Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém s internetem(sekání/blokování)

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Problém s internetem(sekání/blokování)

#1 Příspěvek od DaKrA »

Pěkný den, chtěl bych poprosit o pomoc. Pravděpodobně budu mít v PC nějakej humus.

Síť. připojení je OK(icq, hamachi, poker klient, vše funguje). Při spuštění internetu se mi zobrazí, že stránka neni dostupná(jakoby internet nešel), když budu mačkat F5,tak se ta stránky zobrazí(někdy s grafikou, někdy ořezaně bez grafiky).

Kuriózní je, že třeba google.cz se mi zobrazuje poměrně často(stejně jako seznam), jiné weby ale mají větší problém.

Problém se stupnuje, před týdnem to byl občasný problém(spolu s občasnou větší délkou načítání->vyřešilo se přes F5, znovunačtení), teď už se na tom na internetu dá pohybovat jenom hodně obtížně a mam obavu, že to bude horší a horší.

Comodo my našlo nějakou škodlivinu(podezřelé hrozby-šlo dát jenom do karantény). Jednoduše si s tim to, co v PC mam asi neví rady, nebo je tam ještě něco skrytýho.

Log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-03-13 17:34:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 729 GB (76%) free of 954 GB
Total RAM: 3325 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:34:50, on 13.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\SpeechGrid\SpeechGridService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PokerStrategy.com\PokerStrategy.com Elephant\Elephant.exe
C:\Program Files\PartyGaming\PartyGaming.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [t74qk] C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe cy
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [t74qk] C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe cy
O4 - HKCU\..\Run: [PokerStrategy.com SideKick] "C:\Documents and Settings\Administrator\Nabídka Start\Programy\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe --minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-790525478-113007714-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'dakra')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrator\Plocha\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrator\Plocha\PartyPoker.lnk (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SpeechGridService - SpeechGrid - C:\Program Files\SpeechGrid\SpeechGridService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13235 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-113007714-725345543-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-113007714-725345543-500UA.job
C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8C9EC464-D765-4ACB-8C79-8F27FCD39205}.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default

prefs.js - "browser.startup.homepage" - "http://home.sweetim.com"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, jqs@sun.com:1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {F0E1168A-B4B5-484C-B77E-0D28E6B64096}:1.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0]
"Description"=npganymedenet
"Path"=C:\Program Files\Ganymede\Plugins\npganymedenet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
{F0E1168A-B4B5-484C-B77E-0D28E6B64096}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsILegitCheckPlugin.xpt
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npganymedenet.dll
npganymedenet.xpt
npLegitCheckPlugin.dll
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-05-09 176936]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-02-25 2548552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-12-09 1226608]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-02-12 536576]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"t74qk"=C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe [2010-02-27 2334254]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=C:\Program Files\Steam\Steam.exe [2012-02-04 1242448]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-09 136176]
"t74qk"=C:\Program Files\Kkxyzzbpkwogz\cyylmnn.exe [2010-02-27 2334254]
"PokerStrategy.com SideKick"=C:\Documents and Settings\Administrator\Nabídka Start\Programy\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms [2011-12-28 450]
"MediaGet2"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe [2012-01-29 8109800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-09 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2011-01-19 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe [2012-01-29 8109800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeechGrid]
C:\Program Files\SpeechGrid\SpeechGrid.exe [2012-01-19 324976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Administrator\Plocha\Pro Cycling Manager - Season 2010\PCM.exe"="C:\Documents and Settings\Administrator\Plocha\Pro Cycling Manager - Season 2010\PCM.exe:*:Enabled:Pro Cycling Manager"
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011"
"C:\Program Files\FlightGear\bin\Win32\fgfs.exe"="C:\Program Files\FlightGear\bin\Win32\fgfs.exe:*:Enabled:fgfs"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Supermassive Games\Big Match Striker\BigMatchLauncher.exe"="C:\Program Files\Supermassive Games\Big Match Striker\BigMatchLauncher.exe:*:Enabled:Big Match Striker"
"C:\Documents and Settings\All Users\Dokumenty\Big Match Striker\BigMatchStriker.exe"="C:\Documents and Settings\All Users\Dokumenty\Big Match Striker\BigMatchStriker.exe:*:Enabled:BigMatchStriker"
"C:\Documents and Settings\Administrator\Plocha\hry\Binaries\Win32\UDK.exe"="C:\Documents and Settings\Administrator\Plocha\hry\Binaries\Win32\UDK.exe:*:Enabled:UDK"
"C:\Program Files\Clonk Rage\Clonk.exe"="C:\Program Files\Clonk Rage\Clonk.exe:*:Enabled:Clonk Rage"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2010\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2010\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2010"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2010\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2010\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2010 - Autorun"
"C:\Program Files\Sega\Virtua Tennis 4\VT4.exe"="C:\Program Files\Sega\Virtua Tennis 4\VT4.exe:*:Enabled:Virtua Tennis 4™"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2011\PCM.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2011\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2011"
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2011\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\Pro Cycling Manager - Season 2011\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2011 - Autorun"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Cossacks\dmcr.exe"="C:\Program Files\Cossacks\dmcr.exe:*:Enabled:dmcr"
"C:\Program Files\Warzone 2100\warzone2100.exe"="C:\Program Files\Warzone 2100\warzone2100.exe:*:Enabled:Warzone 2100"
"C:\Documents and Settings\Administrator\Plocha\hry\PORSCHE\Porsche.exe"="C:\Documents and Settings\Administrator\Plocha\hry\PORSCHE\Porsche.exe:*:Enabled:Porsche"
"C:\Program Files\Steam\steamapps\common\football manager 2012 demo\fm.exe"="C:\Program Files\Steam\steamapps\common\football manager 2012 demo\fm.exe:*:Enabled:Football Manager 2012 Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 2 months======

