Vezmeme to znova Tohle je vaše chyba a s ní uvedené duvody :http://windows.microsoft.com/cs-CZ/wind ... r-80072efd
tohle je seznam nejčastějších chyb http://support.microsoft.com/ph/6527
a toto jsou dočasné chyby http://support.microsoft.com/?kbid=836941
takže u vás jsme udělali co se dalo další na řadě muže být firewall poskytovatele
Zkuste projet PC Malwarebytes' Anti-Malware http://viry.cz/forum/viewtopic.php?f=29&t=67229
Dejte úplný sken C systém
Co najde dejte smazat a log sem ať vidím co našel
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Nikdo není dobrý náhodně,ctnosti je třeba se učit.
SENECA
SENECA
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim.
Tak tady:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
01/03/2010 11:33:55 AM
mbam-log-2010-03-01 (11-33-55).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 335105
Uplynulý èas: 1 hour(s), 37 minute(s), 10 second(s)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáøe: 0
Infikované soubory: 0
Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíèe registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáøe:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Tak tady:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
01/03/2010 11:33:55 AM
mbam-log-2010-03-01 (11-33-55).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 335105
Uplynulý èas: 1 hour(s), 37 minute(s), 10 second(s)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáøe: 0
Infikované soubory: 0
Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíèe registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáøe:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim
pokracujes somnou.
pokracujes somnou.
stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto
>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,
Ak nedostanes ziadnu hlasku,,,nechas vsetko zafajknute a kliknes SCAN->>>>po skane >>SAVE<<log vloz sem,
PROSIM CITAJTE POZORNE NAVODY!!!,
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;
A este raz >ANO<
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna
- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim.
Po scanu se mi objevila na par vterin modra obrazovka s chybovym hlasenim,pote se pc samo vyplo.Po zapnuti cerna obrazovka s hlaskou "ZOTAVENI SYSTEMU Z CHYB"............to je v poradku???
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 19:53:40
Windows 6.0.6002 Service Pack 2
Running: v4yckbif.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 860E1F00
INT 0x72 ? 860E1F00
INT 0x92 ? 8505DBF8
INT 0xA2 ? 8505DBF8
INT 0xB2 ? 8505DBF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spjy.sys Systém nemuže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 883D741B 5 Bytes JMP 860E14E0
.text aeixvnuq.SYS 8D4E7000 22 Bytes [82, A3, E1, 81, 6C, A2, E1, ...]
.text aeixvnuq.SYS 8D4E7017 45 Bytes [00, 32, D7, 70, 80, 3D, D5, ...]
.text aeixvnuq.SYS 8D4E7045 135 Bytes [CA, EE, 81, FD, 49, E8, 81, ...]
.text aeixvnuq.SYS 8D4E70CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text aeixvnuq.SYS 8D4E70DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2120] kernel32.dll!SetUnhandledExceptionFilter 775AA84F 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806036D6] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80603042] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80603800] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806030C0] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060313E] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80612E9C] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortUchar] 838D50CF
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8D50A0
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7479F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7479E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7479FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7479FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7482CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7479D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74796853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7479687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 850831F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\netbt \Device\NetBT_Tcpip_{172735A0-5E3B-455A-BA37-9E21BE0BA809} 874FA360
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8505F1F8
Device \Driver\usbohci \Device\USBPDO-0 860CC1F8
Device \Driver\usbehci \Device\USBPDO-1 860E51F8
Device \Driver\usbohci \Device\USBPDO-2 860CC1F8
Device \Driver\usbehci \Device\USBPDO-3 860E51F8
Device \Driver\volmgr \Device\HarddiskVolume1 8505F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A178580B-3C76-443C-B8AE-9FBD6A94A3A1} 874FA360
Device \Driver\volmgr \Device\HarddiskVolume2 8505F1F8
Device \Driver\cdrom \Device\CdRom0 861731F8
Device \Driver\cdrom \Device\CdRom1 861731F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 850621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 850621F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 850621F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 850621F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 850621F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 850621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\cdrom \Device\CdRom2 861731F8
Device \Driver\netbt \Device\NetBt_Wins_Export 874FA360
Device \Driver\Smb \Device\NetbiosSmb 874E61F8
Device \Driver\iScsiPrt \Device\RaidPort0 86193500
Device \Driver\usbohci \Device\USBFDO-0 860CC1F8
Device \Driver\usbehci \Device\USBFDO-1 860E51F8
Device \Driver\PCI_PNP2877 \Device\0000007b spjy.sys
Device \Driver\usbohci \Device\USBFDO-2 860CC1F8
Device \Driver\usbehci \Device\USBFDO-3 860E51F8
Device \Driver\sptd \Device\758776886 spjy.sys
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target1Lun0 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target0Lun0 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\cdfs \Cdfs 9DBFA1F8
---- Threads - GMER 1.0.15 ----
Thread System [4:388] 8752A930
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b91a0f
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xAA 0xDD 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x54 0x92 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x62 0xE2 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAE 0x68 0x8D 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b91a0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xAA 0xDD 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x54 0x92 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x62 0xE2 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAE 0x68 0x8D 0xF3 ...
