Logfile of random's system information tool 1.06 (written by random/random)
Run by Rum at 2010-04-12 11:24:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 111 GB (61%) free of 183 GB
Total RAM: 3071 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:31, on 12.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\New Folder\RSIT.exe
C:\Program Files\trend micro\Rum.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: wintny32 - C:\WINDOWS\SYSTEM32\wintny32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
--
End of file - 4006 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-09 17021440]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-31 1343488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]
C:\Documents and Settings\Rum\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-15 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintny32]
C:\WINDOWS\system32\wintny32.dll [2010-03-24 39424]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\NCsoft\AionEU\IALauncher.exe"="C:\Program Files\NCsoft\AionEU\IALauncher.exe:*:Enabled: "
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"D:\games\fifa\FIFA10.exe"="D:\games\fifa\FIFA10.exe:*:Enabled:FIFA10"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ebffe6-1a34-11df-b91e-d359e801a115}]
shell\AutoRun\command - I:\USBNB.exe
======List of files/folders created in the last 1 months======
2010-04-11 20:30:26 ----A---- C:\WINDOWS\uninst.exe
2010-04-09 11:08:31 ----D---- C:\Documents and Settings\Rum\Application Data\Hamachi
2010-04-09 11:08:01 ----D---- C:\Program Files\Hamachi
2010-04-09 09:13:52 ----SHD---- C:\RECYCLER
2010-04-05 09:00:36 ----D---- C:\Documents and Settings\Rum\Application Data\Foxit Software
2010-04-04 22:36:13 ----D---- C:\Documents and Settings\Rum\Application Data\Leadertech
2010-03-30 15:43:47 ----D---- C:\WINDOWS\temp
2010-03-30 15:43:46 ----A---- C:\ComboFix.txt
2010-03-30 15:39:07 ----A---- C:\Boot.bak
2010-03-30 15:39:03 ----RASHD---- C:\cmdcons
2010-03-30 15:30:25 ----A---- C:\WINDOWS\zip.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\SWSC.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\SWREG.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\sed.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\PEV.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\MBR.exe
2010-03-30 15:30:25 ----A---- C:\WINDOWS\grep.exe
2010-03-30 15:29:08 ----D---- C:\WINDOWS\ERDNT
2010-03-30 15:26:56 ----AD---- C:\Qoobox
2010-03-30 15:26:18 ----RSH---- C:\mi9al8rs.exe
2010-03-29 15:20:09 ----D---- C:\Program Files\trend micro
2010-03-29 15:20:07 ----D---- C:\rsit
2010-03-24 20:15:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-03-24 20:15:26 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-03-24 20:14:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-03-24 20:14:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-03-24 20:14:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-03-24 20:14:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-24 20:14:43 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-03-24 20:14:42 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-03-24 20:14:42 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-03-24 20:13:27 ----D---- C:\Documents and Settings\Rum\Application Data\Prison Break
2010-03-24 20:05:05 ----D---- C:\Program Files\DAEMON Tools Lite
2010-03-24 20:04:45 ----D---- C:\Documents and Settings\Rum\Application Data\DAEMON Tools Lite
2010-03-24 20:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-03-24 20:00:51 ----D---- C:\WINDOWS\system32\appmgmt
2010-03-24 19:53:25 ----A---- C:\WINDOWS\system32\wintny32.dll
2010-03-17 00:58:06 ----D---- C:\Program Files\Death Rally
2010-03-16 18:55:09 ----D---- C:\Documents and Settings\Rum\Application Data\Sports Interactive
2010-03-16 18:46:19 ----D---- C:\WINDOWS\Downloaded Installations
======List of files/folders modified in the last 1 months======
2010-04-12 10:16:45 ----D---- C:\Documents and Settings\Rum\Application Data\ICQ
2010-04-11 20:32:38 ----D---- C:\WINDOWS\Prefetch
2010-04-11 20:31:28 ----D---- C:\WINDOWS
2010-04-11 10:04:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-11 09:29:42 ----D---- C:\Documents and Settings\Rum\Application Data\uTorrent
2010-04-09 11:08:11 ----D---- C:\WINDOWS\system32\drivers
2010-04-09 11:08:10 ----HD---- C:\WINDOWS\inf
2010-04-09 11:08:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-09 11:08:01 ----RD---- C:\Program Files
2010-04-04 22:36:02 ----SHD---- C:\WINDOWS\Installer
2010-04-04 22:22:05 ----D---- C:\WINDOWS\system32\DirectX
2010-04-04 22:21:58 ----RSD---- C:\WINDOWS\assembly
2010-04-04 22:20:29 ----D---- C:\WINDOWS\WinSxS
2010-04-04 20:43:37 ----D---- C:\Program Files\Foxit Software