2012-03-13 17:34:15 ----D---- C:\rsit
2012-03-13 17:34:15 ----D---- C:\Program Files\trend micro
2012-03-10 18:25:13 ----D---- C:\Program Files\LogMeIn Hamachi
2012-03-01 21:40:18 ----D---- C:\Program Files\Stormregion
2012-02-24 22:39:19 ----A---- C:\WINDOWS\system32\SNWValid.dll
2012-02-24 22:39:19 ----A---- C:\WINDOWS\system32\SierraNW.dll
2012-02-24 22:39:17 ----D---- C:\WINDOWS\solcache
2012-02-24 22:37:16 ----D---- C:\Program Files\Sierra On-Line
2012-02-24 22:35:35 ----A---- C:\WINDOWS\SIERRA.INI
2012-02-23 16:34:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Unity
2012-02-22 02:02:45 ----D---- C:\WINDOWS\ie8updates
2012-02-22 01:59:48 ----D---- C:\WINDOWS\WBEM
2012-02-22 01:57:35 ----HDC---- C:\WINDOWS\ie8
2012-02-22 01:53:01 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-17 01:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-17 01:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2647516$
2012-02-17 01:04:18 ----A---- C:\WINDOWS\imsins.BAK
2012-02-17 01:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 16:14:32 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-08 21:28:23 ----HD---- C:\WINDOWS\msdownld.tmp
2012-02-08 21:27:10 ----D---- C:\WINDOWS\system32\AGEIA
2012-02-08 21:27:10 ----D---- C:\Program Files\AGEIA Technologies
2012-02-08 21:26:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-02-08 21:16:27 ----D---- C:\Program Files\Timeline Interactive
2012-02-08 15:55:58 ----D---- C:\Program Files\Plus500
2012-02-03 21:35:48 ----D---- C:\Program Files\GameSpy Arcade
2012-02-03 21:35:26 ----D---- C:\Program Files\directx
2012-02-03 21:32:25 ----D---- C:\Program Files\Disciples 2
2012-01-24 20:08:56 ----D---- C:\Program Files\Hide Your IP Address
2012-01-20 09:36:21 ----A---- C:\WINDOWS\IE4 Error Log.txt
2012-01-18 19:20:38 ----D---- C:\Program Files\SweetIM
2012-01-18 19:20:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2012-01-18 00:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

