prosím o kontrolu logu

Zpráva

mrakoplacz · #1 Příspěvek od **mrakoplacz** » 31 led 2010 16:22

Zasekává se prohlížeč, načítání stránek
přitom rychlost připojení je 12 Mb.
Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mrakoplaš at 2010-01-31 16:09:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (16%) free of 114 GB
Total RAM: 3326 MB (79% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-02-18 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
PDF-XChange Viewer IE-Plugin - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [2009-02-21 1098008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-28 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-02-18 491520]
{B922D405-6D13-4A2B-AE89-08A030DA4402}
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"WEBTRAN"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-15 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B5000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Total Comander\TOTALCMD.EXE"="C:\Program Files\Total Comander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"E:\Game Files\Crysis\Bin32\Crysis.exe"="E:\Game Files\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Game Files\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Game Files\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Game Files\Etherlords 2\Etherlords2.exe"="E:\Game Files\Etherlords 2\Etherlords2.exe:*:Enabled:Etherlords 2 main executable file"
"D:\Program Files\rFactor\rFactor.exe"="D:\Program Files\rFactor\rFactor.exe:*:Enabled:rFactor"
"D:\Program Files\Ubisoft\tWG\sh3.exe"="D:\Program Files\Ubisoft\tWG\sh3.exe:*:Enabled:Silent Hunter III"
"D:\Program Files\Ubisoft\SilentHunterIII\sh3.exe"="D:\Program Files\Ubisoft\SilentHunterIII\sh3.exe:*:Enabled:Silent Hunter III"
"D:\Program Files\Ubisoft\GWX 300\sh3.exe"="D:\Program Files\Ubisoft\GWX 300\sh3.exe:*:Enabled:Silent Hunter III"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75516fa6-4602-11de-b4b6-001fd08fc84d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-8-77-100005760-100018805-100010760-1317.com k:\
shell\Open\command - RECYCLER\S-7-8-77-100005760-100018805-100010760-1317.com k:\

======File associations======

.reg - edit -
.reg - open - C:\PROGRA~1\OOREGE~1\OOREGE~1.EXE "%1"

======List of files/folders created in the last 1 months======

2010-01-31 16:09:33 ----D---- C:\Program Files\trend micro
2010-01-31 16:09:32 ----D---- C:\rsit
2010-01-25 20:15:58 ----D---- C:\Downloads
2010-01-25 20:15:18 ----D---- C:\Program Files\BitComet
2010-01-17 11:34:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Rumbic Studio
2010-01-17 11:17:43 ----D---- C:\mamina
2010-01-17 11:07:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-15 19:59:45 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-01-15 19:59:45 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-01-15 19:59:44 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-01-15 19:59:40 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-15 19:59:40 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-01-15 19:59:40 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-01-15 19:59:40 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-01-15 19:59:40 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-01-15 19:59:40 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-01-15 19:59:39 ----D---- C:\Program Files\Zone Labs
2010-01-15 19:59:00 ----D---- C:\WINDOWS\Internet Logs
2010-01-15 19:58:59 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-01-15 19:58:59 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-01-15 19:58:59 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-01-15 15:29:11 ----D---- C:\Documents and Settings\Mrakoplaš\Data aplikací\CheckPoint
2010-01-13 10:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 10:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-05 12:00:25 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-05 12:00:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-05 11:52:30 ----D---- C:\Program Files\Alcohol 120
2010-01-04 17:44:42 ----D---- C:\Program Files\Personal Firewall