---- EOF - GMER 1.0.15 ----
Po scanu se mi objevila na par vterin modra obrazovka s chybovym hlasenim,pote se pc samo vyplo.Po zapnuti cerna obrazovka s hlaskou "ZOTAVENI SYSTEMU Z CHYB"............to je v poradku???
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 19:53:40
Windows 6.0.6002 Service Pack 2
Running: v4yckbif.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 860E1F00
INT 0x72 ? 860E1F00
INT 0x92 ? 8505DBF8
INT 0xA2 ? 8505DBF8
INT 0xB2 ? 8505DBF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spjy.sys Systém nemuže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 883D741B 5 Bytes JMP 860E14E0
.text aeixvnuq.SYS 8D4E7000 22 Bytes [82, A3, E1, 81, 6C, A2, E1, ...]
.text aeixvnuq.SYS 8D4E7017 45 Bytes [00, 32, D7, 70, 80, 3D, D5, ...]
.text aeixvnuq.SYS 8D4E7045 135 Bytes [CA, EE, 81, FD, 49, E8, 81, ...]
.text aeixvnuq.SYS 8D4E70CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text aeixvnuq.SYS 8D4E70DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2120] kernel32.dll!SetUnhandledExceptionFilter 775AA84F 4 Bytes [C2, 04, 00, 00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806036D6] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80603042] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80603800] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806030C0] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060313E] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80612E9C] \SystemRoot\System32\Drivers\spjy.sys
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortUchar] 838D50CF
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8D50A0
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\aeixvnuq.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7479F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7479E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7479FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7479FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7482CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7479D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74796853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7479687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[412] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 850831F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\netbt \Device\NetBT_Tcpip_{172735A0-5E3B-455A-BA37-9E21BE0BA809} 874FA360
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8505F1F8
Device \Driver\usbohci \Device\USBPDO-0 860CC1F8
Device \Driver\usbehci \Device\USBPDO-1 860E51F8
Device \Driver\usbohci \Device\USBPDO-2 860CC1F8
Device \Driver\usbehci \Device\USBPDO-3 860E51F8
Device \Driver\volmgr \Device\HarddiskVolume1 8505F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A178580B-3C76-443C-B8AE-9FBD6A94A3A1} 874FA360
Device \Driver\volmgr \Device\HarddiskVolume2 8505F1F8
Device \Driver\cdrom \Device\CdRom0 861731F8
Device \Driver\cdrom \Device\CdRom1 861731F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 850621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 850621F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 850621F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 850621F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 850621F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 850621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\cdrom \Device\CdRom2 861731F8
Device \Driver\netbt \Device\NetBt_Wins_Export 874FA360
Device \Driver\Smb \Device\NetbiosSmb 874E61F8
Device \Driver\iScsiPrt \Device\RaidPort0 86193500
Device \Driver\usbohci \Device\USBFDO-0 860CC1F8
Device \Driver\usbehci \Device\USBFDO-1 860E51F8
Device \Driver\PCI_PNP2877 \Device\0000007b spjy.sys
Device \Driver\usbohci \Device\USBFDO-2 860CC1F8
Device \Driver\usbehci \Device\USBFDO-3 860E51F8
Device \Driver\sptd \Device\758776886 spjy.sys
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target1Lun0 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target0Lun0 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1 86161500
Device \Driver\aeixvnuq \Device\Scsi\aeixvnuq1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\cdfs \Cdfs 9DBFA1F8
---- Threads - GMER 1.0.15 ----
Thread System [4:388] 8752A930
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b91a0f
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xAA 0xDD 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x54 0x92 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x62 0xE2 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAE 0x68 0x8D 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b91a0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xAA 0xDD 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x54 0x92 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x62 0xE2 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAE 0x68 0x8D 0xF3 ...
---- EOF - GMER 1.0.15 ----
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
No nemalo by sa objavit BSOD,,
este vloz sem log z combofixu.
este vloz sem log z combofixu.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim.
...tak dnes uz v PC vladne absolutni anarchie ..zamrza,beh geparda uz to take neni,nektera nastaveni jsou sama od sebe jinak....!!Po combofixu jsem se dostal na int. az po restartu.. 