2010-04-04 14:37:14 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 19:55:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-01 19:55:04 ----D---- C:\WINDOWS\system32
2010-04-01 10:36:38 ----D---- C:\Program Files\ICQ7.0
2010-03-30 15:42:56 ----A---- C:\WINDOWS\system.ini
2010-03-30 15:41:35 ----D---- C:\WINDOWS\AppPatch
2010-03-30 15:41:30 ----D---- C:\Program Files\Common Files
2010-03-30 15:39:07 ----RASH---- C:\boot.ini
2010-03-30 15:30:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-28 09:43:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 20:15:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-16 18:54:29 ----D---- C:\Downloads
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-03-24 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-03-24 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-15 2880000]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-04-09 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 RTSTOR;USB Mass Storage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-10-25 46976]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2008-03-03 43392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-11-05 1753984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-31 230464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
S3 avifm5ms;avifm5ms; C:\WINDOWS\system32\drivers\avifm5ms.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Rum\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2006-02-28 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-15 536576]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
problem s vypinanim PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: problem s vypinanim PC
ked dam cez windows normalne vypnut tak mi nabehne modra obrazovka a win sa restartne a nevypne
Re: problem s vypinanim PC
Hezké dopoledne 
Můžete se prosím podívat do složky windows, jestli tam nemáte složku minidump a v ní soubor? Pokud ano, soubor pošlete na www.leteckaposta.cz, link k souboru vložte zde
Odkdy Vám to dělá? Neinstaloval jste nějaký nový program?
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Můžete se prosím podívat do složky windows, jestli tam nemáte složku minidump a v ní soubor? Pokud ano, soubor pošlete na www.leteckaposta.cz, link k souboru vložte zde Odkdy Vám to dělá? Neinstaloval jste nějaký nový program? Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Combofix stahněte takto:- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: problem s vypinanim PC
tak taku zlozku nemam, cleaner vykonany, combofix odinstalovany, novy combofix premenovany na potvora.com vykonane a asi dva tyzdne mi to robi a vazne neviem s cim to moze suvisiet lebo mi to zacalo robit z nicoho nic vobec nic som neinstaloval
tu je log:
ComboFix 10-04-11.06 - Rum 12.04.2010 13:18:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.3071.2565 [GMT 2:00]
Running from: c:\documents and settings\Rum\Desktop\Potvora.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\mi9al8rs.exe
D:\mi9al8rs.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-11 18:30 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-11 18:30 . 2010-04-11 18:30 -------- d-----w- c:\documents and settings\Rum\WINDOWS
2010-04-09 09:08 . 2010-04-09 11:08 -------- d-----w- c:\documents and settings\Rum\Application Data\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 -------- d-----w- c:\program files\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-05 07:00 . 2010-04-05 07:00 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit Software
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-----w- c:\documents and settings\Rum\Application Data\Leadertech
2010-04-04 18:43 . 2010-04-04 18:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2010-03-24 18:16 . 2010-03-24 18:16 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-24 18:16 . 2010-03-24 18:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-24 18:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-24 18:14 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-24 18:14 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-24 18:13 . 2010-03-24 18:13 -------- d-----w- c:\documents and settings\Rum\Application Data\Prison Break
2010-03-24 18:05 . 2010-03-24 18:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-24 18:05 . 2010-03-24 18:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:07 -------- d-----w- c:\documents and settings\Rum\Application Data\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-24 17:53 . 2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
2010-03-16 22:58 . 2010-03-16 23:08 -------- d-----w- c:\program files\Death Rally
2010-03-16 16:55 . 2010-03-16 16:55 -------- d-----w- c:\documents and settings\Rum\Application Data\Sports Interactive