======List of files/folders modified in the last 1 months======

2010-01-31 16:09:33 ----RD---- C:\Program Files
2010-01-31 16:09:14 ----A---- C:\WINDOWS\wincmd.ini
2010-01-31 16:09:07 ----D---- C:\!Stažené
2010-01-31 16:07:53 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 16:00:10 ----D---- C:\Documents and Settings\Mrakoplaš\Data aplikací\skypePM
2010-01-31 15:25:50 ----D---- C:\Documents and Settings\Mrakoplaš\Data aplikací\Skype
2010-01-31 12:21:33 ----D---- C:\WINDOWS\Temp
2010-01-31 12:20:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-31 07:59:23 ----D---- C:\WINDOWS
2010-01-31 07:59:23 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-30 17:47:34 ----D---- C:\WINDOWS\system32\config
2010-01-29 19:12:10 ----D---- C:\Documents and Settings\Mrakoplaš\Data aplikací\vlc
2010-01-26 21:52:15 ----HD---- C:\WINDOWS\inf
2010-01-26 21:51:51 ----RSD---- C:\WINDOWS\assembly
2010-01-26 21:51:17 ----D---- C:\WINDOWS\system32\DirectX
2010-01-26 21:47:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-26 15:31:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-24 22:43:14 ----D---- C:\Data
2010-01-23 16:50:22 ----D---- C:\WINDOWS\Debug
2010-01-22 16:27:03 ----D---- C:\WINDOWS\system32
2010-01-22 15:42:42 ----D---- C:\Mamka
2010-01-22 13:51:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 13:51:00 ----D---- C:\Program Files\Internet Explorer
2010-01-22 13:50:50 ----D---- C:\WINDOWS\ie8updates
2010-01-22 13:50:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 13:50:41 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-15 20:48:47 ----D---- C:\Documents and Settings\Mrakoplaš\Data aplikací\dvdcss
2010-01-15 19:56:44 ----D---- C:\WINDOWS\system32\drivers
2010-01-15 19:44:05 ----SHD---- C:\System Volume Information
2010-01-15 15:23:54 ----SHD---- C:\WINDOWS\Installer
2010-01-13 11:06:02 ----D---- C:\WINDOWS\AppPatch
2010-01-05 12:00:36 ----D---- C:\Program Files\AGEIA Technologies
2010-01-05 12:00:15 ----D---- C:\Program Files\Common Files
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:20:35 ----D---- C:\BitLord-Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-02-20 52544]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-05 281760]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2009-05-22 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2009-05-22 12032]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-05 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-15 4407808]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-09-18 223128]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2009-05-08 22016]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2006-06-06 20864]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
S3 ag0vv4id;ag0vv4id; C:\WINDOWS\system32\drivers\ag0vv4id.sys []
S3 AVerE506;AVerE506 service; C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 520192]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-26 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rockey_USB;Feitian ROCKEY4 USB Service; C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2009-05-08 12928]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-15 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-04-09 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-04-09 393216]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-28 152984]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-23 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-16 243056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-03-09 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tom8sh16 · #2 Příspěvek od **Tom8sh16** » 31 led 2010 16:43

Dobré odpoledne.

Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.

mrakoplacz · #3 Příspěvek od **mrakoplacz** » 31 led 2010 17:24

Provedl jsem kontrolu programem ComboFix
soubor jsem přiložil v příloze
Dále jsem udelal SCREEN jak vypada moje bezna prace na internetu
Práce v internetu je pro mne i pres rychle pripojeni peklem
Vyplnit nejaky formulař, třeba i registraci, je práce na několik desítek min.
neustále se přerušuje spojení, trvá odezva stránek.
Chvilju to slape jak hodiny a po prokliknuti nekolika stranek se zacnou dalsi nacitat a stejne se nenactou.