ComboFix 10-03-02.02 - User 02/03/2010 18:50:00.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1029.18.1790.979 [GMT -5:00]
Running from: c:\users\User\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 00:01 . 2010-03-03 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 23:47 . 2010-03-02 23:48 -------- d-----w- C:\32788R22FWJFW
2010-03-01 14:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 14:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\ca-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\eu-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\vi-VN
2010-02-28 15:23 . 2010-02-28 15:23 -------- d-----w- c:\windows\system32\SPReview
2010-02-28 14:47 . 2009-04-11 04:28 137728 ----a-w- c:\windows\system32\dsprop.dll
2010-02-28 14:46 . 2009-04-11 04:28 76288 ----a-w- c:\windows\system32\iassvcs.dll
2010-02-28 14:45 . 2009-04-11 04:28 90112 ----a-w- c:\windows\system32\wshext.dll
2010-02-28 13:47 . 2010-02-28 13:47 -------- d-----w- C:\613894ea7a41bc14e8d9
2010-02-28 12:28 . 2010-02-28 12:31 -------- d-----w- C:\31f2924aeb21dbf57fda
2010-02-26 18:49 . 2010-03-03 00:02 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-02-26 18:49 . 2010-02-26 18:49 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 14:12 . 2010-03-02 22:56 -------- d-----w- c:\users\User\Tracing
2010-02-15 14:09 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-15 14:08 . 2010-02-15 14:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-15 14:07 . 2010-02-15 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-15 14:06 . 2010-02-15 14:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-15 14:06 . 2010-02-15 14:09 -------- d-----w- c:\program files\Windows Live
2010-02-15 13:51 . 2010-02-15 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-15 13:49 . 2010-02-15 14:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 20:48 . 2010-02-04 20:49 -------- d-----w- c:\users\User\AppData\Local\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 23:01 . 2009-09-15 17:37 49942 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 23:01 . 2009-09-15 17:37 15742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-02 23:01 . 2008-08-11 10:56 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-02 23:01 . 2008-08-11 10:56 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-02 22:57 . 2009-09-15 11:05 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-03-02 22:56 . 2009-09-18 13:33 31776 ----a-w- c:\programdata\nvModes.dat
2010-03-02 12:12 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-01 22:27 . 2009-09-15 20:32 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-03-01 14:54 . 2010-01-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-28 15:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-28 15:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-28 14:01 . 2009-09-04 19:52 -------- d-----w- c:\programdata\NVIDIA
2010-02-26 18:49 . 2009-10-12 20:09 -------- d-----r- c:\program files\Skype
2010-02-26 18:49 . 2009-09-15 10:52 -------- d-----w- c:\programdata\Skype
2010-02-16 18:55 . 2009-09-18 17:27 7808 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-02-15 14:06 . 2009-12-01 16:30 -------- d-----w- c:\program files\Microsoft
2010-02-14 22:06 . 2009-10-15 18:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-14 22:06 . 2009-09-21 02:26 -------- d-----w- c:\users\User\AppData\Roaming\LangSoft
2010-02-14 18:25 . 2009-09-15 16:15 -------- d-----w- c:\program files\Google
2010-02-13 00:18 . 2009-09-15 20:50 -------- d-----w- c:\program files\uTorrent
2010-02-12 13:10 . 2009-09-04 17:10 -------- d-----w- c:\programdata\Microsoft Help
2010-02-01 20:16 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:09 . 2010-01-31 16:08 -------- d-----w- c:\program files\trend micro
2010-01-31 12:45 . 2010-01-31 12:44 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-31 04:10 . 2009-09-15 17:55 -------- d-----w- c:\program files\VS Revo Group
2010-01-26 20:30 . 2009-11-22 23:27 -------- d-----w- c:\program files\PHILIPS
2010-01-26 18:40 . 2010-01-20 21:30 -------- d-----w- c:\program files\MC2
2010-01-26 18:40 . 2008-08-11 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 02:28 . 2010-01-22 02:28 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2010-01-22 02:27 . 2010-01-22 02:27 -------- d-----w- c:\programdata\TuneUp Software
2010-01-22 02:26 . 2010-01-22 02:26 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-19 23:56 . 2009-09-04 17:24 107320 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-19 22:54 . 2010-01-19 22:45 -------- d-----w- c:\program files\VirtualDJ
2010-01-19 02:35 . 2010-01-19 02:35 -------- d-----w- c:\program files\Lavalys
2010-01-14 16:12 . 2009-10-03 12:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:08 . 2009-09-04 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 13:45 . 2009-09-14 23:28 -------- d-----w- c:\program files\ESET
2010-01-05 14:47 . 2010-01-05 14:46 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 06:38 . 2010-01-21 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 16:21 . 2010-01-30 13:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 14:30 . 2009-10-05 13:43 520192 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-26 14:30 . 2009-09-21 02:51 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-26 14:30 . 2009-09-21 02:51 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-26 14:30 . 2009-12-26 14:30 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2009-12-26 14:30 . 2009-12-26 14:30 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2009-12-26 14:30 . 2009-12-26 14:30 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2009-12-14 18:43 . 2009-12-14 18:43 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2009-12-26 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Update ESET's license.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b4,55,5f,1a,2b,36,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 2:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14/05/2009 2:49 PM 93312]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11/08/2008 9:36 AM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/08/2008 8:12 AM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 2:17 PM 43040]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [20/09/2009 9:09 PM 721904]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/02/2010 9:09 AM 54632]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [30/01/2010 8:34 AM 27192]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [26/01/2010 3:30 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-01 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 22:14]
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k2o1gici.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 19:02
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-02 19:07:08
ComboFix-quarantined-files.txt 2010-03-03 00:07
Pre-Run: Volných bajtu: 26,131,537,920
Post-Run: Volných bajtu: 26,982,125,568
- - End Of File - - 9E52316E79BCA8C5A0AC3DBB67064651
...tak dnes uz v PC vladne absolutni anarchie
..zamrza,beh geparda uz to take neni,nektera nastaveni jsou sama od sebe jinak....!!Po combofixu jsem se dostal na int. az po restartu.. ComboFix 10-03-02.02 - User 02/03/2010 18:50:00.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1029.18.1790.979 [GMT -5:00]