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut7_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut4_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\ARPPRODUCTICON.exe
2010-03-16 16:46 . 2010-03-16 16:46 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:16 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\Rum\Application Data\ICQ
2010-04-11 08:04 . 2010-02-15 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 07:29 . 2010-02-20 14:15 -------- d-----w- c:\documents and settings\Rum\Application Data\uTorrent
2010-04-04 18:43 . 2010-02-15 21:04 -------- d-----w- c:\program files\Foxit Software
2010-04-01 08:36 . 2010-02-15 18:22 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 15:51 . 2010-03-11 15:47 -------- d-----w- c:\documents and settings\Rum\Application Data\Winamp
2010-03-11 15:48 . 2010-03-11 15:47 -------- d-----w- c:\program files\Winamp
2010-03-11 15:48 . 2010-03-11 15:48 -------- d-----w- c:\program files\Winamp Detect
2010-02-20 23:16 . 2010-02-20 21:27 36357 ----a-w- c:\windows\DIIUnin.dat
2010-02-20 23:14 . 2010-02-20 23:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 23:12 . 2010-02-20 22:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-20 23:12 . 2010-02-20 22:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-20 22:21 . 2010-02-15 19:55 -------- d-----w- c:\program files\NCsoft
2010-02-20 21:27 . 2010-02-20 21:27 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-20 21:27 . 2010-02-20 21:27 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-20 14:16 . 2010-02-20 14:16 -------- d-----w- c:\program files\uTorrent
2010-02-19 16:04 . 2010-02-18 14:15 -------- d-----w- c:\program files\Valve
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-18 08:03 . 2010-02-18 08:03 737280 ----a-w- c:\windows\iun6002.exe
2010-02-18 07:08 . 2010-02-15 16:56 68456 ----a-w- c:\documents and settings\Rum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 05:52 . 2010-02-18 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\MSBuild
2010-02-18 05:51 . 2010-02-18 05:51 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 05:49 . 2010-02-18 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-18 05:43 . 2010-02-18 05:43 -------- d-----w- c:\program files\Alcohol Soft
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\Rum\Application Data\ATI
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\program files\AskBarDis
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit
2010-02-15 18:56 . 2010-02-15 18:56 -------- d-----w- c:\documents and settings\Rum\Application Data\GHISLER
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-02-15 18:19 . 2010-02-15 18:19 0 ----a-w- c:\windows\nsreg.dat
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\program files\Atheros
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\documents and settings\Rum\Application Data\InstallShield
2010-02-15 17:46 . 2010-02-15 17:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-15 17:44 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 17:43 . 2010-02-15 17:43 9158 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
2010-02-15 17:43 . 2010-02-15 17:43 10134 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\ARPPRODUCTICON.exe
2010-02-15 17:32 . 2010-02-15 17:32 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F5SR.alu
2010-02-15 17:20 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI
2010-02-15 17:03 . 2010-02-15 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-15 17:01 . 2010-02-15 17:01 -------- d-----w- c:\program files\Synaptics
2010-02-15 16:59 . 2010-02-15 16:59 -------- d-----w- c:\program files\ASUS
2010-02-15 16:58 . 2010-02-15 16:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 16:55 . 2010-02-15 16:55 -------- d-----w- c:\program files\Realtek
2010-02-15 16:55 . 2010-02-15 16:51 319488 ----a-w- c:\windows\HideWin.exe
2010-02-15 14:04 . 2010-02-15 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 14:04 . 2010-02-15 13:00 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-15 14:01 . 2010-02-15 13:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-15 13:01 . 2010-02-15 13:01 -------- d-----w- c:\program files\microsoft frontpage
2010-02-15 12:57 . 2010-02-15 12:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Rum\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintny32]
2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\NCsoft\\AionEU\\IALauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"d:\\games\\fifa\\FIFA10.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2010 20:23 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2010 20:05 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Rum\Application Data\Mozilla\Firefox\Profiles\hpq7k9jk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 13:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wintny32.dll
.