Tom8sh16 · #4 Příspěvek od **Tom8sh16** » 31 led 2010 17:48

Log vložte prosím přimo sem

mrakoplacz · #5 Příspěvek od **mrakoplacz** » 31 led 2010 17:59

Log:
ComboFix 10-01-30.05 - Mrakoplaš 31.01.2010 16:54:31.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2809 [GMT 1:00]
Spuštěný z: c:\!stažené\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mrakoplaç\Dokumenty\cc_20091019_194046.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 15:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 15:35 . 2010-01-31 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 15:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 15:09 . 2010-01-31 15:09 -------- d-----w- c:\program files\trend micro
2010-01-31 15:09 . 2010-01-31 15:10 -------- d-----w- C:\rsit
2010-01-25 19:15 . 2010-01-25 19:20 -------- d-----w- C:\Downloads
2010-01-25 19:15 . 2010-01-25 19:21 -------- d-----w- c:\program files\BitComet
2010-01-17 10:17 . 2010-01-17 11:35 -------- d-----w- C:\mamina
2010-01-15 18:59 . 2009-11-22 14:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-15 18:59 . 2009-11-22 14:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-13 09:55 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 11:00 . 2010-01-05 11:00 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-05 11:00 . 2010-01-05 11:00 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-05 11:00 . 2010-01-05 11:00 -------- d-----w- c:\windows\system32\AGEIA
2010-01-05 11:00 . 2010-01-05 11:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 10:52 . 2010-01-05 10:52 -------- d-----w- c:\program files\Alcohol 120
2010-01-04 16:44 . 2010-01-04 18:54 -------- d-----w- c:\program files\Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 15:50 . 2009-04-24 23:29 16608 ----a-w- c:\windows\gdrv.sys
2010-01-31 15:49 . 2010-01-16 08:36 2155093 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-26 20:47 . 2008-12-28 09:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 18:59 . 2010-01-15 14:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-15 18:59 . 2010-01-15 18:59 -------- d-----w- c:\program files\Zone Labs
2010-01-06 18:35 . 2009-09-26 11:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 11:00 . 2009-01-04 16:37 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-05 10:47 . 2008-12-28 19:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 11:37 . 2009-12-20 11:37 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-20 10:33 . 2009-06-23 09:02 -------- d-----w- c:\program files\Ubisoft
2009-12-19 13:53 . 2009-12-19 13:53 -------- d-----w- c:\program files\SimBin
2009-12-19 13:10 . 2009-12-19 13:10 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-19 13:10 . 2009-12-19 13:10 -------- d-----w- c:\program files\Logitech
2009-12-15 08:02 . 2001-10-25 11:00 83110 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 08:02 . 2001-10-25 11:00 438906 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 12:01 . 2009-02-20 07:59 -------- d-----w- c:\program files\KROSplus
2009-11-24 23:54 . 2008-12-28 14:31 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-28 14:31 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-28 14:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-28 14:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-28 14:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-28 14:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-28 14:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-28 14:31 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-28 14:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2010-01-15 18:59 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-11 16:37 . 2009-10-11 16:37 56 --sh--r- c:\windows\system32\4658640A93.sys
2009-10-11 16:37 . 2009-10-11 16:37 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\windows\OETRN.EXE
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Total Comander\\TOTALCMD.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Game Files\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Game Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Game Files\\Etherlords 2\\Etherlords2.exe"=
"d:\\Program Files\\rFactor\\rFactor.exe"=
"d:\\Program Files\\Ubisoft\\tWG\\sh3.exe"=
"d:\\Program Files\\Ubisoft\\SilentHunterIII\\sh3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"34447:TCP"= 34447:TCP:fFactor TCP port
"34397:UDP"= 34397:UDP:rFactor UDP port
"34297:UDP"= 34297:UDP:rFactor LAN
"667:TCP"= 667:TCP:SH3 (667)
"5808:TCP"= 5808:TCP:SH3 (5808)
"12975:TCP"= 12975:TCP:SH3 (12975)
"17997:TCP"= 17997:TCP:SH3 (17997)
"17998:TCP"= 17998:TCP:SH3 (17998)
"17999:TCP"= 17999:TCP:SH3 (17999)
"18000:TCP"= 18000:TCP:SH3 (18000)
"18001:TCP"= 18001:TCP:SH3 (18001)
"18002:TCP"= 18002:TCP:SH3 (18002)
"18003:TCP"= 18003:TCP:SH3 (18003)
"40000:UDP"= 40000:UDP:SH3 (40000)
"40001:UDP"= 40001:UDP:SH3 (40001)
"40003:UDP"= 40003:UDP:SH3 (40003)
"40002:UDP"= 40002:UDP:SH3 (40002)
"40004:UDP"= 40004:UDP:SH3 (40004)
"40005:UDP"= 40005:UDP:SH3 (40005)
"43500:UDP"= 43500:UDP:SH3 (43500)
"44000:UDP"= 44000:UDP:SH3 (44000)
"45000:UDP"= 45000:UDP:SH3 45000
"40000:TCP"= 40000:TCP:SH3 40000 TCP
"40001:TCP"= 40001:TCP:SH3 40001 TCP
"40002:TCP"= 40002:TCP:SH3 40002 TCP
"40003:TCP"= 40003:TCP:SH3 40003 TCP
"40004:TCP"= 40004:TCP:SH3 40004 TCP
"40005:TCP"= 40005:TCP:SH3 40005 TCP
"43500:TCP"= 43500:TCP:SH3 43500 TCP
"44000:TCP"= 44000:TCP:SH3 44000 TCP
"45000:TCP"= 45000:TCP:SH3 45000 TCP
"80:UDP"= 80:UDP:SH3 80 UDP
"23509:TCP"= 23509:TCP:BitComet 23509 TCP
"23509:UDP"= 23509:UDP:BitComet 23509 UDP