Running from: c:\users\User\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 00:01 . 2010-03-03 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 23:47 . 2010-03-02 23:48 -------- d-----w- C:\32788R22FWJFW
2010-03-01 14:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 14:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\ca-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\eu-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\vi-VN
2010-02-28 15:23 . 2010-02-28 15:23 -------- d-----w- c:\windows\system32\SPReview
2010-02-28 14:47 . 2009-04-11 04:28 137728 ----a-w- c:\windows\system32\dsprop.dll
2010-02-28 14:46 . 2009-04-11 04:28 76288 ----a-w- c:\windows\system32\iassvcs.dll
2010-02-28 14:45 . 2009-04-11 04:28 90112 ----a-w- c:\windows\system32\wshext.dll
2010-02-28 13:47 . 2010-02-28 13:47 -------- d-----w- C:\613894ea7a41bc14e8d9
2010-02-28 12:28 . 2010-02-28 12:31 -------- d-----w- C:\31f2924aeb21dbf57fda
2010-02-26 18:49 . 2010-03-03 00:02 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-02-26 18:49 . 2010-02-26 18:49 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 14:12 . 2010-03-02 22:56 -------- d-----w- c:\users\User\Tracing
2010-02-15 14:09 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-15 14:08 . 2010-02-15 14:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-15 14:07 . 2010-02-15 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-15 14:06 . 2010-02-15 14:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-15 14:06 . 2010-02-15 14:09 -------- d-----w- c:\program files\Windows Live
2010-02-15 13:51 . 2010-02-15 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-15 13:49 . 2010-02-15 14:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 20:48 . 2010-02-04 20:49 -------- d-----w- c:\users\User\AppData\Local\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 23:01 . 2009-09-15 17:37 49942 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 23:01 . 2009-09-15 17:37 15742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-02 23:01 . 2008-08-11 10:56 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-02 23:01 . 2008-08-11 10:56 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-02 22:57 . 2009-09-15 11:05 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-03-02 22:56 . 2009-09-18 13:33 31776 ----a-w- c:\programdata\nvModes.dat
2010-03-02 12:12 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-01 22:27 . 2009-09-15 20:32 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-03-01 14:54 . 2010-01-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-28 15:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-28 15:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-28 14:01 . 2009-09-04 19:52 -------- d-----w- c:\programdata\NVIDIA
2010-02-26 18:49 . 2009-10-12 20:09 -------- d-----r- c:\program files\Skype
2010-02-26 18:49 . 2009-09-15 10:52 -------- d-----w- c:\programdata\Skype
2010-02-16 18:55 . 2009-09-18 17:27 7808 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-02-15 14:06 . 2009-12-01 16:30 -------- d-----w- c:\program files\Microsoft
2010-02-14 22:06 . 2009-10-15 18:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-14 22:06 . 2009-09-21 02:26 -------- d-----w- c:\users\User\AppData\Roaming\LangSoft
2010-02-14 18:25 . 2009-09-15 16:15 -------- d-----w- c:\program files\Google
2010-02-13 00:18 . 2009-09-15 20:50 -------- d-----w- c:\program files\uTorrent
2010-02-12 13:10 . 2009-09-04 17:10 -------- d-----w- c:\programdata\Microsoft Help
2010-02-01 20:16 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:09 . 2010-01-31 16:08 -------- d-----w- c:\program files\trend micro
2010-01-31 12:45 . 2010-01-31 12:44 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-31 04:10 . 2009-09-15 17:55 -------- d-----w- c:\program files\VS Revo Group
2010-01-26 20:30 . 2009-11-22 23:27 -------- d-----w- c:\program files\PHILIPS
2010-01-26 18:40 . 2010-01-20 21:30 -------- d-----w- c:\program files\MC2
2010-01-26 18:40 . 2008-08-11 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 02:28 . 2010-01-22 02:28 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2010-01-22 02:27 . 2010-01-22 02:27 -------- d-----w- c:\programdata\TuneUp Software
2010-01-22 02:26 . 2010-01-22 02:26 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-19 23:56 . 2009-09-04 17:24 107320 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-19 22:54 . 2010-01-19 22:45 -------- d-----w- c:\program files\VirtualDJ
2010-01-19 02:35 . 2010-01-19 02:35 -------- d-----w- c:\program files\Lavalys
2010-01-14 16:12 . 2009-10-03 12:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:08 . 2009-09-04 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 13:45 . 2009-09-14 23:28 -------- d-----w- c:\program files\ESET
2010-01-05 14:47 . 2010-01-05 14:46 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 06:38 . 2010-01-21 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 16:21 . 2010-01-30 13:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 14:30 . 2009-10-05 13:43 520192 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-26 14:30 . 2009-09-21 02:51 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-26 14:30 . 2009-09-21 02:51 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-26 14:30 . 2009-12-26 14:30 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2009-12-26 14:30 . 2009-12-26 14:30 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2009-12-26 14:30 . 2009-12-26 14:30 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2009-12-14 18:43 . 2009-12-14 18:43 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2009-12-26 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Update ESET's license.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b4,55,5f,1a,2b,36,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 2:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14/05/2009 2:49 PM 93312]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11/08/2008 9:36 AM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/08/2008 8:12 AM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 2:17 PM 43040]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [20/09/2009 9:09 PM 721904]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/02/2010 9:09 AM 54632]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [30/01/2010 8:34 AM 27192]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [26/01/2010 3:30 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-01 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 22:14]
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k2o1gici.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 19:02
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-02 19:07:08
ComboFix-quarantined-files.txt 2010-03-03 00:07
Pre-Run: Volných bajtu: 26,131,537,920
Post-Run: Volných bajtu: 26,982,125,568
- - End Of File - - 9E52316E79BCA8C5A0AC3DBB67064651
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
...tak jsem tu zas....,
po hlasce antivir. prog. na nutnost aktualizace sys.,jsem pomoci win. update vyhledal a stahl aktualizace!!