Completion time: 2010-04-12 13:23:07
ComboFix-quarantined-files.txt 2010-04-12 11:23
Pre-Run: 117 881 831 424 bytes free
Post-Run: 117 853 122 560 bytes free
- - End Of File - - CBB20ADE552B1FD33A8D835BF667F331
tu je log:
ComboFix 10-04-11.06 - Rum 12.04.2010 13:18:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.3071.2565 [GMT 2:00]
Running from: c:\documents and settings\Rum\Desktop\Potvora.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\mi9al8rs.exe
D:\mi9al8rs.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-11 18:30 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-11 18:30 . 2010-04-11 18:30 -------- d-----w- c:\documents and settings\Rum\WINDOWS
2010-04-09 09:08 . 2010-04-09 11:08 -------- d-----w- c:\documents and settings\Rum\Application Data\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 -------- d-----w- c:\program files\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-05 07:00 . 2010-04-05 07:00 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit Software
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-----w- c:\documents and settings\Rum\Application Data\Leadertech
2010-04-04 18:43 . 2010-04-04 18:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2010-03-24 18:16 . 2010-03-24 18:16 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-24 18:16 . 2010-03-24 18:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-24 18:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-24 18:14 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-24 18:14 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-24 18:13 . 2010-03-24 18:13 -------- d-----w- c:\documents and settings\Rum\Application Data\Prison Break
2010-03-24 18:05 . 2010-03-24 18:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-24 18:05 . 2010-03-24 18:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:07 -------- d-----w- c:\documents and settings\Rum\Application Data\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-24 17:53 . 2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
2010-03-16 22:58 . 2010-03-16 23:08 -------- d-----w- c:\program files\Death Rally
2010-03-16 16:55 . 2010-03-16 16:55 -------- d-----w- c:\documents and settings\Rum\Application Data\Sports Interactive
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut7_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut4_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\ARPPRODUCTICON.exe
2010-03-16 16:46 . 2010-03-16 16:46 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 11:16 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\Rum\Application Data\ICQ
2010-04-11 08:04 . 2010-02-15 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 07:29 . 2010-02-20 14:15 -------- d-----w- c:\documents and settings\Rum\Application Data\uTorrent
2010-04-04 18:43 . 2010-02-15 21:04 -------- d-----w- c:\program files\Foxit Software
2010-04-01 08:36 . 2010-02-15 18:22 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 15:51 . 2010-03-11 15:47 -------- d-----w- c:\documents and settings\Rum\Application Data\Winamp
2010-03-11 15:48 . 2010-03-11 15:47 -------- d-----w- c:\program files\Winamp
2010-03-11 15:48 . 2010-03-11 15:48 -------- d-----w- c:\program files\Winamp Detect
2010-02-20 23:16 . 2010-02-20 21:27 36357 ----a-w- c:\windows\DIIUnin.dat
2010-02-20 23:14 . 2010-02-20 23:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 23:12 . 2010-02-20 22:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-20 23:12 . 2010-02-20 22:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-20 22:21 . 2010-02-15 19:55 -------- d-----w- c:\program files\NCsoft
2010-02-20 21:27 . 2010-02-20 21:27 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-20 21:27 . 2010-02-20 21:27 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-20 14:16 . 2010-02-20 14:16 -------- d-----w- c:\program files\uTorrent
2010-02-19 16:04 . 2010-02-18 14:15 -------- d-----w- c:\program files\Valve
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-18 08:03 . 2010-02-18 08:03 737280 ----a-w- c:\windows\iun6002.exe
2010-02-18 07:08 . 2010-02-15 16:56 68456 ----a-w- c:\documents and settings\Rum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 05:52 . 2010-02-18 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\MSBuild
2010-02-18 05:51 . 2010-02-18 05:51 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 05:49 . 2010-02-18 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-18 05:43 . 2010-02-18 05:43 -------- d-----w- c:\program files\Alcohol Soft
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\Rum\Application Data\ATI
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\program files\AskBarDis
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit
2010-02-15 18:56 . 2010-02-15 18:56 -------- d-----w- c:\documents and settings\Rum\Application Data\GHISLER
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-02-15 18:19 . 2010-02-15 18:19 0 ----a-w- c:\windows\nsreg.dat
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\program files\Atheros
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\documents and settings\Rum\Application Data\InstallShield
2010-02-15 17:46 . 2010-02-15 17:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-15 17:44 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 17:43 . 2010-02-15 17:43 9158 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
2010-02-15 17:43 . 2010-02-15 17:43 10134 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\ARPPRODUCTICON.exe
2010-02-15 17:32 . 2010-02-15 17:32 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F5SR.alu
2010-02-15 17:20 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI
2010-02-15 17:03 . 2010-02-15 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-15 17:01 . 2010-02-15 17:01 -------- d-----w- c:\program files\Synaptics
2010-02-15 16:59 . 2010-02-15 16:59 -------- d-----w- c:\program files\ASUS
2010-02-15 16:58 . 2010-02-15 16:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 16:55 . 2010-02-15 16:55 -------- d-----w- c:\program files\Realtek
2010-02-15 16:55 . 2010-02-15 16:51 319488 ----a-w- c:\windows\HideWin.exe
2010-02-15 14:04 . 2010-02-15 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 14:04 . 2010-02-15 13:00 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-15 14:01 . 2010-02-15 13:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-15 13:01 . 2010-02-15 13:01 -------- d-----w- c:\program files\microsoft frontpage
2010-02-15 12:57 . 2010-02-15 12:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Rum\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintny32]
2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\NCsoft\\AionEU\\IALauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"d:\\games\\fifa\\FIFA10.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2010 20:23 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2010 20:05 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Rum\Application Data\Mozilla\Firefox\Profiles\hpq7k9jk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 13:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wintny32.dll
.