======List of files/folders modified in the last 2 months======

2012-03-13 17:34:45 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-03-13 17:34:15 ----RD---- C:\Program Files
2012-03-13 17:33:47 ----D---- C:\WINDOWS\Prefetch
2012-03-13 16:08:42 ----D---- C:\Program Files\Mozilla Firefox
2012-03-13 16:07:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PriceGong
2012-03-13 15:04:44 ----D---- C:\WINDOWS\system32
2012-03-13 14:56:25 ----D---- C:\WINDOWS\Temp
2012-03-13 14:56:15 ----D---- C:\Program Files\Steam
2012-03-13 14:56:12 ----D---- C:\Program Files\Internet Explorer
2012-03-13 14:55:54 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-13 02:33:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-12 13:06:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-03-10 18:26:00 ----SHD---- C:\WINDOWS\Installer
2012-03-01 21:40:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-29 11:15:43 ----SD---- C:\WINDOWS\Tasks
2012-02-25 21:31:29 ----D---- C:\WINDOWS
2012-02-25 21:31:27 ----A---- C:\WINDOWS\wininit.ini
2012-02-25 21:31:00 ----D---- C:\Program Files\Sierra
2012-02-25 21:30:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-23 10:27:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-23 01:06:28 ----HD---- C:\WINDOWS\inf
2012-02-23 01:06:19 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-22 02:05:06 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-22 02:05:05 ----D---- C:\WINDOWS\Help
2012-02-22 01:59:53 ----D---- C:\WINDOWS\system32\config
2012-02-22 01:59:36 ----D---- C:\WINDOWS\Media
2012-02-22 01:53:03 ----D---- C:\WINDOWS\Debug
2012-02-20 17:05:52 ----D---- C:\Program Files\PartyGaming
2012-02-17 14:19:05 ----RSD---- C:\WINDOWS\assembly
2012-02-17 14:19:05 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-17 13:49:41 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-17 01:14:19 ----D---- C:\WINDOWS\WinSxS
2012-02-13 18:20:40 ----D---- C:\Program Files\Tennis Elbow 2011
2012-02-08 21:28:42 ----D---- C:\WINDOWS\system32\DirectX
2012-02-08 21:28:25 ----D---- C:\WINDOWS\Logs
2012-02-08 21:26:50 ----D---- C:\Program Files\Common Files
2012-02-06 11:18:56 ----D---- C:\WINDOWS\system32\LogFiles
2012-01-22 21:36:43 ----D---- C:\Program Files\SpeechGrid
2012-01-21 23:37:54 ----D---- C:\Program Files\Ganymede
2012-01-20 09:23:52 ----D---- C:\Program Files\Softonic-Eng7
2012-01-18 19:21:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-01-16 94784]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2011-07-07 3332784]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2011-01-16 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-01-16 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-01-16 27576]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-05-03 225232]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-02-25 1803224]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
R2 SpeechGridService;SpeechGridService; C:\Program Files\SpeechGrid\SpeechGridService.exe [2012-01-19 55664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2011-07-07 316888]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


Diky.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#2 Příspěvek od Rudy »

Zdravím!
Šmejdy tam určitě máte. Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#3 Příspěvek od DaKrA »

Tu je. Combofix si stáhnul nějakou konzoli a pak asi něco vymazal. Tady je log:

ComboFix 12-03-13.01 - Administrator 13.03.2012 20:07:44.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3325.2463 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\~78.tmp
c:\documents and settings\Administrator\Local Settings\Temp\~78.tmp
c:\documents and settings\Administrator\WINDOWS
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\QuestScan
c:\program files\QuestScan\uninstall.exe
c:\program files\Setup.exe
c:\program files\ShoppingReport2
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET188.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET194.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QUESTSCAN_SERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 16:34 . 2012-03-13 16:34 -------- d-----w- C:\rsit
2012-03-13 16:34 . 2012-03-13 16:34 -------- d-----w- c:\program files\trend micro
2012-03-10 17:25 . 2012-03-10 17:25 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-03-06 20:44 . 2012-03-06 20:44 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-03-01 20:40 . 2012-03-01 20:40 -------- d-----w- c:\program files\Stormregion
2012-03-01 20:39 . 2005-03-22 16:50 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-01 20:39 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-01 20:39 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-01 20:39 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-01 20:39 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-01 20:39 . 2012-03-01 20:39 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-01 20:39 . 2012-03-01 20:39 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-02-29 10:13 . 2012-02-29 10:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-25 20:30 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.3
2012-02-25 20:20 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.2
2012-02-24 21:39 . 1998-06-10 12:07 1053184 ----a-w- c:\windows\system32\SierraNW.dll
2012-02-24 21:39 . 1998-06-10 12:05 231936 ----a-w- c:\windows\system32\SNWValid.dll
2012-02-24 21:39 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.1
2012-02-24 21:39 . 2012-02-24 21:39 -------- d-----w- c:\windows\solcache
2012-02-24 21:37 . 2012-02-25 20:30 -------- d-----w- c:\program files\Sierra On-Line
2012-02-23 15:34 . 2012-02-23 15:34 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Unity
2012-02-22 01:05 . 2012-02-22 01:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-22 01:05 . 2012-02-22 01:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-22 01:03 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-22 01:00 . 2011-12-18 13:42 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-22 01:00 . 2011-12-17 19:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 01:00 . 2011-12-17 19:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 01:00 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 01:00 . 2011-12-17 19:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 01:00 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 01:00 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 00:57 . 2012-02-22 01:00 -------- dc-h--w- c:\windows\ie8
2012-02-16 15:14 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 15:14 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 19:17 . 2011-01-08 13:15 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-03-13 19:15 . 2011-01-09 12:43 17488 ----a-w- c:\windows\gdrv.sys
2012-01-12 17:20 . 2002-09-20 16:41 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 11:14 . 2011-09-19 12:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:42 . 2002-09-20 17:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2002-09-20 17:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2002-09-20 17:04 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2011-01-08 12:32 385024 ------w- c:\windows\system32\html.iec
2010-06-10 13:37 . 2010-06-10 13:37 3074560 ----a-w- c:\program files\openofficeorg32.msi
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- c:\program files\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-02-04 1242448]
"t74qk"="c:\program files\Kkxyzzbpkwogz\cyylmnn.exe" [2010-02-27 2334254]
"MediaGet2"="c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe" [2012-01-29 8109800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-02-25 2548552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-12 536576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"t74qk"="c:\program files\Kkxyzzbpkwogz\cyylmnn.exe" [2010-02-27 2334254]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-09 12:01 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-19 13:14 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
2012-01-29 11:48 8109800 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeechGrid]
2012-01-18 23:46 324976 ----a-w- c:\program files\SpeechGrid\SpeechGrid.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\FlightGear\\bin\\Win32\\fgfs.exe"=
"c:\\Program Files\\Supermassive Games\\Big Match Striker\\BigMatchLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\Big Match Striker\\BigMatchStriker.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\Clonk Rage\\Clonk.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Sega\\Virtua Tennis 4\\VT4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\Warzone 2100\\warzone2100.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\PORSCHE\\Porsche.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2012 demo\\fm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [7.7.2011 22:15 3332784]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [8.1.2011 14:00 19496]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10.9.2010 23:40 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [26.9.2011 17:20 20216]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [15.10.2009 14:06 223464]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.1.2011 14:14 247096]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [1.2.2008 3:02 65536]
R2 SpeechGridService;SpeechGridService;c:\program files\SpeechGrid\SpeechGridService.exe [19.1.2012 0:46 55664]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [8.1.2011 14:15 24944]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [9.1.2011 10:31 30392]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2011 14:04 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.1.2011 13:55 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [9.1.2011 13:44 17488]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2011 14:04 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:04]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:04]
.
2012-03-12 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-06 22:47]
.
2012-03-13 c:\windows\Tasks\User_Feed_Synchronization-{8C9EC464-D765-4ACB-8C79-8F27FCD39205}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2012-03-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-09 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-QuestScan - c:\program files\QuestScan\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 20:16
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\mszuntery.dll 151552 bytes executable
c:\windows\system32\GVTunner.ref 4 bytes
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,99,b4,e5,13,9d,bc,44,86,d2,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,99,b4,e5,13,9d,bc,44,86,d2,47,\
.
[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\guard32.dll
c:\windows\system32\mszuntery.dll
c:\windows\system32\MPR.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\GIGABYTE\ET6\GUI.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 20:21:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 19:21
.
Před spuštěním: Volných bajtů: 763 906 142 208
Po spuštění: Volných bajtů: 764 474 900 480
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 6AB46F3174B50C289FFB8793AA5190F8
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#4 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files\SweetIM
c:\program files\AskBarDis
c:\program files\Kkxyzzbpkwogz
c:\program files\Google\Update

Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\mszuntery.dll
c:\windows\system32\GVTunner.ref

Driver::
gupdate
gupdatem

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"t74qk"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"t74qk"=-
"SweetIM"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

RegLock::
[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

Regnull::
[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#5 Příspěvek od DaKrA »

Provedeno. Proces vypadal podobně jako u původní akce Combofixu, udělal sem to přesně podle pokynů, takže snad ok.

Situace se zlepšila, teď už to neni katastrofa, ale je to jenom špatný. Takže problém trvá, jenom mam pocit, že v menšim měřítku.

Může my pomoct třeba druhé kolo, nebo něco...

A teď jako by se to zas podělalo, stránky se nenačítaj...ale aspoň už se my tuhle zprávu podařilo napsat z "infikovaného" počítače.

-------------------
Po té akci my ComboFix vypsal tohle hlášení:

ComboFix 12-03-13.01 - Administrator 13.03.2012 22:55:37.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3325.2586 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
file zipped: c:\windows\system32\mszuntery.dll
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0003C489.bin
c:\program files\AskBarDis\bar\Cache\0003C758.bin
c:\program files\AskBarDis\bar\Cache\0003C93D.bin
c:\program files\AskBarDis\bar\Cache\0003CC59.bin
c:\program files\AskBarDis\bar\Cache\0003CEEA.bin
c:\program files\AskBarDis\bar\Cache\0003D487.bin
c:\program files\AskBarDis\bar\Cache\0003D7C3.bin
c:\program files\AskBarDis\bar\Cache\0003D998.bin
c:\program files\AskBarDis\bar\Cache\0003DAFF.bin
c:\program files\AskBarDis\bar\Cache\00C3756A.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\DivX\DivX Plus Web Player\firefox\html5video
c:\program files\DivX\DivX Plus Web Player\firefox\html5video\content\divx32x32.png
c:\program files\DivX\DivX Plus Web Player\firefox\html5video\content\dwp.xul
c:\program files\DivX\DivX Plus Web Player\firefox\html5video\content\script.js
c:\program files\DivX\DivX Plus Web Player\firefox\html5video\chrome.manifest
c:\program files\DivX\DivX Plus Web Player\firefox\html5video\install.rdf
c:\program files\DivX\DivX Plus Web Player\firefox\wpa
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome.manifest
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\crossContextCommunication.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\dwp.xul
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\HiQLocale.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\HiQSmartUpdate.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\divx128x128.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\divx32x32.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\divx48x48.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\enabled.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-arrow_back.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enable-cap.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enable-down.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enable-hover.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enable.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-cap-square.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-close-down.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-close-hover.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-close.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-help-down.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-help-hover.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-help.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-check.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-checked.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-leftcap.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-rightcap.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-settings-down.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-settings-hover.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\images\hiq-enabled-settings.png
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\json-sans-eval.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\style.css
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\wpaCommon.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\chrome\content\wpaContentScript.js
c:\program files\DivX\DivX Plus Web Player\firefox\wpa\install.rdf
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Java\jre6\lib\deploy\jqs\ff
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\program files\Kkxyzzbpkwogz
c:\program files\Kkxyzzbpkwogz\cyylmnn.exe
c:\program files\Kkxyzzbpkwogz\help.chm
c:\program files\Kkxyzzbpkwogz\Log\Text\aiotxt.dat
c:\program files\Kkxyzzbpkwogz\Log\Text\aioweb.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12072011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12082011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12092011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12102011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12112011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12122011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12132011.dat
c:\program files\Kkxyzzbpkwogz\Log\Visual\12142011.dat
c:\program files\Kkxyzzbpkwogz\unins000.dat
c:\program files\Kkxyzzbpkwogz\unins000.exe
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\preferences\defaults.js
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome.jar
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\install.rdf
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\MicrosoftDotNetFrameworkAssistant.xpi
c:\windows\system32\mszuntery.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 16:34 . 2012-03-13 16:34 -------- d-----w- C:\rsit
2012-03-13 16:34 . 2012-03-13 16:34 -------- d-----w- c:\program files\trend micro
2012-03-10 17:25 . 2012-03-10 17:25 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-03-06 20:44 . 2012-03-06 20:44 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-03-01 20:40 . 2012-03-01 20:40 -------- d-----w- c:\program files\Stormregion
2012-03-01 20:39 . 2005-03-22 16:50 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-01 20:39 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-01 20:39 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-01 20:39 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-01 20:39 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-01 20:39 . 2012-03-01 20:39 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-01 20:39 . 2012-03-01 20:39 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-02-29 10:13 . 2012-02-29 10:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-25 20:30 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.3
2012-02-25 20:20 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.2
2012-02-24 21:39 . 1998-06-10 12:07 1053184 ----a-w- c:\windows\system32\SierraNW.dll
2012-02-24 21:39 . 1998-06-10 12:05 231936 ----a-w- c:\windows\system32\SNWValid.dll
2012-02-24 21:39 . 1997-09-17 23:00 490256 ----a-w- c:\windows\system32\Oleaut32.1
2012-02-24 21:39 . 2012-02-24 21:39 -------- d-----w- c:\windows\solcache
2012-02-24 21:37 . 2012-02-25 20:30 -------- d-----w- c:\program files\Sierra On-Line
2012-02-23 15:34 . 2012-02-23 15:34 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Unity
2012-02-22 01:05 . 2012-02-22 01:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-22 01:05 . 2012-02-22 01:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-22 01:03 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-22 01:00 . 2011-12-18 13:42 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-22 01:00 . 2011-12-17 19:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 01:00 . 2011-12-17 19:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 01:00 . 2011-12-17 19:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 01:00 . 2011-12-17 19:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 01:00 . 2011-12-17 19:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 01:00 . 2011-12-17 19:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 00:57 . 2012-02-22 01:00 -------- dc-h--w- c:\windows\ie8
2012-02-16 15:14 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 15:14 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 22:07 . 2011-01-08 13:15 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-03-13 22:05 . 2011-01-09 12:43 17488 ----a-w- c:\windows\gdrv.sys
2012-01-12 17:20 . 2002-09-20 16:41 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 11:14 . 2011-09-19 12:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:42 . 2002-09-20 17:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2002-09-20 17:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2002-09-20 17:04 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2011-01-08 12:32 385024 ------w- c:\windows\system32\html.iec
2010-06-10 13:37 . 2010-06-10 13:37 3074560 ----a-w- c:\program files\openofficeorg32.msi
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- c:\program files\dsetup32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_19.15.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-13 22:08 . 2012-03-13 22:08 16384 c:\windows\temp\Perflib_Perfdata_b48.dat
+ 2012-03-13 22:06 . 2012-03-13 22:06 16384 c:\windows\temp\Perflib_Perfdata_878.dat
+ 2010-11-02 21:43 . 2010-11-02 21:43 9845 c:\windows\system32\msw-npo4e.dll
- 2009-11-17 19:14 . 2009-11-17 19:14 9845 c:\windows\system32\msw-npo4e.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-02-04 1242448]
"MediaGet2"="c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe" [2012-01-29 8109800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-02-25 2548552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-12 536576]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-09 12:01 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-19 13:14 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
2012-01-29 11:48 8109800 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeechGrid]
2012-01-18 23:46 324976 ----a-w- c:\program files\SpeechGrid\SpeechGrid.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\FlightGear\\bin\\Win32\\fgfs.exe"=
"c:\\Program Files\\Supermassive Games\\Big Match Striker\\BigMatchLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\Big Match Striker\\BigMatchStriker.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\Clonk Rage\\Clonk.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Sega\\Virtua Tennis 4\\VT4.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\Warzone 2100\\warzone2100.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\PORSCHE\\Porsche.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2012 demo\\fm.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [7.7.2011 22:15 3332784]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [8.1.2011 14:00 19496]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10.9.2010 23:40 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [26.9.2011 17:20 20216]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [15.10.2009 14:06 223464]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.1.2011 14:14 247096]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [1.2.2008 3:02 65536]
R2 SpeechGridService;SpeechGridService;c:\program files\SpeechGrid\SpeechGridService.exe [19.1.2012 0:46 55664]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [8.1.2011 14:15 24944]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [9.1.2011 10:31 30392]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.1.2011 13:55 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [9.1.2011 13:44 17488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-03-12 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-06 22:47]
.
2012-03-13 c:\windows\Tasks\User_Feed_Synchronization-{8C9EC464-D765-4ACB-8C79-8F27FCD39205}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2012-03-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-09 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\rpt4mw6h.default\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-XyjY9ps4v_is1 - c:\program files\Kkxyzzbpkwogz\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\GIGABYTE\ET6\GUI.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-13 23:11:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-13 22:11
ComboFix2.txt 2012-03-13 21:51
ComboFix3.txt 2012-03-13 19:21
.
Před spuštěním: Volných bajtů: 764 463 140 864
Po spuštění: Volných bajtů: 764 406 771 712
.
- - End Of File - - 1DFCF84A9DE43D53CD0EC56B029278BB
Nahr nˇ probŘhlo ŁspŘçnŘ
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#6 Příspěvek od Rudy »