s touto je problem,ostatni ok:
______________________________
Sada Microsoft .NET Framework 3.5 Service Pack 1 (KB951847) x86 Language Pack
Installation date: 02/03/2010 10:32 PM
Installation status: Failed
Error details: Code 80240016
Update type: Recommended
Tato aktualizace je určena pro systémy Windows Vista Service Pack 2 a Windows Server 2008 Service Pack 2. Aktualizace Microsoft .NET Framework 3.5 Service Pack 1 je úplná kumulativní aktualizace obsahující mnoho nových funkcí postupně stavějících na rozhraní .NET Framework 2.0, 3.0, 3.5. Obsahuje kumulativní opravné aktualizace dílčích součástí rozhraní .NET Framework 2.0 a .NET Framework 3.0. Tato aktualizace je poskytována a licencována v souladu s licenčními podmínkami systémů Windows Vista a Windows Server 2008.
Tak myslite ,ze se blysklo na lepsi casy??
po hlasce antivir. prog. na nutnost aktualizace sys.,jsem pomoci win. update vyhledal a stahl aktualizace!!
s touto je problem,ostatni ok:
______________________________
Sada Microsoft .NET Framework 3.5 Service Pack 1 (KB951847) x86 Language Pack
Installation date: 02/03/2010 10:32 PM
Installation status: Failed
Error details: Code 80240016
Update type: Recommended
Tato aktualizace je určena pro systémy Windows Vista Service Pack 2 a Windows Server 2008 Service Pack 2. Aktualizace Microsoft .NET Framework 3.5 Service Pack 1 je úplná kumulativní aktualizace obsahující mnoho nových funkcí postupně stavějících na rozhraní .NET Framework 2.0, 3.0, 3.5. Obsahuje kumulativní opravné aktualizace dílčích součástí rozhraní .NET Framework 2.0 a .NET Framework 3.0. Tato aktualizace je poskytována a licencována v souladu s licenčními podmínkami systémů Windows Vista a Windows Server 2008.
Tak myslite ,ze se blysklo na lepsi casy??
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Odinstaluj progrm C:\Program Files\DAEMON Tools Lite i pokud mas jine emulatory mechanik, alcohol aspol. Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu- spust
- zvol moznost Uninstall
- restart PC
Pri tejto akcii je nutné mať ComboFix na ploche.Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.
Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:
Kód: Vybrat vše
KILLALL::
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Po skonceni skenu vlož log čo ComboFix vytvorí
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim,tady to je:
ComboFix 10-03-03.03 - User 03/03/2010 17:00:14.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1029.18.1790.939 [GMT -5:00]
Running from: c:\users\User\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript – zástupce.lnk
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 22:13 . 2010-03-03 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-03 22:13 . 2010-03-03 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 21:57 . 2010-03-03 21:57 -------- d-----w- C:\32788R22FWJFW
2010-03-03 03:17 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-03 03:17 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 03:03 . 2010-03-03 03:03 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-03 02:49 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-03 02:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-03 02:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-03 02:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-03 02:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-03 02:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-03 02:40 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-03 02:40 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-03 02:40 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-03 02:40 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-03 02:40 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-03 02:40 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-03 02:40 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-03 02:39 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-03 02:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-03 02:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-03 02:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-03 02:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-03 02:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-03-03 02:37 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-03 02:37 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-03 02:36 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-03 02:36 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-03 02:36 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-03 02:36 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-03 02:36 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-03 02:36 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-03 02:36 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-03 02:36 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-03 02:36 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-03 02:36 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-03 02:36 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-01 14:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 14:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\ca-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\eu-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\vi-VN
2010-02-28 15:23 . 2010-02-28 15:23 -------- d-----w- c:\windows\system32\SPReview
2010-02-28 14:47 . 2009-04-11 04:28 137728 ----a-w- c:\windows\system32\dsprop.dll
2010-02-28 14:46 . 2009-04-11 04:28 76288 ----a-w- c:\windows\system32\iassvcs.dll
2010-02-28 14:45 . 2009-04-11 04:28 90112 ----a-w- c:\windows\system32\wshext.dll
2010-02-28 13:47 . 2010-02-28 13:47 -------- d-----w- C:\613894ea7a41bc14e8d9
2010-02-28 12:28 . 2010-02-28 12:31 -------- d-----w- C:\31f2924aeb21dbf57fda
2010-02-26 18:49 . 2010-03-03 22:13 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-02-26 18:49 . 2010-02-26 18:49 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 14:12 . 2010-03-03 21:46 -------- d-----w- c:\users\User\Tracing
2010-02-15 14:09 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-15 14:08 . 2010-02-15 14:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-15 14:07 . 2010-02-15 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-15 14:06 . 2010-02-15 14:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-15 14:06 . 2010-02-15 14:09 -------- d-----w- c:\program files\Windows Live