Completion time: 2010-04-12 13:23:07
ComboFix-quarantined-files.txt 2010-04-12 11:23
Pre-Run: 117 881 831 424 bytes free
Post-Run: 117 853 122 560 bytes free
- - End Of File - - CBB20ADE552B1FD33A8D835BF667F331
Re: problem s vypinanim PC
14dní? To by asi souhlasilo, tak dlouho si tu chováte jednoho drobečka 
2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
Smažeme ho a uvidíme, zda se to zlepší A ten combofix, co jste v březnu použil, to bylo na vyzvu nějakého rádce? Nebo sám od sebe? On totiž všechno automaticky nesmaže, pak je potřeba napsat mazací skript, jako v tomto případě. A protože combofix občas i poškodí systém, doporučujeme ho používat jen pod dozorem rádce .
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
otestujte na http://www.virustotal.com
c:\windows\uninst.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
2010-03-24 17:53 39424 ----a-w- c:\windows\system32\wintny32.dll
Smažeme ho a uvidíme, zda se to zlepší
A ten combofix, co jste v březnu použil, to bylo na vyzvu nějakého rádce? Nebo sám od sebe? On totiž všechno automaticky nesmaže, pak je potřeba napsat mazací skript, jako v tomto případě. A protože combofix občas i poškodí systém, doporučujeme ho používat jen pod dozorem rádce . Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Collect::
c:\windows\system32\wintny32.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintny32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
Dirlook::
c:\documents and settings\Rum\WINDOWS
Folder::
c:\program files\AskBarDis
Firefox::
FF - ProfilePath - c:\documents and settings\Rum\Application Data\Mozilla\Firefox\Profiles\hpq7k9jk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.1&q=
DDS::
uStart Page = hxxp://start.icq.com/
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
otestujte na http://www.virustotal.comc:\windows\uninst.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: problem s vypinanim PC
ano v tom marci na radu poradcu
ComboFix 10-04-11.06 - Rum 12.04.2010 15:18:36.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.3071.2516 [GMT 2:00]
Running from: c:\documents and settings\Rum\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rum\Desktop\CFScript.txt
file zipped: c:\windows\system32\wintny32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\027B71E3
c:\program files\AskBarDis\bar\Cache\027B75EA.bin
c:\program files\AskBarDis\bar\Cache\027B7723.bin
c:\program files\AskBarDis\bar\Cache\027B7946.bin
c:\program files\AskBarDis\bar\Cache\027B7A4F.bin
c:\program files\AskBarDis\bar\Cache\027B7B78.bin
c:\program files\AskBarDis\bar\Cache\027B7CC0.bin
c:\program files\AskBarDis\bar\Cache\027B7DE9.bin
c:\program files\AskBarDis\bar\Cache\027B80B8.bin
c:\program files\AskBarDis\bar\Cache\027B8200.bin
c:\program files\AskBarDis\bar\Cache\027B8339.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\wintny32.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-11 18:30 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-11 18:30 . 2010-04-11 18:30 -------- d-----w- c:\documents and settings\Rum\WINDOWS
2010-04-09 09:08 . 2010-04-09 11:08 -------- d-----w- c:\documents and settings\Rum\Application Data\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 -------- d-----w- c:\program files\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-05 07:00 . 2010-04-05 07:00 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit Software
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-----w- c:\documents and settings\Rum\Application Data\Leadertech
2010-04-04 18:43 . 2010-04-04 18:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2010-03-24 18:16 . 2010-03-24 18:16 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-24 18:16 . 2010-03-24 18:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-24 18:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-24 18:14 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-24 18:14 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-24 18:13 . 2010-03-24 18:13 -------- d-----w- c:\documents and settings\Rum\Application Data\Prison Break
2010-03-24 18:05 . 2010-03-24 18:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-24 18:05 . 2010-03-24 18:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:07 -------- d-----w- c:\documents and settings\Rum\Application Data\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-16 22:58 . 2010-03-16 23:08 -------- d-----w- c:\program files\Death Rally
2010-03-16 16:55 . 2010-03-16 16:55 -------- d-----w- c:\documents and settings\Rum\Application Data\Sports Interactive
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut7_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut4_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\ARPPRODUCTICON.exe
2010-03-16 16:46 . 2010-03-16 16:46 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 13:22 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\Rum\Application Data\ICQ
2010-04-11 08:04 . 2010-02-15 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 07:29 . 2010-02-20 14:15 -------- d-----w- c:\documents and settings\Rum\Application Data\uTorrent
