Prosím o kontrolu logu pomalé pc

Zpráva

Oji · #16 Příspěvek od **Oji** » 04 led 2012 17:07

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: ProxyFix -- Date : 01/01/2006 02:01:40

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#17 Příspěvek od **vyosek** » 04 led 2012 17:09

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Oji · #18 Příspěvek od **Oji** » 04 led 2012 17:55

02:39:54.0203 2796 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
02:39:54.0734 2796 ============================================================
02:39:54.0734 2796 Current date / time: 2006/01/01 02:39:54.0734
02:39:54.0734 2796 SystemInfo:
02:39:54.0734 2796
02:39:54.0734 2796 OS Version: 5.1.2600 ServicePack: 2.0
02:39:54.0734 2796 Product type: Workstation
02:39:54.0734 2796 ComputerName: HOME-09A71ADD6F
02:39:54.0734 2796 UserName: Owner
02:39:54.0734 2796 Windows directory: C:\WINDOWS
02:39:54.0734 2796 System windows directory: C:\WINDOWS
02:39:54.0734 2796 Processor architecture: Intel x86
02:39:54.0734 2796 Number of processors: 1
02:39:54.0734 2796 Page size: 0x1000
02:39:54.0734 2796 Boot type: Normal boot
02:39:54.0734 2796 ============================================================
02:39:59.0875 2796 Initialize success
02:40:39.0421 3024 ============================================================
02:40:39.0421 3024 Scan started
02:40:39.0421 3024 Mode: Manual; SigCheck; TDLFS;
02:40:39.0421 3024 ============================================================
02:40:41.0562 3024 Abiosdsk - ok
02:40:41.0703 3024 abp480n5 - ok
02:40:41.0859 3024 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:40:45.0859 3024 ACPI - ok
02:40:46.0203 3024 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:40:49.0062 3024 ACPIEC - ok
02:40:49.0187 3024 adpu160m - ok
02:40:49.0453 3024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:40:51.0875 3024 aec - ok
02:40:52.0062 3024 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
02:40:52.0375 3024 AFD - ok
02:40:52.0484 3024 Aha154x - ok
02:40:52.0609 3024 aic78u2 - ok
02:40:52.0750 3024 aic78xx - ok
02:40:53.0468 3024 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:40:55.0078 3024 ALCXWDM - ok
02:40:55.0281 3024 AliIde - ok
02:40:55.0421 3024 AmdTools (cec8b2a9e39d3ecebb32456da4d7b6b2) C:\WINDOWS\system32\DRIVERS\AmdTools.sys
02:40:55.0609 3024 AmdTools ( UnsignedFile.Multi.Generic ) - warning
02:40:55.0609 3024 AmdTools - detected UnsignedFile.Multi.Generic (1)
02:40:55.0687 3024 amsint - ok
02:40:55.0890 3024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:40:58.0562 3024 Arp1394 - ok
02:40:58.0750 3024 asc - ok
02:40:58.0875 3024 asc3350p - ok
02:40:59.0015 3024 asc3550 - ok
02:40:59.0359 3024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:41:02.0109 3024 AsyncMac - ok
02:41:02.0312 3024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:41:04.0656 3024 atapi - ok
02:41:04.0890 3024 Atdisk - ok
02:41:05.0093 3024 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys
02:41:06.0750 3024 atksgt - ok
02:41:06.0906 3024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:41:09.0625 3024 Atmarpc - ok
02:41:09.0781 3024 ATP - ok
02:41:10.0000 3024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:41:12.0484 3024 audstub - ok
02:41:12.0609 3024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:41:15.0281 3024 Beep - ok
02:41:15.0625 3024 ByakkoDriver (a597d52c6aef427874553f9e92c9a057) C:\Program Files\GamesPirate\GPCabal LW\Byakko.K32
02:41:15.0812 3024 ByakkoDriver ( UnsignedFile.Multi.Generic ) - warning
02:41:15.0812 3024 ByakkoDriver - detected UnsignedFile.Multi.Generic (1)
02:41:15.0953 3024 Cardex - ok
02:41:16.0062 3024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:41:18.0765 3024 cbidf2k - ok
02:41:18.0937 3024 cd20xrnt - ok
02:41:19.0203 3024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:41:21.0890 3024 Cdaudio - ok
02:41:22.0031 3024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:41:24.0406 3024 Cdfs - ok
02:41:24.0562 3024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:41:27.0156 3024 Cdrom - ok
02:41:27.0265 3024 Changer - ok
02:41:27.0609 3024 CmdIde - ok
02:41:27.0906 3024 Cpqarray - ok
02:41:28.0171 3024 dac2w2k - ok
02:41:28.0343 3024 dac960nt - ok
02:41:28.0593 3024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:41:31.0437 3024 Disk - ok
02:41:31.0718 3024 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
02:41:34.0546 3024 dmboot - ok
02:41:34.0812 3024 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
02:41:37.0156 3024 dmio - ok
02:41:37.0250 3024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:41:39.0812 3024 dmload - ok
02:41:40.0015 3024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:41:42.0750 3024 DMusic - ok
02:41:42.0953 3024 dpti2o - ok
02:41:43.0125 3024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:41:45.0437 3024 drmkaud - ok
02:41:45.0593 3024 EagleNT - ok
02:41:45.0718 3024 EagleXNt - ok
02:41:46.0046 3024 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:41:47.0031 3024 ehdrv - ok
02:41:47.0312 3024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:41:49.0531 3024 Fastfat - ok
02:41:49.0796 3024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:41:52.0625 3024 Fdc - ok
02:41:52.0859 3024 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
02:41:55.0656 3024 Fips - ok
02:41:55.0875 3024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:41:58.0562 3024 Flpydisk - ok
02:41:58.0718 3024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:42:01.0140 3024 FltMgr - ok
02:42:01.0484 3024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:42:04.0359 3024 Fs_Rec - ok
02:42:04.0515 3024 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:42:06.0937 3024 Ftdisk - ok
02:42:07.0140 3024 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\DOCUME~1\XXXFRO~1\LOCALS~1\Temp\NZX3A8A.tmp
02:42:07.0250 3024 GarenaPEngine - ok
02:42:07.0312 3024 GGSAFERDriver - ok
02:42:07.0546 3024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:42:10.0109 3024 Gpc - ok
02:42:10.0218 3024 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
02:42:10.0906 3024 hamachi - ok
02:42:11.0046 3024 hcmon (68349d920642c15a675003d4253628dd) C:\WINDOWS\system32\drivers\hcmon.sys
02:42:11.0718 3024 hcmon - ok
02:42:11.0921 3024 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:42:15.0562 3024 HDAudBus - ok
02:42:15.0843 3024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:42:18.0609 3024 HidUsb - ok
02:42:18.0921 3024 hpn - ok
02:42:19.0109 3024 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:42:19.0718 3024 HPZid412 - ok