2010-02-15 13:51 . 2010-02-15 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-15 13:49 . 2010-03-03 03:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 20:48 . 2010-02-04 20:49 -------- d-----w- c:\users\User\AppData\Local\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 21:50 . 2009-09-15 17:37 49942 ----a-w- c:\windows\system32\perfh005.dat
2010-03-03 21:50 . 2009-09-15 17:37 15742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 21:50 . 2008-08-11 10:56 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-03 21:50 . 2008-08-11 10:56 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-03 21:46 . 2009-09-18 13:33 31776 ----a-w- c:\programdata\nvModes.dat
2010-03-03 21:45 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 21:03 . 2009-09-15 11:05 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-03-03 19:32 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-03 03:09 . 2009-09-04 17:24 107888 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 03:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-03 03:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-01 22:27 . 2009-09-15 20:32 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-03-01 14:54 . 2010-01-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-28 14:01 . 2009-09-04 19:52 -------- d-----w- c:\programdata\NVIDIA
2010-02-26 18:49 . 2009-10-12 20:09 -------- d-----r- c:\program files\Skype
2010-02-26 18:49 . 2009-09-15 10:52 -------- d-----w- c:\programdata\Skype
2010-02-16 18:55 . 2009-09-18 17:27 7808 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-02-15 14:06 . 2009-12-01 16:30 -------- d-----w- c:\program files\Microsoft
2010-02-14 22:06 . 2009-10-15 18:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-14 22:06 . 2009-09-21 02:26 -------- d-----w- c:\users\User\AppData\Roaming\LangSoft
2010-02-14 18:25 . 2009-09-15 16:15 -------- d-----w- c:\program files\Google
2010-02-13 00:18 . 2009-09-15 20:50 -------- d-----w- c:\program files\uTorrent
2010-02-12 13:10 . 2009-09-04 17:10 -------- d-----w- c:\programdata\Microsoft Help
2010-02-01 20:16 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:09 . 2010-01-31 16:08 -------- d-----w- c:\program files\trend micro
2010-01-31 12:45 . 2010-01-31 12:44 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-31 04:10 . 2009-09-15 17:55 -------- d-----w- c:\program files\VS Revo Group
2010-01-26 20:30 . 2009-11-22 23:27 -------- d-----w- c:\program files\PHILIPS
2010-01-26 18:40 . 2010-01-20 21:30 -------- d-----w- c:\program files\MC2
2010-01-26 18:40 . 2008-08-11 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 02:28 . 2010-01-22 02:28 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2010-01-22 02:27 . 2010-01-22 02:27 -------- d-----w- c:\programdata\TuneUp Software
2010-01-22 02:26 . 2010-01-22 02:26 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-19 22:54 . 2010-01-19 22:45 -------- d-----w- c:\program files\VirtualDJ
2010-01-19 02:35 . 2010-01-19 02:35 -------- d-----w- c:\program files\Lavalys
2010-01-14 16:12 . 2009-10-03 12:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:08 . 2009-09-04 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 13:45 . 2009-09-14 23:28 -------- d-----w- c:\program files\ESET
2010-01-06 15:38 . 2010-03-03 02:38 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-03 02:38 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-03 02:38 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-03 02:38 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-05 14:47 . 2010-01-05 14:46 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 06:38 . 2010-01-21 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 16:21 . 2010-01-30 13:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 14:30 . 2009-10-05 13:43 520192 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-26 14:30 . 2009-09-21 02:51 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-26 14:30 . 2009-09-21 02:51 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-26 14:30 . 2009-12-26 14:30 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2009-12-26 14:30 . 2009-12-26 14:30 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2009-12-26 14:30 . 2009-12-26 14:30 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2009-12-14 18:43 . 2009-12-14 18:43 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2009-12-26 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Update ESET's license.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b4,55,5f,1a,2b,36,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 2:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14/05/2009 2:49 PM 93312]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11/08/2008 9:36 AM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/08/2008 8:12 AM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 2:17 PM 43040]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/02/2010 9:09 AM 54632]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [30/01/2010 8:34 AM 27192]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [26/01/2010 3:30 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-01 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 22:14]
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k2o1gici.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 17:13
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-03 17:18:44
ComboFix-quarantined-files.txt 2010-03-03 22:18
ComboFix2.txt 2010-03-03 00:07
Pre-Run: Volných bajtu: 21,394,886,656
Post-Run: Volných bajtu: 21,274,255,360
- - End Of File - - E716994BCBA83AFFA728E40D0E07F919
ComboFix 10-03-03.03 - User 03/03/2010 17:00:14.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1029.18.1790.939 [GMT -5:00]
Running from: c:\users\User\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript – zástupce.lnk
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 22:13 . 2010-03-03 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-03 22:13 . 2010-03-03 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 21:57 . 2010-03-03 21:57 -------- d-----w- C:\32788R22FWJFW
2010-03-03 03:17 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-03 03:17 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 03:03 . 2010-03-03 03:03 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-03 02:49 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-03 02:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-03 02:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-03 02:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-03 02:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-03 02:40 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-03 02:40 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-03 02:40 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-03 02:40 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-03 02:40 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-03 02:40 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-03 02:40 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-03 02:40 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-03 02:39 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-03 02:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-03 02:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-03 02:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-03 02:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-03-03 02:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-03-03 02:37 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-03 02:37 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-03 02:36 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-03 02:36 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-03 02:36 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-03 02:36 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-03 02:36 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-03 02:36 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-03 02:36 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-03 02:36 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-03 02:36 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-03 02:36 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-03 02:36 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-01 14:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 14:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\ca-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\eu-ES
2010-02-28 15:31 . 2010-02-28 15:32 -------- d-----w- c:\windows\system32\vi-VN
2010-02-28 15:23 . 2010-02-28 15:23 -------- d-----w- c:\windows\system32\SPReview
2010-02-28 14:47 . 2009-04-11 04:28 137728 ----a-w- c:\windows\system32\dsprop.dll
2010-02-28 14:46 . 2009-04-11 04:28 76288 ----a-w- c:\windows\system32\iassvcs.dll
2010-02-28 14:45 . 2009-04-11 04:28 90112 ----a-w- c:\windows\system32\wshext.dll
2010-02-28 13:47 . 2010-02-28 13:47 -------- d-----w- C:\613894ea7a41bc14e8d9
2010-02-28 12:28 . 2010-02-28 12:31 -------- d-----w- C:\31f2924aeb21dbf57fda
2010-02-26 18:49 . 2010-03-03 22:13 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-02-26 18:49 . 2010-02-26 18:49 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 14:12 . 2010-03-03 21:46 -------- d-----w- c:\users\User\Tracing
2010-02-15 14:09 . 2009-08-06 03:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-15 14:08 . 2010-02-15 14:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-15 14:07 . 2010-02-15 14:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-15 14:06 . 2010-02-15 14:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-15 14:06 . 2010-02-15 14:09 -------- d-----w- c:\program files\Windows Live
2010-02-15 13:51 . 2010-02-15 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-15 13:49 . 2010-03-03 03:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 20:48 . 2010-02-04 20:49 -------- d-----w- c:\users\User\AppData\Local\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 21:50 . 2009-09-15 17:37 49942 ----a-w- c:\windows\system32\perfh005.dat
2010-03-03 21:50 . 2009-09-15 17:37 15742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 21:50 . 2008-08-11 10:56 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-03 21:50 . 2008-08-11 10:56 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-03 21:46 . 2009-09-18 13:33 31776 ----a-w- c:\programdata\nvModes.dat
2010-03-03 21:45 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 21:03 . 2009-09-15 11:05 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-03-03 19:32 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-03 03:09 . 2009-09-04 17:24 107888 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 03:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-03 03:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-01 22:27 . 2009-09-15 20:32 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-03-01 14:54 . 2010-01-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-28 15:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-28 14:01 . 2009-09-04 19:52 -------- d-----w- c:\programdata\NVIDIA
2010-02-26 18:49 . 2009-10-12 20:09 -------- d-----r- c:\program files\Skype
2010-02-26 18:49 . 2009-09-15 10:52 -------- d-----w- c:\programdata\Skype
2010-02-16 18:55 . 2009-09-18 17:27 7808 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-02-15 14:06 . 2009-12-01 16:30 -------- d-----w- c:\program files\Microsoft
2010-02-14 22:06 . 2009-10-15 18:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-14 22:06 . 2009-09-21 02:26 -------- d-----w- c:\users\User\AppData\Roaming\LangSoft
2010-02-14 18:25 . 2009-09-15 16:15 -------- d-----w- c:\program files\Google
2010-02-13 00:18 . 2009-09-15 20:50 -------- d-----w- c:\program files\uTorrent
2010-02-12 13:10 . 2009-09-04 17:10 -------- d-----w- c:\programdata\Microsoft Help
2010-02-01 20:16 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:09 . 2010-01-31 16:08 -------- d-----w- c:\program files\trend micro
2010-01-31 12:45 . 2010-01-31 12:44 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-31 04:10 . 2009-09-15 17:55 -------- d-----w- c:\program files\VS Revo Group
2010-01-26 20:30 . 2009-11-22 23:27 -------- d-----w- c:\program files\PHILIPS
2010-01-26 18:40 . 2010-01-20 21:30 -------- d-----w- c:\program files\MC2
2010-01-26 18:40 . 2008-08-11 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 02:28 . 2010-01-22 02:28 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2010-01-22 02:27 . 2010-01-22 02:27 -------- d-----w- c:\programdata\TuneUp Software