R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [20.2.2009 9:00 52544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.12.2008 15:31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2008 15:31 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [8.5.2009 20:28 348160]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [25.4.2009 0:30 80392]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [8.5.2009 20:26 1180672]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2008 20:02 721904]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [8.5.2009 20:28 393216]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [30.12.2008 22:13 520192]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [8.5.2009 9:38 12928]
S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys --> c:\windows\system32\drivers\uGuru.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-11-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Mrakoplaš\Data aplikací\Mozilla\Firefox\Profiles\104lsffu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
HKCU-Run-WEBTRAN - (no file)
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Uninstall.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,71,e0,a0,ef,8b,2d,33,11,4f,94,64,37,fa,87,da,56,df,b2,27,4c,4f,d2,
94,a7,7d,67,07,45,36,0b,dc,16,23,0e,27,39,cb,b9,80,11,e1,97,94,fe,90,b2,4c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:15,16,0a,1e,36,ec,40,69,74,ff,3d,af,a6,11,12,73,ce,e2,a4,b4,88,
34,20,1a,60,c1,8e,1c,10,48,ea,bf,39,82,43,4a,58,e3,c8,af,fe,80,eb,79,14,0a,\
"rkeysecu"=hex:af,1d,31,0e,9b,39,7e,89,48,16,75,30,ea,ad,84,cf
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-31 17:02:06
ComboFix-quarantined-files.txt 2010-01-31 16:02

Před spuštěním: Volných bajtů: 18 631 823 360
Po spuštění: Volných bajtů: 19 196 272 640

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C373209272E1D48A472B2B218E7611DC

Tom8sh16 · #6 Příspěvek od **Tom8sh16** » 31 led 2010 18:24

Přesuňte Combofix na plochu (pokud tam již není)

K následujícímu úkonu je potřeba, abyste měl/a administrátorská práva

Otevřete poznámkový blok (Notepad) a zkopírujte do něj následující text:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\4658640A93.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
C:\Program Files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Extra::
Firefox::
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=

Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix:

spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log

mrakoplacz · #7 Příspěvek od **mrakoplacz** » 31 led 2010 22:50

Log:
ComboFix 10-01-30.05 - Mrakoplaš 31.01.2010 22:29:56.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2792 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mrakoplaš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mrakoplaš\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100131-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\4658640A93.sys"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mrakoplaç\Dokumenty\cc_20091019_194046.reg
c:\documents and settings\Mrakoplaç\Dokumenty\cc_20100131_175945.reg
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\4658640A93.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 15:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 15:35 . 2010-01-31 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 15:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 15:09 . 2010-01-31 15:09 -------- d-----w- c:\program files\trend micro
2010-01-31 15:09 . 2010-01-31 15:10 -------- d-----w- C:\rsit
2010-01-25 19:15 . 2010-01-25 19:20 -------- d-----w- C:\Downloads
2010-01-25 19:15 . 2010-01-25 19:21 -------- d-----w- c:\program files\BitComet
2010-01-17 10:17 . 2010-01-17 11:35 -------- d-----w- C:\mamina
2010-01-15 18:59 . 2009-11-22 14:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-15 18:59 . 2009-11-22 14:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-13 09:55 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 11:00 . 2010-01-05 11:00 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-05 11:00 . 2010-01-05 11:00 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-05 11:00 . 2010-01-05 11:00 -------- d-----w- c:\windows\system32\AGEIA
2010-01-05 11:00 . 2010-01-05 11:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 10:52 . 2010-01-05 10:52 -------- d-----w- c:\program files\Alcohol 120
2010-01-04 16:44 . 2010-01-04 18:54 -------- d-----w- c:\program files\Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 21:37 . 2009-04-24 23:29 16608 ----a-w- c:\windows\gdrv.sys
2010-01-31 21:27 . 2010-01-16 08:36 2962875 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-26 20:47 . 2008-12-28 09:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 18:59 . 2010-01-15 14:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-15 18:59 . 2010-01-15 18:59 -------- d-----w- c:\program files\Zone Labs
2010-01-06 18:35 . 2009-09-26 11:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 11:00 . 2009-01-04 16:37 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-05 10:47 . 2008-12-28 19:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 11:37 . 2009-12-20 11:37 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-20 10:33 . 2009-06-23 09:02 -------- d-----w- c:\program files\Ubisoft
2009-12-19 13:53 . 2009-12-19 13:53 -------- d-----w- c:\program files\SimBin
2009-12-19 13:10 . 2009-12-19 13:10 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-19 13:10 . 2009-12-19 13:10 -------- d-----w- c:\program files\Logitech
2009-12-15 08:02 . 2001-10-25 11:00 83110 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 08:02 . 2001-10-25 11:00 438906 ----a-w- c:\windows\system32\perfh005.dat
2009-12-12 12:01 . 2009-02-20 07:59 -------- d-----w- c:\program files\KROSplus
2009-11-24 23:54 . 2008-12-28 14:31 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-28 14:31 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-12-28 14:31 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-12-28 14:31 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-28 14:31 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-28 14:31 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-28 14:31 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-28 14:31 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-28 14:31 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2010-01-15 18:59 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-11 16:37 . 2009-10-11 16:37 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\windows\OETRN.EXE
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Total Comander\\TOTALCMD.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Game Files\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Game Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Game Files\\Etherlords 2\\Etherlords2.exe"=
"d:\\Program Files\\rFactor\\rFactor.exe"=
"d:\\Program Files\\Ubisoft\\tWG\\sh3.exe"=
"d:\\Program Files\\Ubisoft\\SilentHunterIII\\sh3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"34447:TCP"= 34447:TCP:fFactor TCP port
"34397:UDP"= 34397:UDP:rFactor UDP port
"34297:UDP"= 34297:UDP:rFactor LAN
"667:TCP"= 667:TCP:SH3 (667)
"5808:TCP"= 5808:TCP:SH3 (5808)
"12975:TCP"= 12975:TCP:SH3 (12975)
"17997:TCP"= 17997:TCP:SH3 (17997)
"17998:TCP"= 17998:TCP:SH3 (17998)
"17999:TCP"= 17999:TCP:SH3 (17999)
"18000:TCP"= 18000:TCP:SH3 (18000)
"18001:TCP"= 18001:TCP:SH3 (18001)
"18002:TCP"= 18002:TCP:SH3 (18002)
"18003:TCP"= 18003:TCP:SH3 (18003)
"40000:UDP"= 40000:UDP:SH3 (40000)
"40001:UDP"= 40001:UDP:SH3 (40001)
"40003:UDP"= 40003:UDP:SH3 (40003)
"40002:UDP"= 40002:UDP:SH3 (40002)
"40004:UDP"= 40004:UDP:SH3 (40004)
"40005:UDP"= 40005:UDP:SH3 (40005)
"43500:UDP"= 43500:UDP:SH3 (43500)
"44000:UDP"= 44000:UDP:SH3 (44000)
"45000:UDP"= 45000:UDP:SH3 45000
"40000:TCP"= 40000:TCP:SH3 40000 TCP
"40001:TCP"= 40001:TCP:SH3 40001 TCP
"40002:TCP"= 40002:TCP:SH3 40002 TCP
"40003:TCP"= 40003:TCP:SH3 40003 TCP
"40004:TCP"= 40004:TCP:SH3 40004 TCP
"40005:TCP"= 40005:TCP:SH3 40005 TCP
"43500:TCP"= 43500:TCP:SH3 43500 TCP
"44000:TCP"= 44000:TCP:SH3 44000 TCP
"45000:TCP"= 45000:TCP:SH3 45000 TCP
"80:UDP"= 80:UDP:SH3 80 UDP
"23509:TCP"= 23509:TCP:BitComet 23509 TCP
"23509:UDP"= 23509:UDP:BitComet 23509 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.12.2008 20:02 721904]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [20.2.2009 9:00 52544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.12.2008 15:31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2008 15:31 20560]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [8.5.2009 20:28 348160]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [8.5.2009 20:28 393216]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [25.4.2009 0:30 80392]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [8.5.2009 20:26 1180672]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [30.12.2008 22:13 520192]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\Rockey4USB.sys [8.5.2009 9:38 12928]
S4 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys --> c:\windows\system32\drivers\uGuru.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Mrakoplaš\Data aplikací\Mozilla\Firefox\Profiles\104lsffu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 22:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spdj.sys >>UNKNOWN [0x8B277938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> sfsync02.sys @ 0xba338d60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,71,e0,a0,ef,8b,2d,33,11,4f,94,64,37,fa,87,da,56,df,b2,27,4c,4f,d2,
94,a7,7d,67,07,45,36,0b,dc,16,23,0e,27,39,cb,b9,80,11,e1,97,94,fe,90,b2,4c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:15,16,0a,1e,36,ec,40,69,74,ff,3d,af,a6,11,12,73,ce,e2,a4,b4,88,
34,20,1a,60,c1,8e,1c,10,48,ea,bf,39,82,43,4a,58,e3,c8,af,fe,80,eb,79,14,0a,\
"rkeysecu"=hex:af,1d,31,0e,9b,39,7e,89,48,16,75,30,ea,ad,84,cf
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(504)
c:\windows\system32\webcheck.dll
c:\program files\Fences\FencesMenu.dll
c:\program files\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-31 22:44:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-31 21:44
ComboFix2.txt 2010-01-31 16:02