02:42:19.0875 3024 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:42:20.0484 3024 HPZipr12 - ok
02:42:20.0640 3024 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:42:21.0359 3024 HPZius12 - ok
02:42:21.0562 3024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:42:22.0203 3024 HTTP - ok
02:42:22.0359 3024 i2omgmt - ok
02:42:22.0562 3024 i2omp - ok
02:42:22.0796 3024 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:42:26.0093 3024 i8042prt - ok
02:42:26.0515 3024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:42:29.0687 3024 Imapi - ok
02:42:29.0968 3024 ini910u - ok
02:42:30.0093 3024 IntelIde - ok
02:42:30.0343 3024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:42:33.0531 3024 Ip6Fw - ok
02:42:33.0718 3024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:42:37.0078 3024 IpFilterDriver - ok
02:42:37.0343 3024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:42:40.0718 3024 IpInIp - ok
02:42:40.0890 3024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:42:44.0140 3024 IpNat - ok
02:42:44.0265 3024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:42:47.0671 3024 IPSec - ok
02:42:47.0875 3024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:42:49.0593 3024 IRENUM - ok
02:42:49.0859 3024 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:42:52.0953 3024 isapnp - ok
02:42:53.0171 3024 iYqIYEnpy - ok
02:42:53.0421 3024 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:42:56.0531 3024 Kbdclass - ok
02:42:56.0687 3024 keyboard (eebe74d5e0fca2e82e9dc5fccb0aeec0) C:\WINDOWS\system32\drivers\keyboard.sys
02:42:56.0984 3024 keyboard ( UnsignedFile.Multi.Generic ) - warning
02:42:56.0984 3024 keyboard - detected UnsignedFile.Multi.Generic (1)
02:42:57.0171 3024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:43:00.0234 3024 kmixer - ok
02:43:00.0390 3024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:43:00.0843 3024 KSecDD - ok
02:43:01.0093 3024 lbrtfdc - ok
02:43:01.0265 3024 leafnets (51674c5c2eeff3d155edab0f5ef9a4d2) C:\WINDOWS\system32\DRIVERS\leafnets.sys
02:43:01.0765 3024 leafnets - ok
02:43:01.0906 3024 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
02:43:02.0640 3024 lirsgt - ok
02:43:02.0765 3024 MemStPCI (f0f5c4c4bf6018414b066a3600799c77) C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
02:43:05.0296 3024 MemStPCI - ok
02:43:05.0484 3024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:43:08.0015 3024 mnmdd - ok
02:43:08.0265 3024 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
02:43:10.0921 3024 Modem - ok
02:43:11.0171 3024 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:43:13.0671 3024 Mouclass - ok
02:43:13.0937 3024 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:43:16.0421 3024 mouhid - ok
02:43:16.0578 3024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:43:19.0437 3024 MountMgr - ok
02:43:19.0593 3024 mouse (e7f606237bd97ccf34ef3cff6c2f577c) C:\WINDOWS\system32\drivers\mouse.sys
02:43:19.0812 3024 mouse ( UnsignedFile.Multi.Generic ) - warning
02:43:19.0812 3024 mouse - detected UnsignedFile.Multi.Generic (1)
02:43:19.0968 3024 mraid35x - ok
02:43:20.0125 3024 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
02:43:20.0281 3024 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
02:43:20.0281 3024 MREMP50 - detected UnsignedFile.Multi.Generic (1)
02:43:20.0375 3024 MREMP50a64 - ok
02:43:20.0453 3024 MREMPR5 - ok
02:43:20.0593 3024 MRENDIS5 - ok
02:43:20.0718 3024 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
02:43:20.0906 3024 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
02:43:20.0906 3024 MRESP50 - detected UnsignedFile.Multi.Generic (1)
02:43:21.0031 3024 MRESP50a64 - ok
02:43:21.0265 3024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:43:23.0437 3024 MRxDAV - ok
02:43:23.0640 3024 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:43:24.0265 3024 MRxSmb - ok
02:43:24.0687 3024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:43:26.0968 3024 Msfs - ok
02:43:27.0359 3024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:43:29.0468 3024 MSKSSRV - ok
02:43:29.0796 3024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:43:32.0062 3024 MSPCLOCK - ok
02:43:32.0343 3024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:43:34.0359 3024 MSPQM - ok
02:43:34.0578 3024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:43:36.0890 3024 mssmbios - ok
02:43:37.0093 3024 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
02:43:39.0046 3024 Mup - ok
02:43:39.0375 3024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:43:41.0562 3024 NDIS - ok
02:43:41.0781 3024 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:43:43.0968 3024 NdisTapi - ok
02:43:44.0234 3024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:43:46.0328 3024 Ndisuio - ok
02:43:46.0546 3024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:43:48.0562 3024 NdisWan - ok
02:43:48.0843 3024 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
02:43:50.0796 3024 NDProxy - ok
02:43:51.0062 3024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:43:53.0046 3024 NetBIOS - ok
02:43:53.0375 3024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:43:55.0640 3024 NetBT - ok
02:43:56.0093 3024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:43:58.0156 3024 NIC1394 - ok
02:43:58.0453 3024 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
02:44:00.0406 3024 nm - ok
02:44:00.0640 3024 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
02:44:01.0437 3024 nmwcd - ok
02:44:01.0687 3024 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
02:44:02.0390 3024 nmwcdc - ok
02:44:02.0546 3024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:44:04.0765 3024 Npfs - ok
02:44:05.0078 3024 npkcrypt - ok
02:44:05.0203 3024 npkycryp - ok
02:44:05.0593 3024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:44:08.0046 3024 Ntfs - ok
02:44:08.0281 3024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:44:10.0562 3024 Null - ok
02:44:11.0859 3024 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:44:14.0187 3024 nv - ok
02:44:14.0500 3024 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:44:14.0609 3024 NVENETFD - ok
02:44:14.0781 3024 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:44:15.0031 3024 nvnetbus - ok
02:44:15.0156 3024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:44:17.0453 3024 NwlnkFlt - ok
02:44:17.0531 3024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:44:19.0250 3024 NwlnkFwd - ok
02:44:19.0468 3024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:44:21.0453 3024 ohci1394 - ok
02:44:21.0671 3024 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
02:44:23.0421 3024 Parport - ok
02:44:23.0640 3024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:44:25.0484 3024 PartMgr - ok
02:44:25.0640 3024 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
02:44:27.0750 3024 ParVdm - ok
02:44:27.0968 3024 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
02:44:28.0109 3024 pccsmcfd - ok
02:44:28.0250 3024 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
02:44:30.0265 3024 PCI - ok
02:44:30.0437 3024 PCIDump - ok
02:44:30.0625 3024 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:44:32.0546 3024 PCIIde - ok
02:44:32.0671 3024 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:44:34.0609 3024 Pcmcia - ok
02:44:34.0781 3024 PDCOMP - ok
02:44:34.0890 3024 PDFRAME - ok
02:44:35.0000 3024 PDRELI - ok
02:44:35.0109 3024 PDRFRAME - ok
02:44:35.0250 3024 perc2 - ok
02:44:35.0343 3024 perc2hib - ok
02:44:35.0859 3024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:44:37.0765 3024 PptpMiniport - ok
02:44:37.0906 3024 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
02:44:39.0765 3024 Processor - ok
02:44:39.0984 3024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:44:41.0843 3024 PSched - ok
02:44:41.0984 3024 PsSdk40 (dc6a43cdecc16cbd1ab8f26dccf49703) C:\WINDOWS\system32\Drivers\pssdk40.sys
02:44:42.0718 3024 PsSdk40 - ok
02:44:42.0890 3024 PsSdkLBF (69b25e6601c59115490def40fce53555) C:\WINDOWS\system32\Drivers\pssdklbf.sys
02:44:43.0578 3024 PsSdkLBF - ok
02:44:43.0734 3024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:44:45.0921 3024 Ptilink - ok
02:44:46.0046 3024 ql1080 - ok
02:44:46.0140 3024 Ql10wnt - ok
02:44:46.0312 3024 ql12160 - ok
02:44:46.0453 3024 ql1240 - ok
02:44:46.0609 3024 ql1280 - ok
02:44:46.0781 3024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:44:49.0296 3024 RasAcd - ok
02:44:49.0484 3024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:44:52.0171 3024 Rasl2tp - ok
02:44:52.0328 3024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:44:55.0125 3024 RasPppoe - ok
02:44:55.0328 3024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:44:58.0187 3024 Raspti - ok
02:44:58.0359 3024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:45:01.0437 3024 Rdbss - ok
02:45:01.0703 3024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:45:04.0312 3024 RDPCDD - ok
02:45:04.0687 3024 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
02:45:07.0437 3024 RDPWD - ok
02:45:07.0671 3024 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:45:10.0203 3024 redbook - ok
02:45:10.0828 3024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:45:12.0718 3024 Secdrv - ok
02:45:13.0000 3024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:45:15.0671 3024 serenum - ok
02:45:15.0796 3024 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
02:45:18.0562 3024 Serial - ok
02:45:19.0359 3024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:45:22.0062 3024 Sfloppy - ok
02:45:22.0375 3024 Simbad - ok
02:45:22.0875 3024 Sparrow - ok
02:45:23.0156 3024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:45:26.0000 3024 splitter - ok
02:45:26.0281 3024 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
02:45:26.0281 3024 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
02:45:26.0312 3024 sptd ( LockedFile.Multi.Generic ) - warning
02:45:26.0312 3024 sptd - detected LockedFile.Multi.Generic (1)
02:45:26.0546 3024 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
02:45:28.0046 3024 sr - ok
02:45:28.0375 3024 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
02:45:28.0906 3024 Srv - ok
02:45:29.0343 3024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:45:31.0953 3024 swenum - ok
02:45:32.0109 3024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:45:35.0109 3024 swmidi - ok
02:45:35.0328 3024 symc810 - ok
02:45:35.0546 3024 symc8xx - ok
02:45:35.0765 3024 sym_hi - ok
02:45:36.0046 3024 sym_u3 - ok
02:45:36.0343 3024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:45:39.0140 3024 sysaudio - ok
02:45:39.0531 3024 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:45:39.0859 3024 Tcpip ( UnsignedFile.Multi.Generic ) - warning
02:45:39.0859 3024 Tcpip - detected UnsignedFile.Multi.Generic (1)
02:45:40.0078 3024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:45:42.0750 3024 TDPIPE - ok
02:45:42.0937 3024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:45:45.0750 3024 TDTCP - ok
02:45:45.0984 3024 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
02:45:46.0484 3024 teamviewervpn - ok
02:45:46.0609 3024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:45:49.0296 3024 TermDD - ok
02:45:49.0546 3024 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
02:45:52.0265 3024 tffsport - ok
02:45:52.0437 3024 TKFsAc (4864b221de65a7fbbc0fdaf5d94a7864) C:\WINDOWS\system32\TKFsAc2k.sys
02:45:53.0781 3024 TKFsAc - ok
02:45:54.0015 3024 TKFsAv (1b103092920f31babec26ed5c425a8ab) C:\WINDOWS\system32\TKFsAv2k.sys
02:45:55.0078 3024 TKFsAv - ok
02:45:55.0312 3024 TKFsFt (7c5cbe7455b567abe971919380d8bd7f) C:\WINDOWS\system32\TKFsFt2k.sys
02:45:56.0734 3024 TKFsFt - ok
02:45:56.0859 3024 TKRgAc (825f25279492606673f1919b7c7b0605) C:\WINDOWS\system32\TKRgAc2k.sys
02:45:57.0250 3024 TKRgAc ( UnsignedFile.Multi.Generic ) - warning
02:45:57.0250 3024 TKRgAc - detected UnsignedFile.Multi.Generic (1)
02:45:57.0406 3024 TKRgFt (c9e9d5f52b990d9297321a39dc430ed5) C:\WINDOWS\system32\TKRgFtXp.sys
02:45:57.0625 3024 TKRgFt ( UnsignedFile.Multi.Generic ) - warning
02:45:57.0625 3024 TKRgFt - detected UnsignedFile.Multi.Generic (1)
02:45:57.0734 3024 TosIde - ok
02:45:57.0890 3024 tQdxRRVjm - ok
02:45:58.0109 3024 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
02:45:58.0343 3024 TrueSight ( UnsignedFile.Multi.Generic ) - warning
02:45:58.0343 3024 TrueSight - detected UnsignedFile.Multi.Generic (1)
02:45:58.0578 3024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:46:00.0671 3024 Udfs - ok
02:46:00.0921 3024 ultra - ok
02:46:01.0046 3024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:46:03.0578 3024 Update - ok
02:46:03.0859 3024 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
02:46:04.0796 3024 upperdev - ok
02:46:05.0000 3024 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
02:46:05.0281 3024 usbbus - ok
02:46:05.0546 3024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:46:08.0390 3024 usbccgp - ok
02:46:08.0625 3024 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
02:46:09.0031 3024 UsbDiag - ok
02:46:09.0156 3024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:46:11.0796 3024 usbehci - ok
02:46:12.0046 3024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:46:14.0484 3024 usbhub - ok
02:46:14.0671 3024 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
02:46:15.0031 3024 USBModem - ok
02:46:15.0281 3024 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:46:17.0718 3024 usbohci - ok
02:46:17.0859 3024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:46:20.0390 3024 usbprint - ok
02:46:20.0562 3024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:46:23.0046 3024 usbscan - ok
02:46:23.0296 3024 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
02:46:25.0765 3024 usbser - ok
02:46:26.0000 3024 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
02:46:26.0875 3024 UsbserFilt - ok
02:46:27.0015 3024 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:46:29.0296 3024 usbstor - ok
02:46:29.0546 3024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:46:32.0000 3024 usbuhci - ok
02:46:32.0250 3024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:46:34.0375 3024 VgaSave - ok
02:46:34.0437 3024 ViaIde - ok
02:46:34.0625 3024 vmci (dbb8424c88ec76f70d9984d7a1318d3f) C:\WINDOWS\system32\Drivers\vmci.sys
02:46:35.0234 3024 vmci - ok
02:46:35.0359 3024 vmkbd (8b9e29aba9d44b3ba1c697bc6344432e) C:\WINDOWS\system32\drivers\VMkbd.sys
02:46:36.0000 3024 vmkbd - ok
02:46:36.0125 3024 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
02:46:36.0875 3024 VMnetAdapter - ok
02:46:37.0000 3024 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
02:46:37.0562 3024 VMnetBridge - ok
02:46:37.0703 3024 VMnetuserif (8876578dbabdde83f45ca291ab7663e4) C:\WINDOWS\system32\drivers\vmnetuserif.sys
02:46:38.0359 3024 VMnetuserif - ok
02:46:38.0562 3024 VMparport (de52e15fb9c1090393811200e9af424b) C:\WINDOWS\system32\Drivers\VMparport.sys
02:46:39.0093 3024 VMparport - ok
02:46:39.0328 3024 vmx86 (d2373384aa1de0601cf04bc77963d553) C:\WINDOWS\system32\Drivers\vmx86.sys
02:46:40.0078 3024 vmx86 - ok
02:46:40.0359 3024 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
02:46:42.0218 3024 VolSnap - ok
02:46:42.0390 3024 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
02:46:42.0859 3024 vstor2-ws60 - ok
02:46:43.0140 3024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:46:44.0890 3024 Wanarp - ok
02:46:45.0078 3024 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
02:46:45.0312 3024 Wdf01000 - ok
02:46:45.0421 3024 WDICA - ok
02:46:45.0578 3024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:46:47.0296 3024 wdmaud - ok
02:46:47.0734 3024 wip0204 (2944bed10ffd9369da9a988d8ac899e4) C:\WINDOWS\system32\DRIVERS\wip0204.sys
02:46:47.0781 3024 wip0204 - ok
02:46:48.0046 3024 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:46:48.0203 3024 WpdUsb - ok
02:46:48.0328 3024 WPRO_41_1742 - ok
02:46:48.0406 3024 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:46:50.0031 3024 WS2IFSL - ok
02:46:50.0328 3024 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:46:50.0515 3024 WudfPf - ok
02:46:50.0593 3024 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:46:50.0718 3024 WudfRd - ok
02:46:50.0843 3024 XDva332 - ok
02:46:50.0937 3024 XDva337 - ok
02:46:51.0062 3024 XDva352 - ok
02:46:51.0187 3024 XDva358 - ok
02:46:51.0359 3024 XDva359 - ok
02:46:51.0484 3024 XDva370 - ok
02:46:51.0578 3024 XDva375 - ok
02:46:51.0671 3024 XDva386 - ok
02:46:51.0750 3024 XDva388 - ok
02:46:52.0156 3024 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
02:46:52.0812 3024 \Device\Harddisk0\DR0 - ok
02:46:52.0890 3024 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR4
02:46:53.0921 3024 \Device\Harddisk1\DR4 - ok
02:46:53.0953 3024 Boot (0x1200) (89c711cf420ee2aa53c6a15630bad325) \Device\Harddisk0\DR0\Partition0
02:46:53.0968 3024 \Device\Harddisk0\DR0\Partition0 - ok
02:46:54.0031 3024 Boot (0x1200) (86410f4cc878dddccd88fc3ffdb1abad) \Device\Harddisk0\DR0\Partition1
02:46:54.0046 3024 \Device\Harddisk0\DR0\Partition1 - ok
02:46:54.0093 3024 Boot (0x1200) (a5ab5c0e64790e047f15e13729733f65) \Device\Harddisk1\DR4\Partition0
02:46:54.0109 3024 \Device\Harddisk1\DR4\Partition0 - ok
02:46:54.0140 3024 ============================================================
02:46:54.0140 3024 Scan finished
02:46:54.0140 3024 ============================================================
02:46:54.0390 1156 Detected object count: 11
02:46:54.0390 1156 Actual detected object count: 11
02:48:42.0031 1156 AmdTools ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0031 1156 AmdTools ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0031 1156 ByakkoDriver ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0031 1156 ByakkoDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0046 1156 keyboard ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0046 1156 keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0046 1156 mouse ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0046 1156 mouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0046 1156 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0046 1156 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0046 1156 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0046 1156 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0046 1156 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:48:42.0046 1156 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:48:42.0078 1156 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0078 1156 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0078 1156 TKRgAc ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0078 1156 TKRgAc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0109 1156 TKRgFt ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0109 1156 TKRgFt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:48:42.0125 1156 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
02:48:42.0125 1156 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

#19 Příspěvek od **vyosek** » 04 led 2012 18:07

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
compmgmt.msc
```
Kliknete na OK
Otevre se spravce disku, screen z nej bych rad videl - navod na screen http://www.viry.cz/forum/viewtopic.php?f=11&t=14114

Oji · #20 Příspěvek od **Oji** » 04 led 2012 18:33

http://imageshack.us/content_round.php? ... ad&newlp=1

#21 Příspěvek od **vyosek** » 04 led 2012 18:39

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Oji · #22 Příspěvek od **Oji** » 04 led 2012 21:09

ComboFix 12-01-04.02 - Owner 01.01.2006 4:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1982.1273 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
C:\Thumbs.db
c:\windows\alcrmv.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\detoured.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\TZLog.log
C:\wow.jpg
H:\install.exe
.
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\msgsvc.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2005-12-01 do 2006-01-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 21:03 . 2011-02-19 21:03 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-02-19 21:03 . 2011-02-19 21:03 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-12 13:40 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-14 12:00 . 2009-10-27 17:19 35328 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-04-14 12:00 . 2009-10-27 17:19 99840 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-04-14 12:00 . 2009-10-27 17:19 7168 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2008-04-14 12:00 . 2009-10-27 17:19 21504 ----a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2008-04-14 12:00 . 2009-10-27 17:19 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 12:00 . 2009-10-27 17:19 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 12:00 . 2009-10-27 17:19 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 12:00 . 2009-10-27 17:18 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-04-14 12:00 . 2009-10-27 17:18 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 12:00 . 2009-10-27 17:18 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 12:00 . 2009-10-27 17:18 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 12:00 . 2009-10-27 17:18 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 12:00 . 2009-10-27 17:18 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-04-14 12:00 . 2009-10-27 17:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2008-04-14 12:00 . 2009-10-27 17:18 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-04-14 12:00 . 2009-10-27 17:16 35328 ----a-w- c:\windows\system32\winchat.exe
2008-04-14 12:00 . 2008-04-14 12:00 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 12:00 . 2008-04-14 12:00 518944 ----a-w- c:\windows\system32\msexch40.dll
2008-04-14 12:00 . 2008-04-14 12:00 39424 ----a-w- c:\windows\apppatch\AcAdProc.dll
2008-04-14 12:00 . 2008-04-14 12:00 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 12:00 . 2008-04-14 12:00 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2008-04-14 12:00 . 2008-04-14 12:00 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 12:00 . 2008-04-14 12:00 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 12:00 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\webcheck.dll
2008-04-14 12:00 . 2008-04-14 12:00 245248 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2008-04-14 12:00 . 2008-04-14 12:00 1852928 ----a-w- c:\windows\apppatch\AcGenral.dll
2008-04-14 12:00 . 2008-04-14 12:00 152576 ----a-w- c:\windows\help\bnts.dll
2008-04-14 12:00 . 2008-04-14 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2008-04-14 12:00 . 2008-04-14 12:00 141312 ----a-w- c:\windows\apppatch\AcLua.dll
2008-04-14 12:00 . 2008-04-14 12:00 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2008-04-14 12:00 . 2001-10-24 12:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2008-04-14 12:00 . 2001-10-24 12:25 69700 ----a-w- c:\windows\system32\usrshuta.exe
2008-04-14 12:00 . 2001-10-24 12:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2008-04-14 12:00 . 2001-10-24 12:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2008-04-14 12:00 . 2001-10-24 12:25 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2008-04-14 12:00 . 2001-10-24 12:25 8192 ----a-w- c:\windows\system32\streamci.dll
2008-04-14 12:00 . 2001-10-24 12:25 77890 ----a-w- c:\windows\system32\usrdpa.dll
2008-04-14 12:00 . 2001-10-24 12:25 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2008-04-14 12:00 . 2001-10-24 12:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2008-04-14 12:00 . 2001-10-24 12:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2008-04-14 12:00 . 2001-10-24 12:25 69699 ----a-w- c:\windows\system32\usrcoina.dll
2008-04-14 12:00 . 2001-10-24 12:25 61500 ----a-w- c:\windows\system32\usrcntra.dll
2008-04-14 12:00 . 2001-10-24 12:25 53305 ----a-w- c:\windows\system32\usrlbva.dll
2008-04-14 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrvpa.dll
2008-04-14 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2008-04-14 12:00 . 2001-10-24 12:25 49209 ----a-w- c:\windows\system32\usrv80a.dll
2008-04-14 12:00 . 2001-10-24 12:25 45116 ----a-w- c:\windows\system32\usrvoica.dll
2008-04-14 12:00 . 2001-10-24 12:25 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2008-04-14 12:00 . 2001-10-24 12:25 323641 ----a-w- c:\windows\system32\usrdtea.dll
2008-04-14 12:00 . 2001-10-24 12:25 102457 ----a-w- c:\windows\system32\usrv42a.dll
2008-04-14 12:00 . 2001-10-24 12:25 69632 ----a-w- c:\windows\system32\spnike.dll
2008-04-14 12:00 . 2001-10-24 12:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2008-04-14 12:00 . 2001-10-24 12:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2008-04-14 12:00 . 2001-10-24 12:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2008-04-14 12:00 . 2001-10-24 11:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2008-04-14 12:00 . 2001-10-24 11:53 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2008-04-14 12:00 . 2001-08-18 06:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2008-04-14 12:00 . 2001-08-17 22:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2008-04-14 12:00 . 2001-08-17 22:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2008-04-14 12:00 . 2001-08-17 22:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2008-04-14 12:00 . 2001-08-17 21:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2008-04-14 12:00 . 2001-08-17 21:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2006-10-18 20:58 . 2004-08-11 00:45 8704 ----a-w- c:\windows\system32\wdfmgr.exe
2006-10-18 20:58 . 2004-08-11 00:45 8704 ----a-w- c:\windows\system32\uwdf.exe
2006-10-18 20:47 . 2004-08-11 00:45 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2006-10-18 20:47 . 2004-08-11 00:45 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2006-10-18 20:47 . 2004-08-11 00:45 35840 ----a-w- c:\windows\system32\wpdconns.dll
2006-10-18 20:47 . 2004-08-11 00:45 356352 ----a-w- c:\windows\system32\wpdsp.dll
2006-10-18 20:47 . 2004-08-11 00:45 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2006-10-18 20:47 . 2004-08-11 00:45 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2006-10-18 20:47 . 2004-08-11 00:45 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\wdfapi.dll
2006-10-18 19:00 . 2004-08-11 00:45 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2011-11-25 14:34 . 2011-09-14 21:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SmartSVN 6.6 (background).lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SmartSVN 6.6 (background).lnk
backup=c:\windows\pss\SmartSVN 6.6 (background).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xXxFronnieCzExXx^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\xXxFronnieCzExXx\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S4L-Hacked Clothes! PATCH 24.exe]
C:\Program Files [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-12 22:20 3305760 ----a-w- c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-12-03 20:58 137536 ----atw- c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-23 19:49 136176 ----atw- c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 14:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 12:59 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-19 21:16 96880 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
2010-11-22 15:06 3018456 ----a-w- c:\program files\Wippien\Wippien.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0_18\\jre\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Wippien\\Wippien.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\xXxFronnieCzExXx\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"h:\\Program Files\\Sony Online Entertainment\\Installed Games\\DC Universe Online Live\\UNREAL3\\BINARIES\\WIN32\\DCGAME.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Call of Duty- Modern Warfare 3\\iw5mp_server.exe"=
"c:\\Documents and Settings\\xXxFronnieCzExXx\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59132:TCP"= 59132:TCP:Pando Media Booster
"59132:UDP"= 59132:UDP:Pando Media Booster
"57570:TCP"= 57570:TCP:Pando Media Booster
"57570:UDP"= 57570:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6977:TCP"= 6977:TCP:League of Legends Launcher
"6977:UDP"= 6977:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"57603:TCP"= 57603:TCP:Pando Media Booster
"57603:UDP"= 57603:UDP:Pando Media Booster
"1101:TCP"= 1101:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 7:17 114984]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [1.7.2010 18:18 31744]
R3 keyboard;Keyboard Upper Filter Driver;c:\windows\system32\drivers\keyboard.sys [13.10.2010 14:40 8448]
R3 mouse;Mouse Upper Filter Driver;c:\windows\system32\drivers\mouse.sys [13.10.2010 14:40 8320]
S3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys --> c:\windows\system32\DRIVERS\cmdatp.sys [?]
S3 ByakkoDriver;ByakkoDriver;c:\program files\GamesPirate\GPCabal LW\Byakko.K32 [23.11.2010 4:01 7936]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\XXXFRO~1\LOCALS~1\Temp\NZX3A8A.tmp --> c:\docume~1\XXXFRO~1\LOCALS~1\Temp\NZX3A8A.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 iYqIYEnpy;iYqIYEnpy;\??\c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX07.062\xXxMhs\BKJXFYDS --> c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX07.062\xXxMhs\BKJXFYDS [?]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [11.8.2010 0:56 55296]
S3 MemStPCI;Řadič Sony Memory Stick (PCI);c:\windows\system32\drivers\MemStPCI.SYS [15.1.2010 13:26 26112]
S3 npkycryp;npkycryp;\??\c:\program files\Lineage II C4\system\npkycryp.sys --> c:\program files\Lineage II C4\system\npkycryp.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\documents and settings\L2J Server\Plocha\Nove1, slo9e,ka\LSPprovider.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{149E8B8E-AB9B-4E0A-A4C2-017F3E6B493C}: NameServer = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\3oqqruds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
Notify-AtiExtEvent - (no file)
SafeBoot-Wdf01000.sys
AddRemove-Vesper Cristal - c:\documents and settings\Owner\Plocha\asd\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-01-01 05:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\GamesPirate\GPCabal LW\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\XXXFRO~1\LOCALS~1\Temp\NZX3A8A.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iYqIYEnpy]
"ImagePath"="\??\c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX07.062\xXxMhs\BKJXFYDS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tQdxRRVjm]
"ImagePath"="\??\c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX01.734\xXxMhs\WJZSKGZ"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2908)
c:\program files\SmartSVN 6.6\lib\shellext32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SmartSVN 6.6\bin\statuscached.exe
c:\windows\system32\vmnat.exe
c:\program files\WANdisco\Subversion\Apache2\bin\httpd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\WANdisco\Subversion\Apache2\bin\httpd.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2006-01-01 05:55:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2006-01-01 04:55
.
Před spuštěním: Volných bajtů: 25 691 439 104
Po spuštění: Volných bajtů: 40 442 744 832
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=QFMLQK /usepmtimer
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - BE99042F0FF446CF30BBBF015124EDAE

#23 Příspěvek od **vyosek** » 04 led 2012 21:17

Ten Avast tam budete davat kdy

Oji · #24 Příspěvek od **Oji** » 05 led 2012 15:24

už je tam

#25 Příspěvek od **vyosek** » 05 led 2012 15:40

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
Services\Akamai
GarenaPEngine
iYqIYEnpy
tQdxRRVjm

Restore::
c:\windows\system32\drivers\tcpip.sys

Folder::
c:\program files\ESET
c:\program files\SweetIM
c:\program files\uTorrentBar
c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Akamai
c:\program files\Get Styles
c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX07.062
c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX01.734
c:\program files\common files\akamai

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Steam"=-
"ctfmon.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S4L-Hacked Clothes! PATCH 24.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1101:TCP"=-
"5000:UDP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Akamai"=-

NetSvc::
Akamai

DDS::
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&u ... um=centrum
mStart Page = hxxp://home.sweetim.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\3oqqruds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.1&q=

File::
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1007UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1019Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1019UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021UA.job

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Oji · #26 Příspěvek od **Oji** » 05 led 2012 19:00

ComboFix 12-01-05.01 - Owner 01.01.2006 1:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1982.1311 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021UA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1007Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1007UA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1019Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1019UA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-963894560-1177238915-1021UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
.
Nakažená kopie c:\windows\system32\msgsvc.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GARENAPENGINE
-------\Legacy_IYQIYENPY
-------\Legacy_TQDXRRVJM
-------\Service_GarenaPEngine
-------\Service_iYqIYEnpy
-------\Service_tQdxRRVjm
-------\Legacy_ekrn
-------\Service_EHttpSrv
-------\Service_ekrn
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2005-12-01 do 2006-01-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 21:03 . 2011-02-19 21:03 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-02-19 21:03 . 2011-02-19 21:03 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2009-11-27 16:40 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-12 13:40 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-04-14 12:00 . 2009-10-27 17:19 35328 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-04-14 12:00 . 2009-10-27 17:19 99840 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-04-14 12:00 . 2009-10-27 17:19 7168 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2008-04-14 12:00 . 2009-10-27 17:19 21504 ----a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2008-04-14 12:00 . 2009-10-27 17:19 726590 ----a-w- c:\windows\srchasst\srchui.dll
2008-04-14 12:00 . 2009-10-27 17:19 58434 ----a-w- c:\windows\srchasst\srchctls.dll
2008-04-14 12:00 . 2009-10-27 17:19 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll
2008-04-14 12:00 . 2009-10-27 17:18 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
2008-04-14 12:00 . 2009-10-27 17:18 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 12:00 . 2009-10-27 17:18 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 12:00 . 2009-10-27 17:18 378880 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 12:00 . 2009-10-27 17:18 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 12:00 . 2009-10-27 17:18 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2008-04-14 12:00 . 2009-10-27 17:18 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2008-04-14 12:00 . 2009-10-27 17:18 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\HscUpd.exe
2008-04-14 12:00 . 2009-10-27 17:16 35328 ----a-w- c:\windows\system32\winchat.exe
2008-04-14 12:00 . 2008-04-14 12:00 601088 ----a-w- c:\windows\system32\autochk.exe
2008-04-14 12:00 . 2008-04-14 12:00 518944 ----a-w- c:\windows\system32\msexch40.dll
2008-04-14 12:00 . 2008-04-14 12:00 39424 ----a-w- c:\windows\apppatch\AcAdProc.dll
2008-04-14 12:00 . 2008-04-14 12:00 34816 ----a-w- c:\windows\help\sniffpol.dll
2008-04-14 12:00 . 2008-04-14 12:00 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe
2008-04-14 12:00 . 2008-04-14 12:00 33280 ----a-w- c:\windows\help\sstub.dll
2008-04-14 12:00 . 2008-04-14 12:00 279040 ----a-w- c:\windows\help\tshoot.dll
2008-04-14 12:00 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\webcheck.dll
2008-04-14 12:00 . 2008-04-14 12:00 245248 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2008-04-14 12:00 . 2008-04-14 12:00 1852928 ----a-w- c:\windows\apppatch\AcGenral.dll
2008-04-14 12:00 . 2008-04-14 12:00 152576 ----a-w- c:\windows\help\bnts.dll
2008-04-14 12:00 . 2008-04-14 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2008-04-14 12:00 . 2008-04-14 12:00 141312 ----a-w- c:\windows\apppatch\AcLua.dll
2008-04-14 12:00 . 2008-04-14 12:00 116224 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2008-04-14 12:00 . 2001-10-24 12:25 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2008-04-14 12:00 . 2001-10-24 12:25 69700 ----a-w- c:\windows\system32\usrshuta.exe
2008-04-14 12:00 . 2001-10-24 12:25 56320 ----a-w- c:\windows\system32\dvdplay.exe
2008-04-14 12:00 . 2001-10-24 12:25 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2008-04-14 12:00 . 2001-10-24 12:25 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2008-04-14 12:00 . 2001-10-24 12:25 8192 ----a-w- c:\windows\system32\streamci.dll
2008-04-14 12:00 . 2001-10-24 12:25 77890 ----a-w- c:\windows\system32\usrdpa.dll
2008-04-14 12:00 . 2001-10-24 12:25 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2008-04-14 12:00 . 2001-10-24 12:25 72192 ----a-w- c:\windows\system32\sprio800.dll
2008-04-14 12:00 . 2001-10-24 12:25 70656 ----a-w- c:\windows\system32\sprio600.dll
2008-04-14 12:00 . 2001-10-24 12:25 69699 ----a-w- c:\windows\system32\usrcoina.dll
2008-04-14 12:00 . 2001-10-24 12:25 61500 ----a-w- c:\windows\system32\usrcntra.dll
2008-04-14 12:00 . 2001-10-24 12:25 53305 ----a-w- c:\windows\system32\usrlbva.dll
2008-04-14 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrvpa.dll
2008-04-14 12:00 . 2001-10-24 12:25 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2008-04-14 12:00 . 2001-10-24 12:25 49209 ----a-w- c:\windows\system32\usrv80a.dll
2008-04-14 12:00 . 2001-10-24 12:25 45116 ----a-w- c:\windows\system32\usrvoica.dll
2008-04-14 12:00 . 2001-10-24 12:25 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2008-04-14 12:00 . 2001-10-24 12:25 323641 ----a-w- c:\windows\system32\usrdtea.dll
2008-04-14 12:00 . 2001-10-24 12:25 102457 ----a-w- c:\windows\system32\usrv42a.dll
2008-04-14 12:00 . 2001-10-24 12:25 69632 ----a-w- c:\windows\system32\spnike.dll
2008-04-14 12:00 . 2001-10-24 12:25 157696 ----a-w- c:\windows\system32\paqsp.dll
2008-04-14 12:00 . 2001-10-24 12:24 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2008-04-14 12:00 . 2001-10-24 12:24 3200 ----a-w- c:\windows\system32\wowfax.dll
2008-04-14 12:00 . 2001-10-24 11:55 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2008-04-14 12:00 . 2001-10-24 11:53 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2008-04-14 12:00 . 2001-08-18 06:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2008-04-14 12:00 . 2001-08-17 22:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2008-04-14 12:00 . 2001-08-17 22:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2008-04-14 12:00 . 2001-08-17 22:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2008-04-14 12:00 . 2001-08-17 21:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2008-04-14 12:00 . 2001-08-17 21:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2008-04-14 12:00 . 2001-08-17 21:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2006-10-18 20:58 . 2004-08-11 00:45 8704 ----a-w- c:\windows\system32\wdfmgr.exe
2006-10-18 20:58 . 2004-08-11 00:45 8704 ----a-w- c:\windows\system32\uwdf.exe
2006-10-18 20:47 . 2004-08-11 00:45 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2006-10-18 20:47 . 2004-08-11 00:45 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2006-10-18 20:47 . 2004-08-11 00:45 35840 ----a-w- c:\windows\system32\wpdconns.dll
2006-10-18 20:47 . 2004-08-11 00:45 356352 ----a-w- c:\windows\system32\wpdsp.dll
2006-10-18 20:47 . 2004-08-11 00:45 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2006-10-18 20:47 . 2004-08-11 00:45 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2006-10-18 20:47 . 2004-08-11 00:45 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2006-10-18 20:47 . 2004-08-11 00:45 4096 ----a-w- c:\windows\system32\wdfapi.dll
2006-10-18 19:00 . 2004-08-11 00:45 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2011-11-25 14:34 . 2011-09-14 21:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2006-01-01_04.39.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2006-01-01 01:03 . 2006-01-01 01:03 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2005-12-31 23:16 . 2011-11-28 17:52 52952 c:\windows\system32\drivers\aswTdi.sys
+ 2005-12-31 23:16 . 2011-11-28 17:52 34392 c:\windows\system32\drivers\aswRdr.sys
+ 2005-12-31 23:16 . 2011-11-28 17:51 20568 c:\windows\system32\drivers\aswFsBlk.sys
+ 2005-12-31 23:16 . 2011-11-28 17:48 30808 c:\windows\system32\drivers\aavmker4.sys
+ 2011-12-21 04:06 . 2006-01-01 05:07 14468 c:\windows\SoftwareDistribution\EventCache\{99DA3DE2-B400-49FE-89D2-280AFCF6F995}.bin
+ 2005-12-31 23:15 . 2011-11-28 18:01 41184 c:\windows\avastSS.scr
+ 2006-01-01 01:03 . 2006-01-01 01:03 4608 c:\windows\Temp\e4j7.tmp_dir23453\i4jdel.exe
- 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-01-01 01:04 . 2006-01-01 01:04 347258 c:\windows\Temp\jna6369434855288301627.dll
- 2008-04-14 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
+ 2005-12-31 23:16 . 2011-11-28 17:53 314456 c:\windows\system32\drivers\aswSP.sys
+ 2005-12-31 23:44 . 2011-11-28 17:53 435032 c:\windows\system32\drivers\aswSnx.sys
+ 2005-12-31 23:16 . 2011-11-28 17:52 111320 c:\windows\system32\drivers\aswmon2.sys
+ 2005-12-31 23:16 . 2011-11-28 17:51 105176 c:\windows\system32\drivers\aswmon.sys
+ 2005-12-31 23:15 . 2011-11-28 18:01 199816 c:\windows\system32\aswBoot.exe
- 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-09-16 11:49 249856 ----a-w- c:\program files\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SmartSVN 6.6 (background).lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SmartSVN 6.6 (background).lnk
backup=c:\windows\pss\SmartSVN 6.6 (background).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xXxFronnieCzExXx^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\xXxFronnieCzExXx\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-12-03 20:58 137536 ----atw- c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-23 19:49 136176 ----atw- c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
2010-11-22 15:06 3018456 ----a-w- c:\program files\Wippien\Wippien.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jdk1.6.0_18\\jre\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Wippien\\Wippien.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Documents and Settings\\xXxFronnieCzExXx\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"h:\\Program Files\\Sony Online Entertainment\\Installed Games\\DC Universe Online Live\\UNREAL3\\BINARIES\\WIN32\\DCGAME.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Call of Duty- Modern Warfare 3\\iw5mp_server.exe"=
"c:\\Documents and Settings\\xXxFronnieCzExXx\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59132:TCP"= 59132:TCP:Pando Media Booster
"59132:UDP"= 59132:UDP:Pando Media Booster
"57570:TCP"= 57570:TCP:Pando Media Booster
"57570:UDP"= 57570:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"6977:TCP"= 6977:TCP:League of Legends Launcher
"6977:UDP"= 6977:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"57603:TCP"= 57603:TCP:Pando Media Booster
"57603:UDP"= 57603:UDP:Pando Media Booster
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PetitionD;Petition Service;c:\documents and settings\L2J Server\Plocha\sv\PetitionD\PetitionD.exe [x]
R3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\program files\GamesPirate\GPCabal LW\Byakko.K32 [2010-11-23 7936]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2010-08-10 55296]
R3 MemStPCI;Řadič Sony Memory Stick (PCI);c:\windows\system32\DRIVERS\MemStPCI.SYS [2008-04-13 26112]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-24 3436540]
R3 npkycryp;npkycryp;c:\program files\Lineage II C4\system\npkycryp.sys [x]
R3 PsSdk40;PsSdk40;c:\windows\system32\Drivers\pssdk40.sys [2010-02-20 36928]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-02-20 53312]
R3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [2009-04-21 88864]
R3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [2009-08-28 39200]
R3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [2009-05-13 80672]
R3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [2009-05-13 41984]
R3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [2009-05-27 24704]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-30 23480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-30 691696]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S2 aswFsBlk;aswFsBlk; [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6.6\bin\statuscached.exe [2010-09-16 216576]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-19 55024]
S2 WANdiscoSubversionServer;WANdisco Subversion Server;c:\program files\WANdisco\Subversion\Apache2\bin\httpd.exe [2010-05-24 17920]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
S3 keyboard;Keyboard Upper Filter Driver; [x]
S3 mouse;Mouse Upper Filter Driver; [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\documents and settings\L2J Server\Plocha\Nove1, slo9e,ka\LSPprovider.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{149E8B8E-AB9B-4E0A-A4C2-017F3E6B493C}: NameServer = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\3oqqruds.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-01-01 02:07
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\program files\GamesPirate\GPCabal LW\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\msi.dll
c:\program files\SmartSVN 6.6\lib\shellext32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\vmnat.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2006-01-01 03:12:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2006-01-01 02:11
ComboFix2.txt 2006-01-01 04:55
.
Před spuštěním: Volných bajtů: 40 037 150 720
Po spuštění: Volných bajtů: 39 843 237 888
.
- - End Of File - - 72180A294F17A1FE2CFC5D3464DA64E1

#27 Příspěvek od **vyosek** » 05 led 2012 21:10

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:services
Akamai
XDva332
XDva337
XDva352
XDva358
XDva359
XDva370
XDva375
XDva386
XDva388
keyboard
mouse

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

:files
c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Facebook\Update
c:\program files\ESET
c:\program files\SweetIM
c:\program files\uTorrentBar
c:\documents and settings\xXxFronnieCzExXx\Local Settings\Data aplikací\Akamai
c:\program files\Get Styles
c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX07.062
c:\docume~1\L2JSER~1\LOCALS~1\Temp\Rar$EX01.734
c:\program files\common files\akamai
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Oji · #28 Příspěvek od **Oji** » 06 led 2012 15:38

Tak ten OTM stáhnu ale nejde rozjet vždy napíše že není platní oddíl win32

Oji · #29 Příspěvek od **Oji** » 06 led 2012 15:51

Tak je to jenom u vás jinde když ho stáhnu tak jde..

#30 Příspěvek od **vyosek** » 06 led 2012 16:43

Tak kdyz jej tedy stahnete, tak udelejte postup s tim mazanim

VIRY.CZ

Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc

Re: Prosím o kontrolu logu pomalé pc