2010-01-22 02:26 . 2010-01-22 02:26 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-19 22:54 . 2010-01-19 22:45 -------- d-----w- c:\program files\VirtualDJ
2010-01-19 02:35 . 2010-01-19 02:35 -------- d-----w- c:\program files\Lavalys
2010-01-14 16:12 . 2009-10-03 12:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:08 . 2009-09-04 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 13:45 . 2009-09-14 23:28 -------- d-----w- c:\program files\ESET
2010-01-06 15:38 . 2010-03-03 02:38 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-03 02:38 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-03 02:38 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-03 02:38 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-05 14:47 . 2010-01-05 14:46 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 06:38 . 2010-01-21 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 16:21 . 2010-01-30 13:34 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-26 14:30 . 2009-10-05 13:43 520192 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-26 14:30 . 2009-09-21 02:51 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-26 14:30 . 2009-09-21 02:51 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-26 14:30 . 2009-12-26 14:30 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2009-12-26 14:30 . 2009-12-26 14:30 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2009-12-26 14:30 . 2009-12-26 14:30 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2009-12-14 18:43 . 2009-12-14 18:43 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2009-12-26 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Update ESET's license.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b4,55,5f,1a,2b,36,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 2:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14/05/2009 2:49 PM 93312]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11/08/2008 9:36 AM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/08/2008 8:12 AM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 2:17 PM 43040]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/02/2010 9:09 AM 54632]
S3 fsssvc;Služba Windows Live Zabezpecení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [30/01/2010 8:34 AM 27192]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [26/01/2010 3:30 PM 7548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399937306-4200218921-2450749006-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 13:02]
2010-03-01 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 22:14]
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k2o1gici.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 17:13
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-03 17:18:44
ComboFix-quarantined-files.txt 2010-03-03 22:18
ComboFix2.txt 2010-03-03 00:07
Pre-Run: Volných bajtu: 21,394,886,656
Post-Run: Volných bajtu: 21,274,255,360
- - End Of File - - E716994BCBA83AFFA728E40D0E07F919
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
No nic.este preskanuj pc CUREIRT,v nudzovom rezime
DrWeb-CureIt
stiahni ho na plochu a zatial nespustaj,,
Restart do nudzoveho rezimu>>2x>klik a spustis>klik >NO>ok>
ak vyskoci >>zelene okno>zatvoris>>v pravo hore krizikom,,
>.>>Tlacitkom Start spustis skener,[prebehne expres scan(Toto je krátke skenovanie súborov v súčasnosti bežíaci v pamäti, boot sektory, a cielené zložiek).]
Ak sa zobrazí výzva na prevzatie plnej verzii Free Trial, jednoducho ignorovať a kliknite na tlačidlo X zatvoríte okno.
Ak sa pri tomto kratkom scane najdu infikovane subory, klikni na
"Vyber vsetky" -> "Liecit" -> " Cure> Presunúť nevyliečiteľné. ".
budu v zlozke C: \ Documents and Settings \ userprofile \ DoctorWeb \ Quarantine v prípade, že sa nedá liečiť)
[*] Vo vrchnom menu klikni na "Volby" -> "Zmenit Nastavenia" a vyfajkni [zrus]>>Heuristicka analyza a Vyzva na akciu -> "OK">Pouzit<<. Vrat sa naspat do hlavneho menu, v nom zvol komplet scan a klikni na zelenu sipku naprvo pod logom Dr. Web.
[*] Ked bude scan hotovy, vo vrchnom menu klik na "File" a zvol "Uloz...". Uloz log na plochu a vloz ho sem. Nezabudni restartovat PC.[/list]
Reštartovať počítač, pretože je mozne že súbory bude presunutý / odstránený az pri reštarte.
Po reštarte, obsah protokolu z Dr.Web.cvs -otvor v poznamkovom bloku a vloz sem,
toto skenovanie môže trvať dlhší čas
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim.
behem kratkeho scanu (drweb) v nouzovem rezimu se PC vyplo!-po zapnuti cerna obr. s hlaskou:
"sys. win. nebyl uspesne ukoncen"
"zotaveni sys. z chyb"
pri prechodu do nouzoveho rezimu jsem mel moznosti:
A. nouzovy rezim
B. nouz. rez. se siti
C. nouz. rez. s prikazovym radkem
...vybral jsem moznost A.-nevypinal jsem antivir progr.(nod32)
celou akci jsem zopakoval- se stejnym vysledkem uvedenym vyse
dale se mi v PC vytvorila slozka:DoctorWeb s txt dokumentem
???????????
behem kratkeho scanu (drweb) v nouzovem rezimu se PC vyplo!-po zapnuti cerna obr. s hlaskou:
"sys. win. nebyl uspesne ukoncen"
"zotaveni sys. z chyb"
pri prechodu do nouzoveho rezimu jsem mel moznosti:
A. nouzovy rezim
B. nouz. rez. se siti
C. nouz. rez. s prikazovym radkem
...vybral jsem moznost A.-nevypinal jsem antivir progr.(nod32)
celou akci jsem zopakoval- se stejnym vysledkem uvedenym vyse
dale se mi v PC vytvorila slozka:DoctorWeb s txt dokumentem
???????????-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
vloz sem txt,,mas to robit v nudzovom rezime bez siete a uplny skan.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
No mna zaujimalo ci daco nasiel,deleted,desinfected.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: W. UPDATE-PROBLEM SE STAHOVANIM A INSTAL. AUT. AKTUALIZACI
Zdravim.
zkousel jsem opet "drweb",ale jak jsem jiz UVEDL VYSE-behem scanu se PC VYPNE!!!
tedy: nouzovy rezim-otevru drweb-start--zacina scanovani-po par minutach se pc VYPNE
zkousel jsem nekolikrat,nevim co s tim--sorry!
zkousel jsem opet "drweb",ale jak jsem jiz UVEDL VYSE-behem scanu se PC VYPNE!!!
tedy: nouzovy rezim-otevru drweb-start--zacina scanovani-po par minutach se pc VYPNE
zkousel jsem nekolikrat,nevim co s tim--sorry!
Přispějete na provoz fóra?