Před spuštěním: Volných bajtů: 19 536 478 208
Po spuštění: Volných bajtů: 19 481 354 240

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3218A65F1EFC92242ADDEA9C78811B35

Tom8sh16 · #8 Příspěvek od **Tom8sh16** » 01 úno 2010 16:41

Tento soubor:
c:\program files\CheckPoint\ZAForceField\ISWKL.sys
otestujte na virustotal.com a vložte sem pouze odkaz (link) k výsledkům.
Pokud se u souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.

(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)

mrakoplacz · #9 Příspěvek od **mrakoplacz** » 02 úno 2010 10:10

Zmíněný soubor "ISWKL.sys" a ani adresář "c:\program files\CheckPoint" se v PC nenacházejí

Položka:
"S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys --> c:\program files\CheckPoint\ZAForceField\ISWKL.sys [?]"

se nacházela pouze v registru (právě jsem ji smazal) a vytvořila ji tam pravděpodobně instalace Zone Alarmu, ktará se snažila spolu s programem nainstalovat i Toolbar, což jsem instalaci nepovolil

nicméně se v registru nachází položka:
ROOT\LEGACY_ISWKL
která se odstranění brání

Po předešlé úpravě a odstranění zbytků ASK toolbaru potíže na mém PC (pokud jede v síti samo přestaly)
Počítač je v síti s uživatelem Noobek (viz řešení problémů)
Jsme napojeni na WAN při kabelové televizi
Používáme router SMC7004VBR.
V síti jsou zapojeny dvě PC, Noobek a já
Když teď po opravě jedu sám, tak je vše OK
Jakmile pustí NOOBEK PC začne váznout načítání stránek a ztíží se připojení do síťových her
(jde to ale až na několikerý pokus nebo po restartu routeru)
např. na UBI.com pro SH3 nebo na rfactor
a SKYPE občas neaktualizuje chat, a o napsaných zprávách píše že se nedají doručit.
Jede li NOOBEK sám, tak taky nemá žádný problém
Proč se naše dvě PC při komunikaci se světem nesnášejí, nedokážeme pochopit.

Pokud nám pomůžete vyřešit i tenhle problém, budeme Vám vděčni

Tom8sh16 · #10 Příspěvek od **Tom8sh16** » 02 úno 2010 21:06

Dobrý večer.

Síť není zrovna můj, ale pokusím se najít nějaké řešení

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu