.31.33.23
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\9esxox7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 23:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spst.sys hal.dll >>UNKNOWN [0x86779938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73cecb8
\Driver\atapi -> atapi.sys @ 0xf7363b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3CB92C03F2905B0D82F1A11D4410FB3EC3EB43A1161D60BDF3E12422D689B31047602EBC9AC41E68430CC62AF7CB69955FC2879AEFECC64CBBFD81E1E7D01735E08818F236E4D0581212632D3D81E44DB0F92AFA13F4C6C02E8366373C49F44A8FC459F47A6E198D7FF63902A1A3B6B2EE0BDEC6073D6AA74B121575F52F35B73C76670341F360EC7C858C755AB968C5B444FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B9808A9C6AECB7A5D1407A55C45D147FC2763706E0B281CB7A752E3BA0E4521981711948F4B95790B4324C342EA8FF500ABF945065AE502277042747F7A08A3EDB9183DB456F28BDBBE7932CBEFD0AC30D8913114186876D8274C9A64DB618737BBC69AC580528336E4817CF1869E6D29F8699020CCAE9B86BDB4251FB6E5AE6BDB868D43E4FBA66B5AE834A3851A7D3BB89746252ACA579E0D946757313C41B439947722464DFC852934ECC1677365EA2C03B6110165D342CF5A362998A1A9F15806414C88B7D3BFBE3DC023C771F171C86B4DC8C73A00C5A5C7EC25DB6697B52140579EB441B9886D2DCA92EA6EB53B6ADE76A09B170E341173EA4E8F6EFCC561FEA7E8F682040468852DCBB5D704684DC324E6B95FF24A7A46921DEA33139CC8CF277121A8C909CA190C033132784E9652CA58068B697A2DFCC97ECA3F546AEB97CDF0A8F468A490118FDC0D91EC744997E6A886A56FE7D72B7CCFAE347E10C28A169425BD7F931DE765F41A218697D2F3F2FE664EC7EF8E3699E8BAC596A5AA357FFB55EA724DB4ECBC584E1F27A8801CF3F674B7F71C4857918E36BC627362F48E3F97F9EAF500C44B88C3DC784C83196C9D25A94A31E01DDBFE0DF4ED7A8F7E4BE3F1FC536B8DE8497BB8C2E85A74C767F70DFDCCA218E77468CF5E876BBA5640698D185D3BCE21739C0E49A9DECC59727CE7A6521A106E59F0B17D43AD4F5A7EBF3806FB2B98908A494AFE2E9C6AD19F9695A4F07652BA0CAD0BEA785B9D3698CBE013E7B0242A53D397073106108904241790814847AA15AE57D2C0C25CED26671E201DF78FB4178143172F4564AE397815152455C0EF7DEFB7F5FB67A1D7425F27A35C60DBCC218CC0F8693571415DDB59F13917F01055E76E27CE7FE9208DF3DAA5A97EED62C223A38C6567A6169186D3F8E73BEFE3AEFDE34F9D7417C3AC5B38454C191139D067A742EB9F54567BAB17149AA2399A9F8DA5EB96E56C1745BDE5B1512C70E7A36F29210957B27DC5EA583CFD63AB35C368600CA5A692BF04B7AB3108651E5C97C42CC3113ADBDE9DDC758105470B8AB8D06B54813C1639185BF61D062A90540E66D35715294D9CB38B6B87664C7E4221FEBC7C9E62E65136ADD863A192"
"OODEFRAG11.00.00.01WORKSTATION"="28C4045F4D4E4058A90D3304DEC6BBEFA3AE8FC5C31D26678A35CFF12FE2CFC8C8D384E378C7FA63BD6A82AEA50A8B23CF5CEA94FAB15AAA87313ECFA89B8E49BE0EF9AA7CD90436E0734FE629DEC9A537D7E4F99D7428A74789A7926C92C157C5E3AF703F7139DB0ED3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3D7F5AC034112DFE0E9D9942D70D679AEAE474369A531950B81EF8C0AB8550B0AE0178902CC32DDDD4955AD349D3E30D11ABCB42AA6490947256352EAB4E51885D0682B1EA753CECFB23BA62A92F1E6E84C5EC156EBD8B394AF8E0B68B603DCFA789A9B2E761C87CADE7726C19509850AC2133BFD52DC2B1845B1F1A2ABE24F94C69F2240B6756A346ED0BF3B20F6C89A28ECDD4C52104B696B6629E589528C14068B71C36087CBC571E61008068C53636C13F6D9831B1C32FA8F00DDDB1FE23ABACA3B33C6C6666A5C9A89A83FB6435E952DEA39A1440992B3268B0F38572DFEB413809E15DD3812CA2E553308E9D29733ED5180C2839BC2039B85B48A7E2FC1193CA3EE44C97B518C1713D6D06587A3DE425EEA36EB874D387A4E07D5040C35FF6037873CA986C4B22FA6D17701252E60A1E4E0989714D4249C31A295F12C1D0225DDF2F0FD1D3D9A2047EFE7B5AA141D76763D94528171C9004E3555471C6102EAB25B074D3DC8E07E191E7FC569BD55A7B5C260D3666C3D3221F01D78EE9FE9992F7027AC1BFE676BD46896BBCB5DB01ABED7472091350E934B09CB12A82B0C80B0FA3C352F594FB17C511E3DBABC3A097503DA922B90F1321000F501CAEEE0061228717CF3DFA083E399D26127DAFF1B7BDED8B15BAFD6FA3F9B246CCCEB5E9B6F0945F1B1837ECD9CE4395D46E7590567566950D3951834E90D4C8BB093616FE3C252B27CB14E263BA0B3A2B8421FE13BC7C68C61D703A02B7B732F9C6547604C98A2FFAE31484A8B26EBFB30CEF9E605B784A1494F6DF78681100AFB328E0E16306BF322E6C534A7261769C135539831B1921588DB3A63C1D8CD41542000F0AD64ED8FA3C07AFBFB6C352AA6DF57C984D8DFB0F3EAAA32DD9C575F9A65A21C074101A9AE381635244F06AB6B2AE768EC57B0C441D145001A1514D40DA6C199E1369C46641AC189F5F337BAC3D8D9DA7DA7C249966DA0ABCFC32685E9B9EDC900DEC42CAAF8EDE1AD54A650DAB53C87BE71DBFC41B1F91BD78E4F95DE98E38D8BEA29AC5D3E02A8673EBAC6B6378B5734EDD798D00B30DB3245758DD8A8BD6098A84FE6C911150FE8BBE777188270450F03594531B9F0622176A7B8F089BCC8C568241E416400FF075DE93D989BC38A2378AF385BA9E6A616874023A2F7490208A7F576A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3804)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-04 23:11:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-04 21:11

Před spuštěním: 6,365,941,760
Po spuštění: 6,329,212,928

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3D597862502DAF6B8D1199B08C1DB0D9

[spocený ladič]

Tak nevim, buď je to OK,nebo je tu málo ochotných odborníků. Zatím s PC žádný problém, jen mě udivilo, že ve stavu nouze bez sítě mi nešel spustit antivir - Panda. Ve stavu nouze se sítí už jo. Zvažuji přechod na Avast FRee -5.

[jan.svoboda]

Ahoj, jinak to vypadá v pohodě. Stáhni ještě MBAM - http://download.cnet.com/Malwarebytes-A ... tag=button - Nainstaluj ho, pak ho aktualizuj, dej provést úplný sken systému, nalezené infiltrace nemaž a pošli sem z něho log. Podle toho uvidíme, jestli tam už nic není.

Btw: Nevím, možná tu málo dobrovolníků je, ale vzhledem k tomu, že každý z dobrovolníků včetně mě tu radíme zdarma a ve svém volném čase, by jsi měl mít trošku trpělivosti a počkat, jakmile někdo bude moci a odpoví. Např. já mám i jiné povinnosti, jako chodit do SŠ, dělat úkoly atd. a volnýho času taky moc nemám, občas sem píšu ze školy, ale většinou jsem tu kdykoliv, když mám volný čas (jakože ho taky kvůli dojíždění do SŠ moc nemám...).

[spocený ladič]

Provedeno dle doporučení. Výsledek SZ
Díky za tvůj čas, znalosti a ochotu zabývat se cizím problémem.

[Shit]

...\Nero 6.6.0.5\Keygen.exe...

Když už pánové warezíte, tak proč tento výpis nezeditujete/neschováte...

[jan.svoboda]

Vyjádřím se sem. Log ze SZ jsem viděl, kromě keygenu, který bych pochopitelně doporučil nepoužívat a smazat (i když už stejně pozdě), protože to může být jádro problémů s PC. Ten šmejd v System Volume Information buď smaž MBAMem, nebo ručně. Jinak je to v pohodě.

Shit: Já tu nechci warezit, zmíněného keygenu jsem si všiml až po Tvém upozorněním. A víc tu řešit nehodlám, stejně není co.

[spocený ladič]

Díky za pomoc a doporučení.

[jan.svoboda]

Jo, a příště, když tam nebude warez, bude to ještě lepší