Podle logu by to mělo být čisté. Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log. Přece jen tam bylo dost svinstva.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#7 Příspěvek od DaKrA »

Nějaký bordel to našlo, asi 4 soubory to smazalo a s dalšíma nevim co udělalo, jelo to přes noc.

Status: Quarantined (events: 10)
15.3.2012 1:45:51 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Dokumenty\Downloads\Pro_Cycling_Manager_Tour_de_France_2011_keygen (1).exe High
15.3.2012 1:45:54 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Dokumenty\Downloads\Pro_Cycling_Manager_Tour_de_France_2011_keygen.exe High
15.3.2012 3:13:05 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Administrator\Plocha\g\Pro_Cycling_Manager_Tour_de_France_2011_keygen.exe High
15.3.2012 3:13:17 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\Documents and Settings\Administrator\Plocha\g\cestina\simcity4cz.v1.0f.exe Medium
15.3.2012 3:13:17 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\Documents and Settings\Administrator\Plocha\g\cestina\simcity4cz.v1.0f.exe//PE_Patch.Morphine Medium
15.3.2012 3:13:17 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\Documents and Settings\Administrator\Plocha\g\cestina\simcity4cz.v1.0f.exe//PE_Patch.Morphine//Morphine Medium
15.3.2012 10:05:48 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP385\A0066285.exe Medium
15.3.2012 10:05:48 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP385\A0066285.exe//PE_Patch.Morphine Medium
15.3.2012 10:05:48 Quarantined unknown threat Packed.Multi.SuspiciousPacker.gen C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP385\A0066285.exe//PE_Patch.Morphine//Morphine Medium
15.3.2012 10:05:48 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP385\A0066284.exe High
Status: Deleted (events: 4)
15.3.2012 8:28:08 Deleted adware not-a-virus:AdWare.Win32.Zwangi.has C:\Qoobox\Quarantine\C\Program Files\QuestScan\uninstall.exe.vir Medium
15.3.2012 8:28:08 Deleted adware not-a-virus:AdWare.Win32.Zwangi.has C:\Qoobox\Quarantine\C\Program Files\QuestScan\uninstall.exe.vir//data0001 Medium
15.3.2012 10:02:56 Deleted adware not-a-virus:AdWare.Win32.Zwangi.has C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP384\A0065617.exe Medium
15.3.2012 10:02:56 Deleted adware not-a-virus:AdWare.Win32.Zwangi.has C:\System Volume Information\_restore{98A062C6-F3C2-43EF-9DCB-B250256FF660}\RP384\A0065617.exe//data0001 Medium
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#8 Příspěvek od Rudy »

Ano, 4 položky byly smazány, zbytek šel do karantény. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#9 Příspěvek od DaKrA »

Bohužel problém trvá

Schválně jsem to zkusil projet ještě znova Comodem a ten našel 40 podezřelých souborů/hrozeb, zadal sem likvidaci.

Zřejmě tu tak bude někde něco, co je pečlivě skryto.

Snad bude nějaké řešení, jak to dostat pryč.

Napadá mě, že sem zapomněl vypnout bod obnovy, nevim jestli to mohlo mít vliv, vše proběhlo na první pohled v pohodě.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#10 Příspěvek od Rudy »

Zkuste Start>spustit>(napsat) cmd>OK. Do přík.řádku napište:
a odentrujte. Odezva by měla být rovnoměrná, neměly by vypadávat pakety a neměla by přesahovat 50ms.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#11 Příspěvek od DaKrA »

Provedeno hned 3x, výsledky:
4 odeslané, 4 přijaté pakety, 0 ztracených paketů, odezvy minimum 8, maximum 13ms.

Vždy 4 odpovědi

Vše vypadá ok.

Když ale na seznam.cz du, tak se povede třeba na 4-5 pokus.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#12 Příspěvek od Rudy »

Zkuste restartovat modem, příp. další síť. prvek v datové cestě.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#13 Příspěvek od DaKrA »

Všechno restartováno, je to takový zvláštní.

Sice my od tý doby nenaskočila hláška, že se stránka nenačetla, ale zas mam pocit, že na načítání stránek čekam neúměrně dlouhou dobu.

Když třeba na novinkách překlikávám mezi zprávama, tak je to jako blesk většinou, ale pak du na jakejkoliv jinej web a najednou prostoj třeba 30 sekund.

A teď už se my povedlo dostat i hlášku, že stránky nejde zobrazit.

Ještě bych doplnil pro úplnost:
Když už se my web načte, tak často jenom v textový formě(bez obrázků a grafiky).
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119515
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Problém s internetem(sekání/blokování)

#14 Příspěvek od Rudy »

Osobně mám za to, že jde o problém samotného připojení. Ještě zkontrolujeme PC na přítomnost rootkitu. Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
DaKrA
Návštěvník
Návštěvník
Příspěvky: 41
Registrován: 17 čer 2009 20:34

Re: Problém s internetem(sekání/blokování)

#15 Příspěvek od DaKrA »

Provedl sem, jenom sem si nevšim, že to udělalo úvodní zprávu, kterou jsem měl taky vložit sem. Takže jsem nejdřív udělal scan, uložil log a pak znova spustil, aby se vygeneroval úvodní log. Ten sem pak vygeneroval ještě dneska ráno, protože byl obsáhlejší, snad to vadit nebude. JInak bych ten proces udělal celej znova a popořadě.

POzn.:Napoprve my to nahodilo chybu, napodruhý už scan proběhl úspěšně, jenom my nakonci zahlásil Error "Open driver handle faílur", ale log proběhl v pohodě se zdá.

Úvodní logy:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-16 10:10:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD10EARS-003BB1 rev.80.00A80
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgpiyaod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAE2237BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAE223A12]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----


A další úvodní log ze včerejška(provedený po scanu, takže tam neni skoro nic):
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-16 02:04:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgpiyaod.sys


---- Kernel code sections - GMER 1.0.15 ----

? \WINDOWS\system32\ntkrnlpa.exe kernel module suspicious modification

---- EOF - GMER 1.0.15 ----
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“