2010-04-04 18:43 . 2010-02-15 21:04 -------- d-----w- c:\program files\Foxit Software
2010-04-01 08:36 . 2010-02-15 18:22 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 15:51 . 2010-03-11 15:47 -------- d-----w- c:\documents and settings\Rum\Application Data\Winamp
2010-03-11 15:48 . 2010-03-11 15:47 -------- d-----w- c:\program files\Winamp
2010-03-11 15:48 . 2010-03-11 15:48 -------- d-----w- c:\program files\Winamp Detect
2010-02-20 23:16 . 2010-02-20 21:27 36357 ----a-w- c:\windows\DIIUnin.dat
2010-02-20 23:14 . 2010-02-20 23:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 23:12 . 2010-02-20 22:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-20 23:12 . 2010-02-20 22:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-20 22:21 . 2010-02-15 19:55 -------- d-----w- c:\program files\NCsoft
2010-02-20 21:27 . 2010-02-20 21:27 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-20 21:27 . 2010-02-20 21:27 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-20 14:16 . 2010-02-20 14:16 -------- d-----w- c:\program files\uTorrent
2010-02-19 16:04 . 2010-02-18 14:15 -------- d-----w- c:\program files\Valve
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-18 08:03 . 2010-02-18 08:03 737280 ----a-w- c:\windows\iun6002.exe
2010-02-18 07:08 . 2010-02-15 16:56 68456 ----a-w- c:\documents and settings\Rum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 05:52 . 2010-02-18 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\MSBuild
2010-02-18 05:51 . 2010-02-18 05:51 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 05:49 . 2010-02-18 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-18 05:43 . 2010-02-18 05:43 -------- d-----w- c:\program files\Alcohol Soft
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\Rum\Application Data\ATI
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit
2010-02-15 18:56 . 2010-02-15 18:56 -------- d-----w- c:\documents and settings\Rum\Application Data\GHISLER
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-02-15 18:19 . 2010-02-15 18:19 0 ----a-w- c:\windows\nsreg.dat
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\program files\Atheros
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\documents and settings\Rum\Application Data\InstallShield
2010-02-15 17:46 . 2010-02-15 17:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-15 17:44 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 17:43 . 2010-02-15 17:43 9158 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
2010-02-15 17:43 . 2010-02-15 17:43 10134 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\ARPPRODUCTICON.exe
2010-02-15 17:32 . 2010-02-15 17:32 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F5SR.alu
2010-02-15 17:20 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI
2010-02-15 17:03 . 2010-02-15 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-15 17:01 . 2010-02-15 17:01 -------- d-----w- c:\program files\Synaptics
2010-02-15 16:59 . 2010-02-15 16:59 -------- d-----w- c:\program files\ASUS
2010-02-15 16:58 . 2010-02-15 16:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 16:55 . 2010-02-15 16:55 -------- d-----w- c:\program files\Realtek
2010-02-15 16:55 . 2010-02-15 16:51 319488 ----a-w- c:\windows\HideWin.exe
2010-02-15 14:04 . 2010-02-15 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 14:04 . 2010-02-15 13:00 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-15 14:01 . 2010-02-15 13:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-15 13:01 . 2010-02-15 13:01 -------- d-----w- c:\program files\microsoft frontpage
2010-02-15 12:57 . 2010-02-15 12:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Rum\WINDOWS ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Rum\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\NCsoft\\AionEU\\IALauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"d:\\games\\fifa\\FIFA10.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2010 20:23 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2010 20:05 691696]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Rum\Application Data\Mozilla\Firefox\Profiles\hpq7k9jk.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 15:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-12 15:23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 13:23
ComboFix2.txt 2010-04-12 11:23
Pre-Run: 117 840 625 664 bytes free
Post-Run: 117 808 144 384 bytes free
- - End Of File - - 17158476E31FD115BF29352B97D4E1B9
ComboFix 10-04-11.06 - Rum 12.04.2010 15:18:36.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.3071.2516 [GMT 2:00]
Running from: c:\documents and settings\Rum\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rum\Desktop\CFScript.txt
file zipped: c:\windows\system32\wintny32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\027B71E3
c:\program files\AskBarDis\bar\Cache\027B75EA.bin
c:\program files\AskBarDis\bar\Cache\027B7723.bin
c:\program files\AskBarDis\bar\Cache\027B7946.bin
c:\program files\AskBarDis\bar\Cache\027B7A4F.bin
c:\program files\AskBarDis\bar\Cache\027B7B78.bin
c:\program files\AskBarDis\bar\Cache\027B7CC0.bin
c:\program files\AskBarDis\bar\Cache\027B7DE9.bin
c:\program files\AskBarDis\bar\Cache\027B80B8.bin
c:\program files\AskBarDis\bar\Cache\027B8200.bin
c:\program files\AskBarDis\bar\Cache\027B8339.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\wintny32.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-11 18:30 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-11 18:30 . 2010-04-11 18:30 -------- d-----w- c:\documents and settings\Rum\WINDOWS
2010-04-09 09:08 . 2010-04-09 11:08 -------- d-----w- c:\documents and settings\Rum\Application Data\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 -------- d-----w- c:\program files\Hamachi
2010-04-09 09:08 . 2010-04-09 09:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-05 07:00 . 2010-04-05 07:00 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit Software
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-----w- c:\documents and settings\Rum\Application Data\Leadertech
2010-04-04 18:43 . 2010-04-04 18:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2010-03-24 18:16 . 2010-03-24 18:16 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-24 18:16 . 2010-03-24 18:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-24 18:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-24 18:14 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-24 18:14 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-24 18:14 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-24 18:13 . 2010-03-24 18:13 -------- d-----w- c:\documents and settings\Rum\Application Data\Prison Break
2010-03-24 18:05 . 2010-03-24 18:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-24 18:05 . 2010-03-24 18:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:07 -------- d-----w- c:\documents and settings\Rum\Application Data\DAEMON Tools Lite
2010-03-24 18:04 . 2010-03-24 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-16 22:58 . 2010-03-16 23:08 -------- d-----w- c:\program files\Death Rally
2010-03-16 16:55 . 2010-03-16 16:55 -------- d-----w- c:\documents and settings\Rum\Application Data\Sports Interactive
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut7_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\NewShortcut4_9DE4E17F0C994A578F7D5B69CC95D7A9.exe
2010-03-16 16:47 . 2010-03-16 16:47 2238 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}\ARPPRODUCTICON.exe
2010-03-16 16:46 . 2010-03-16 16:46 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 13:22 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\Rum\Application Data\ICQ
2010-04-11 08:04 . 2010-02-15 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 07:29 . 2010-02-20 14:15 -------- d-----w- c:\documents and settings\Rum\Application Data\uTorrent
2010-04-04 18:43 . 2010-02-15 21:04 -------- d-----w- c:\program files\Foxit Software
2010-04-01 08:36 . 2010-02-15 18:22 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 15:51 . 2010-03-11 15:47 -------- d-----w- c:\documents and settings\Rum\Application Data\Winamp
2010-03-11 15:48 . 2010-03-11 15:47 -------- d-----w- c:\program files\Winamp
2010-03-11 15:48 . 2010-03-11 15:48 -------- d-----w- c:\program files\Winamp Detect
2010-02-20 23:16 . 2010-02-20 21:27 36357 ----a-w- c:\windows\DIIUnin.dat
2010-02-20 23:14 . 2010-02-20 23:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 23:12 . 2010-02-20 22:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-20 23:12 . 2010-02-20 22:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-20 22:21 . 2010-02-15 19:55 -------- d-----w- c:\program files\NCsoft
2010-02-20 21:27 . 2010-02-20 21:27 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-20 21:27 . 2010-02-20 21:27 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-20 14:16 . 2010-02-20 14:16 -------- d-----w- c:\program files\uTorrent
2010-02-19 16:04 . 2010-02-18 14:15 -------- d-----w- c:\program files\Valve
2010-02-18 18:32 . 2010-02-18 18:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-18 08:03 . 2010-02-18 08:03 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-18 08:03 . 2010-02-18 08:03 737280 ----a-w- c:\windows\iun6002.exe
2010-02-18 07:08 . 2010-02-15 16:56 68456 ----a-w- c:\documents and settings\Rum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 05:52 . 2010-02-18 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\Microsoft Works
2010-02-18 05:52 . 2010-02-18 05:52 -------- d-----w- c:\program files\MSBuild
2010-02-18 05:51 . 2010-02-18 05:51 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 05:49 . 2010-02-18 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-18 05:43 . 2010-02-18 05:43 -------- d-----w- c:\program files\Alcohol Soft
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\Rum\Application Data\ATI
2010-02-16 13:10 . 2010-02-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-15 21:05 . 2010-02-15 21:05 -------- d-----w- c:\documents and settings\Rum\Application Data\Foxit
2010-02-15 18:56 . 2010-02-15 18:56 -------- d-----w- c:\documents and settings\Rum\Application Data\GHISLER
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-15 18:23 . 2010-02-15 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-02-15 18:19 . 2010-02-15 18:19 0 ----a-w- c:\windows\nsreg.dat
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\program files\Atheros
2010-02-15 17:55 . 2010-02-15 17:55 -------- d-----w- c:\documents and settings\Rum\Application Data\InstallShield
2010-02-15 17:46 . 2010-02-15 17:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-15 17:44 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-15 17:43 . 2010-02-15 17:43 9158 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
2010-02-15 17:43 . 2010-02-15 17:43 10134 ----a-r- c:\documents and settings\Rum\Application Data\Microsoft\Installer\{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}\ARPPRODUCTICON.exe
2010-02-15 17:32 . 2010-02-15 17:32 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F5SR.alu
2010-02-15 17:20 . 2010-02-15 17:20 -------- d-----w- c:\program files\ATI
2010-02-15 17:03 . 2010-02-15 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-02-15 17:01 . 2010-02-15 17:01 -------- d-----w- c:\program files\Synaptics
2010-02-15 16:59 . 2010-02-15 16:59 -------- d-----w- c:\program files\ASUS
2010-02-15 16:58 . 2010-02-15 16:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 16:55 . 2010-02-15 16:55 -------- d-----w- c:\program files\Realtek
2010-02-15 16:55 . 2010-02-15 16:51 319488 ----a-w- c:\windows\HideWin.exe
2010-02-15 14:04 . 2010-02-15 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 14:04 . 2010-02-15 13:00 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-15 14:01 . 2010-02-15 13:00 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-15 13:01 . 2010-02-15 13:01 -------- d-----w- c:\program files\microsoft frontpage
2010-02-15 12:57 . 2010-02-15 12:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Rum\WINDOWS ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Rum\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\NCsoft\\AionEU\\IALauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"d:\\games\\fifa\\FIFA10.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2010 20:23 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.3.2010 20:05 691696]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Rum\Application Data\Mozilla\Firefox\Profiles\hpq7k9jk.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 15:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-12 15:23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 13:23
ComboFix2.txt 2010-04-12 11:23
Pre-Run: 117 840 625 664 bytes free
Post-Run: 117 808 144 384 bytes free
- - End Of File - - 17158476E31FD115BF29352B97D4E1B9
Re: problem s vypinanim PC
Jak to vypadá s počítačem ted?
Vy jste ho sice na radu rádce použil, ale už jste nevložil log
. takže jste si tu potvůrku pěstoval dalších 14 dní . Combofix není všemocný, je potřeba pokračovat do uplného vyčištění počítače
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Vy jste ho sice na radu rádce použil, ale už jste nevložil log
. takže jste si tu potvůrku pěstoval dalších 14 dní . Combofix není všemocný, je potřeba pokračovat do uplného vyčištění počítače Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: problem s vypinanim PC
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3982
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12.4.2010 21:34:05
mbam-log-2010-04-12 (21-34-05).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 179149
Uplynulý čas: 31 minuta(y), 14 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Qoobox\Quarantine\C\mi9al8rs.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\mi9al8rs.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{1C8F0241-13E3-407E-B9FF-7233E581B3FA}\RP51\A0003961.exe (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{1C8F0241-13E3-407E-B9FF-7233E581B3FA}\RP51\A0003962.exe (Spyware.OnlineGames) -> No action taken.
www.malwarebytes.org
Verze databáze: 3982
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12.4.2010 21:34:05
mbam-log-2010-04-12 (21-34-05).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 179149
Uplynulý čas: 31 minuta(y), 14 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Qoobox\Quarantine\C\mi9al8rs.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\mi9al8rs.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\System Volume Information\_restore{1C8F0241-13E3-407E-B9FF-7233E581B3FA}\RP51\A0003961.exe (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{1C8F0241-13E3-407E-B9FF-7233E581B3FA}\RP51\A0003962.exe (Spyware.OnlineGames) -> No action taken.
Re: problem s vypinanim PC
Můžete vše smazat. Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: problem s vypinanim PC
tak vypinanie funguje bez problemov dakujem za vyriesenie a inak neviem o ziadnom probleme co by sa este mohol nachadzat
Re: problem s vypinanim PC
Ještě uklidíme
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?