Logfile of random's system information tool 1.07 (written by random/random)
Run by kajan at 2010-05-18 20:59:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 132 GB (90%) free of 146 GB
Total RAM: 1014 MB (35% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2006-01-25 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"userini"=C:\WINDOWS\system32\userini.exe [2010-05-18 54784]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe [2010-05-18 54784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ufgbm97"=C:\WINDOWS\system32\i3upv60xdn.exe [2010-05-17 41984]
"userini"=C:\WINDOWS\system32\userini.exe [2010-05-18 54784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe [2010-05-18 54784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccnoo]
C:\WINDOWS\system32\w2io2jaf.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdte1]
C:\WINDOWS\system32\tju1klq86c8.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-04-30 5562832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll ,WinMainRmv /StartStillMnt []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\moucano]
C:\WINDOWS\system32\nooquoosod.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njeu1]
C:\WINDOWS\system32\lhsxnto6qa6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
C:\Program Files\Acer\Acer eRecovery Management\NotificationLauncher.exe [2008-12-22 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qbri1o]
C:\WINDOWS\system32\upflbw7d.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Documents and Settings\kajan\Data aplikací\QipGuard\QipGuard.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-12-26 18081280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
C:\WINDOWS\system32\cmd.exe [2008-04-14 390144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2009-01-10 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-11-01 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kavrssrs.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\kavrssrs.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33636e7a-5117-11df-9700-00235a6722d3}]
shell\AutoRun\command - D:\ZLOBNE/kurvetine.exe
shell\open\command - D:\ZLOBNE/kurvetine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64804712-4dda-11de-9621-00235a6722d3}]
shell\AutoRun\command - F:\y6cqb2is.exe
shell\open\command - F:\y6cqb2is.exe
======List of files/folders created in the last 1 months======
2010-05-18 20:59:39 ----D---- C:\Program Files\trend micro
2010-05-18 20:59:38 ----D---- C:\rsit
2010-05-18 20:17:30 ----A---- C:\WINDOWS\system32\userini.exe
2010-05-17 12:09:17 ----RSH---- C:\WINDOWS\system32\i3upv60xdn.exe
2010-05-17 09:27:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-14 09:45:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-14 09:45:20 ----D---- C:\Program Files\Alwil Software
2010-05-14 09:45:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-05-13 22:39:39 ----D---- C:\WINDOWS\pss
2010-05-13 22:23:18 ----D---- C:\Documents and Settings\kajan\Data aplikací\WinRAR
2010-05-13 22:23:06 ----D---- C:\Program Files\WinRAR
2010-05-13 22:16:45 ----D---- C:\Program Files\CCleaner
2010-05-13 01:20:00 ----D---- C:\Program Files\WinSCP
2010-05-11 18:10:16 ----D---- C:\Documents and Settings\kajan\Data aplikací\QIP
2010-05-10 12:03:42 ----D---- C:\Program Files\QIP 2010
2010-05-09 20:18:59 ----D---- C:\Documents and Settings\kajan\Data aplikací\vlc
2010-05-08 16:11:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-05-08 10:27:48 ----D---- C:\Program Files\Adobe
2010-05-07 21:23:52 ----D---- C:\Documents and Settings\kajan\Data aplikací\Mozilla
2010-05-07 21:21:06 ----D---- C:\Program Files\Mozilla Firefox
2010-05-07 21:19:43 ----D---- C:\WINDOWS\ie8updates
2010-05-07 21:18:26 ----HDC---- C:\WINDOWS\ie8
2010-05-07 20:06:29 ----A---- C:\WINDOWS\system32\MRT.exe
======List of files/folders modified in the last 1 months======
2010-05-18 20:59:39 ----RD---- C:\Program Files
2010-05-18 20:59:36 ----AD---- C:\WINDOWS\Temp
2010-05-18 20:58:23 ----D---- C:\WINDOWS\Prefetch
2010-05-18 20:21:12 ----AD---- C:\WINDOWS\system32
2010-05-18 20:21:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-18 20:16:42 ----D---- C:\WINDOWS
2010-05-18 17:43:12 ----D---- C:\WINDOWS\Minidump
2010-05-18 17:40:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-18 17:40:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-18 17:39:55 ----A---- C:\WINDOWS\explorer.exe
2010-05-18 17:39:00 ----AD---- C:\WINDOWS\system32\drivers
2010-05-18 13:52:40 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 13:15:21 ----SHD---- C:\System Volume Information
2010-05-18 13:12:32 ----D---- C:\WINDOWS\Network Diagnostic
2010-05-17 15:29:56 ----D---- C:\WINDOWS\system32\wbem
2010-05-14 15:38:34 ----D---- C:\Program Files\Common Files
2010-05-14 15:38:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-05-14 10:44:40 ----SD---- C:\WINDOWS\Tasks
2010-05-14 10:42:20 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-14 10:42:20 ----D---- C:\Program Files\Acer
2010-05-14 10:38:53 ----D---- C:\WINDOWS\system32\Restore
2010-05-14 09:46:12 ----SHD---- C:\WINDOWS\Installer
2010-05-14 09:46:10 ----D---- C:\WINDOWS\WinSxS
2010-05-14 09:46:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-13 22:21:14 ----D---- C:\WINDOWS\Debug
2010-05-13 22:09:59 ----SHD---- C:\RECYCLER
2010-05-13 08:06:54 ----HD---- C:\WINDOWS\inf
2010-05-13 08:06:46 ----D---- C:\Program Files\Outlook Express
2010-05-12 09:39:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 14:01:47 ----D---- C:\Documents and Settings\kajan\Data aplikací\dvdcss
2010-05-08 13:57:29 ----D---- C:\WINDOWS\twain_32
2010-05-08 10:33:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-08 10:28:18 ----D---- C:\Program Files\Common Files\Adobe
2010-05-07 22:37:26 ----D---- C:\WINDOWS\system32\cs-cz
2010-05-07 22:37:26 ----D---- C:\WINDOWS\Media
2010-05-07 22:37:26 ----D---- C:\WINDOWS\Help
2010-05-07 22:37:26 ----D---- C:\Program Files\Internet Explorer
2010-05-05 19:32:51 ----D---- C:\i386
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-05 879528]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-26 4968448]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 M3000Srv;USB2.0 UVC WebCam Driver; C:\WINDOWS\System32\Drivers\M3000KNT.sys [2009-01-02 145408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 AVPsysq;AVPsysq; \??\C:\WINDOWS\System32\DRIVERS\AVPsysq.sys []
S2 bushlgqqq;bushlgqqq; \??\C:\WINDOWS\System32\DRIVERS\bushlgqqq.sys []
S2 eoksiud;\??\C:\D; \??\C:\DOCUME~1\kajan\LOCALS~1\Temp\ihsymgk.sys []
S2 iukpgryroks;\??\C:\DOCUM; \??\C:\DOCUME~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys []
S3 aemmebho;aemmebho; C:\WINDOWS\system32\drivers\aemmebho.sys []
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2010-05-14 14528]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-11-05 539576]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-06-29 156392]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-08-27 74656]
S3 bushlgqq;bushlgqq; \??\C:\WINDOWS\System32\Drivers\bushlgqq.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cmgtzodt;cmgtzodt; \??\C:\WINDOWS\System32\Drivers\cmgtzodt.sys []
S3 ghgsxsrv;ghgsxsrv; \??\C:\WINDOWS\System32\Drivers\ghgsxsrv.sys []
S3 int15.sys;int15.sys; \??\c:\acernb\int15.sys []
S3 ixcjymed;ixcjymed; \??\C:\WINDOWS\System32\Drivers\ixcjymed.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ngwwxfme;ngwwxfme; \??\C:\WINDOWS\System32\Drivers\ngwwxfme.sys []
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-11-21 160256]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 xnrfarkg;xnrfarkg; \??\C:\WINDOWS\System32\Drivers\xnrfarkg.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-11-01 264800]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-11-27 237568]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
občasné BSOD, zamrzání systému
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Dejte log z Combofix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly
stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet
zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci
skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install
Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho
malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
ComboFix 10-05-16.06 - kajan 18.05.2010 21:45:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.669 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
ADS - explorer.exe: deleted 54784 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\kajan\ctfmon.exe
c:\documents and settings\kajan\secupdat.dat
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\str.sys
c:\windows\system32\i3upv60xdn.exe
c:\windows\system32\secupdat.dat
c:\windows\system32\userini.exe
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\system volume information\_restore{BB793514-3972-4A23-AFAE-4AC33CAAD575}\RP57\A0023576.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-07 19:19 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-05-07 19:18 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 19:48 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-18 19:48 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:28 . 2009-01-22 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:17 . 2009-01-22 11:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-01-22 11:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-01-22 11:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S2 AVPsysq;AVPsysq;\??\c:\windows\System32\DRIVERS\AVPsysq.sys --> c:\windows\System32\DRIVERS\AVPsysq.sys [?]
S2 bushlgqqq;bushlgqqq;\??\c:\windows\System32\DRIVERS\bushlgqqq.sys --> c:\windows\System32\DRIVERS\bushlgqqq.sys [?]
S2 eoksiud;\??\c:\;\??\c:\docume~1\kajan\LOCALS~1\Temp\ihsymgk.sys --> c:\docume~1\kajan\LOCALS~1\Temp\ihsymgk.sys [?]
S2 iukpgryroks;\??\c:\docu;\??\c:\docume~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys --> c:\docume~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys [?]
S3 bushlgqq;bushlgqq;\??\c:\windows\System32\Drivers\bushlgqq.sys --> c:\windows\System32\Drivers\bushlgqq.sys [?]
S3 cmgtzodt;cmgtzodt;\??\c:\windows\System32\Drivers\cmgtzodt.sys --> c:\windows\System32\Drivers\cmgtzodt.sys [?]
S3 ghgsxsrv;ghgsxsrv;\??\c:\windows\System32\Drivers\ghgsxsrv.sys --> c:\windows\System32\Drivers\ghgsxsrv.sys [?]
S3 ixcjymed;ixcjymed;\??\c:\windows\System32\Drivers\ixcjymed.sys --> c:\windows\System32\Drivers\ixcjymed.sys [?]
S3 ngwwxfme;ngwwxfme;\??\c:\windows\System32\Drivers\ngwwxfme.sys --> c:\windows\System32\Drivers\ngwwxfme.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 xnrfarkg;xnrfarkg;\??\c:\windows\System32\Drivers\xnrfarkg.sys --> c:\windows\System32\Drivers\xnrfarkg.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ufgbm97 - c:\windows\system32\i3upv60xdn.exe
HKCU-Run-userini - c:\windows\system32\userini.exe
HKLM-Run-userini - c:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe
SafeBoot-kavrssrs.sys
MSConfigStartUp-ccnoo - c:\windows\system32\w2io2jaf.exe
MSConfigStartUp-hdte1 - c:\windows\system32\tju1klq86c8.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-moucano - c:\windows\system32\nooquoosod.exe
MSConfigStartUp-njeu1 - c:\windows\system32\lhsxnto6qa6.exe
MSConfigStartUp-ProductReg - c:\program files\Acer\WR_PopUp\ProductReg.exe
MSConfigStartUp-qbri1o - c:\windows\system32\upflbw7d.exe
MSConfigStartUp-QIP Internet Guardian - c:\documents and settings\kajan\Data aplikací\QipGuard\QipGuard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spvc.sys >>UNKNOWN [0x86784938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7639f28
\Driver\ACPI -> ACPI.sys @ 0xf7413cb8
\Driver\atapi -> atapi.sys @ 0xf7300b40
\Driver\iaStor -> iaStor.sys @ 0xf7354eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71c4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d1a21
SendHandler -> NDIS.sys @ 0xf71af87b
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 21:54:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 138 555 559 936
Po spuštění: Volných bajtů: 138 526 134 272
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 281985A9A40B46503CCE9BAFA348BE42
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.669 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
ADS - explorer.exe: deleted 54784 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\kajan\ctfmon.exe
c:\documents and settings\kajan\secupdat.dat
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\str.sys
c:\windows\system32\i3upv60xdn.exe
c:\windows\system32\secupdat.dat
c:\windows\system32\userini.exe
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\system volume information\_restore{BB793514-3972-4A23-AFAE-4AC33CAAD575}\RP57\A0023576.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-07 19:19 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-05-07 19:18 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 19:48 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-18 19:48 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:28 . 2009-01-22 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:17 . 2009-01-22 11:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-01-22 11:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-01-22 11:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S2 AVPsysq;AVPsysq;\??\c:\windows\System32\DRIVERS\AVPsysq.sys --> c:\windows\System32\DRIVERS\AVPsysq.sys [?]
S2 bushlgqqq;bushlgqqq;\??\c:\windows\System32\DRIVERS\bushlgqqq.sys --> c:\windows\System32\DRIVERS\bushlgqqq.sys [?]
S2 eoksiud;\??\c:\;\??\c:\docume~1\kajan\LOCALS~1\Temp\ihsymgk.sys --> c:\docume~1\kajan\LOCALS~1\Temp\ihsymgk.sys [?]
S2 iukpgryroks;\??\c:\docu;\??\c:\docume~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys --> c:\docume~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys [?]
S3 bushlgqq;bushlgqq;\??\c:\windows\System32\Drivers\bushlgqq.sys --> c:\windows\System32\Drivers\bushlgqq.sys [?]
S3 cmgtzodt;cmgtzodt;\??\c:\windows\System32\Drivers\cmgtzodt.sys --> c:\windows\System32\Drivers\cmgtzodt.sys [?]
S3 ghgsxsrv;ghgsxsrv;\??\c:\windows\System32\Drivers\ghgsxsrv.sys --> c:\windows\System32\Drivers\ghgsxsrv.sys [?]
S3 ixcjymed;ixcjymed;\??\c:\windows\System32\Drivers\ixcjymed.sys --> c:\windows\System32\Drivers\ixcjymed.sys [?]
S3 ngwwxfme;ngwwxfme;\??\c:\windows\System32\Drivers\ngwwxfme.sys --> c:\windows\System32\Drivers\ngwwxfme.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 xnrfarkg;xnrfarkg;\??\c:\windows\System32\Drivers\xnrfarkg.sys --> c:\windows\System32\Drivers\xnrfarkg.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ufgbm97 - c:\windows\system32\i3upv60xdn.exe
HKCU-Run-userini - c:\windows\system32\userini.exe
HKLM-Run-userini - c:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe
SafeBoot-kavrssrs.sys
MSConfigStartUp-ccnoo - c:\windows\system32\w2io2jaf.exe
MSConfigStartUp-hdte1 - c:\windows\system32\tju1klq86c8.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-moucano - c:\windows\system32\nooquoosod.exe
MSConfigStartUp-njeu1 - c:\windows\system32\lhsxnto6qa6.exe
MSConfigStartUp-ProductReg - c:\program files\Acer\WR_PopUp\ProductReg.exe
MSConfigStartUp-qbri1o - c:\windows\system32\upflbw7d.exe
MSConfigStartUp-QIP Internet Guardian - c:\documents and settings\kajan\Data aplikací\QipGuard\QipGuard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spvc.sys >>UNKNOWN [0x86784938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7639f28
\Driver\ACPI -> ACPI.sys @ 0xf7413cb8
\Driver\atapi -> atapi.sys @ 0xf7300b40
\Driver\iaStor -> iaStor.sys @ 0xf7354eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71c4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d1a21
SendHandler -> NDIS.sys @ 0xf71af87b
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 21:54:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 138 555 559 936
Po spuštění: Volných bajtů: 138 526 134 272
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 281985A9A40B46503CCE9BAFA348BE42
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Protože je váš PC silně zavirován, doporučuji udělat zálohu důležitých dat.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\System32\DRIVERS\AVPsysq.sys
c:\windows\System32\DRIVERS\bushlgqqq.sys
c:\docume~1\kajan\LOCALS~1\Temp\ihsymgk.sys
c:\docume~1\kajan\LOCALS~1\Temp\rxljwzxqblbkh.sys
c:\windows\System32\Drivers\bushlgqq.sys
c:\windows\System32\Drivers\cmgtzodt.sys
c:\windows\System32\Drivers\ghgsxsrv.sys
c:\windows\System32\Drivers\ixcjymed.sys
c:\windows\System32\Drivers\ngwwxfme.sys
c:\windows\System32\Drivers\xnrfarkg.sys
Driver::
AVPsysq
bushlgqqq
eoksiud
iukpgryroks
bushlgqq
cmgtzodt
ghgsxsrv
ixcjymed
ngwwxfme
xnrfarkg
Protože je váš PC silně zavirován, doporučuji udělat zálohu důležitých dat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
ComboFix 10-05-16.06 - kajan 18.05.2010 22:59:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.742 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kajan\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVPSYSQ
-------\Legacy_BUSHLGQQQ
-------\Legacy_EOKSIUD
-------\Legacy_IUKPGRYROKS
-------\Service_AVPsysq
-------\Service_bushlgqq
-------\Service_bushlgqqq
-------\Service_cmgtzodt
-------\Service_eoksiud
-------\Service_ghgsxsrv
-------\Service_iukpgryroks
-------\Service_ixcjymed
-------\Service_ngwwxfme
-------\Service_xnrfarkg
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.
2010-05-18 19:50 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-18 19:50 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-07 19:19 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-05-07 19:18 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 21:02 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-18 21:02 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:28 . 2009-01-22 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:17 . 2009-01-22 11:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-01-22 11:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-01-22 11:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-18_19.52.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 11:15 . 2010-05-18 21:02 69162 c:\windows\system32\perfc009.dat
- 2009-01-22 11:15 . 2010-05-18 19:48 69162 c:\windows\system32\perfc009.dat
+ 2010-05-18 11:52 . 2010-05-18 20:50 65536 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-18 19:59 . 2010-05-18 20:03 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{E339C81B-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:27 . 2010-05-18 20:32 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D452B241-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:13 . 2010-05-18 20:17 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D1D05A2F-62B9-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:41 . 2010-05-18 20:45 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C37D1621-62BD-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:04 . 2010-05-18 20:08 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{880F7C69-62B8-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:32 . 2010-05-18 20:36 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{79809D91-62BC-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:18 . 2010-05-18 20:22 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{76E8D055-62BA-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:46 . 2010-05-18 20:50 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{686D044D-62BE-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 19:55 . 2010-05-18 19:59 13312 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4EB9F075-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:08 . 2010-05-18 20:13 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2CDE09A9-62B9-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:37 . 2010-05-18 20:41 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{1E886341-62BD-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:22 . 2010-05-18 20:27 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{1BD3F9CD-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:50 . 2010-05-18 20:55 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{0D6DA2EF-62BF-11DF-9722-00235A6722D3}.dat
- 2009-05-28 23:00 . 2010-05-18 19:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
+ 2009-05-28 23:00 . 2010-05-18 21:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
- 2009-05-28 22:58 . 2010-05-18 19:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-18 19:05 . 2010-05-18 20:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{496775CC-62B0-11DF-9720-00235A6722D3}.dat
- 2010-05-18 19:05 . 2010-05-18 19:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{496775CC-62B0-11DF-9720-00235A6722D3}.dat
+ 2010-05-18 20:51 . 2010-05-18 20:51 5120 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\{31229AD2-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 19:55 . 2010-05-18 20:57 9728 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4EB9F074-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:56 . 2010-05-18 20:57 7168 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C5EEBDBC-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:55 . 2010-05-18 20:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B2861915-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:25 . 2010-05-18 20:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{79FC1819-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:53 . 2010-05-18 20:53 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{62707BFF-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:23 . 2010-05-18 20:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E76BB47-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:23 . 2010-05-18 20:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E76BB46-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:51 . 2010-05-18 20:51 5632 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{241D8356-62BF-11DF-9722-00235A6722D3}.dat
+ 2009-01-22 11:15 . 2010-05-18 21:02 436936 c:\windows\system32\perfh009.dat
- 2009-01-22 11:15 . 2010-05-18 19:48 436936 c:\windows\system32\perfh009.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 344064 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-08 06:47 . 2010-05-18 19:55 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-05-08 06:47 . 2010-05-18 11:52 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 23:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spns.sys >>UNKNOWN [0x86783938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7639f28
\Driver\ACPI -> ACPI.sys @ 0xf7413cb8
\Driver\atapi -> atapi.sys @ 0xf7300b40
\Driver\iaStor -> iaStor.sys @ 0xf7354eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71c4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d1a21
SendHandler -> NDIS.sys @ 0xf71af87b
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 23:08:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 21:08
ComboFix2.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 138 525 163 520
Po spuštění: Volných bajtů: 138 482 782 208
- - End Of File - - 42EA993CCEAEE94935D4FF58A0BC3DFE
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.742 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kajan\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVPSYSQ
-------\Legacy_BUSHLGQQQ
-------\Legacy_EOKSIUD
-------\Legacy_IUKPGRYROKS
-------\Service_AVPsysq
-------\Service_bushlgqq
-------\Service_bushlgqqq
-------\Service_cmgtzodt
-------\Service_eoksiud
-------\Service_ghgsxsrv
-------\Service_iukpgryroks
-------\Service_ixcjymed
-------\Service_ngwwxfme
-------\Service_xnrfarkg
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.
2010-05-18 19:50 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-18 19:50 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-07 19:19 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-05-07 19:18 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 21:02 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-18 21:02 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-08 08:28 . 2009-01-22 03:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:17 . 2009-01-22 11:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-01-22 11:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-01-22 11:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-18_19.52.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 11:15 . 2010-05-18 21:02 69162 c:\windows\system32\perfc009.dat
- 2009-01-22 11:15 . 2010-05-18 19:48 69162 c:\windows\system32\perfc009.dat
+ 2010-05-18 11:52 . 2010-05-18 20:50 65536 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-18 19:59 . 2010-05-18 20:03 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{E339C81B-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:27 . 2010-05-18 20:32 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D452B241-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:13 . 2010-05-18 20:17 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D1D05A2F-62B9-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:41 . 2010-05-18 20:45 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C37D1621-62BD-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:04 . 2010-05-18 20:08 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{880F7C69-62B8-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:32 . 2010-05-18 20:36 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{79809D91-62BC-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:18 . 2010-05-18 20:22 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{76E8D055-62BA-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:46 . 2010-05-18 20:50 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{686D044D-62BE-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 19:55 . 2010-05-18 19:59 13312 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4EB9F075-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:08 . 2010-05-18 20:13 15360 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2CDE09A9-62B9-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:37 . 2010-05-18 20:41 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{1E886341-62BD-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:22 . 2010-05-18 20:27 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{1BD3F9CD-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:50 . 2010-05-18 20:55 14336 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{0D6DA2EF-62BF-11DF-9722-00235A6722D3}.dat
- 2009-05-28 23:00 . 2010-05-18 19:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
+ 2009-05-28 23:00 . 2010-05-18 21:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
- 2009-05-28 22:58 . 2010-05-18 19:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-18 19:05 . 2010-05-18 20:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{496775CC-62B0-11DF-9720-00235A6722D3}.dat
- 2010-05-18 19:05 . 2010-05-18 19:05 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{496775CC-62B0-11DF-9720-00235A6722D3}.dat
+ 2010-05-18 20:51 . 2010-05-18 20:51 5120 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Last Active\{31229AD2-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 19:55 . 2010-05-18 20:57 9728 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4EB9F074-62B7-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:56 . 2010-05-18 20:57 7168 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C5EEBDBC-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:55 . 2010-05-18 20:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B2861915-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:25 . 2010-05-18 20:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{79FC1819-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:53 . 2010-05-18 20:53 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{62707BFF-62BF-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:23 . 2010-05-18 20:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E76BB47-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:23 . 2010-05-18 20:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E76BB46-62BB-11DF-9722-00235A6722D3}.dat
+ 2010-05-18 20:51 . 2010-05-18 20:51 5632 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{241D8356-62BF-11DF-9722-00235A6722D3}.dat
+ 2009-01-22 11:15 . 2010-05-18 21:02 436936 c:\windows\system32\perfh009.dat
- 2009-01-22 11:15 . 2010-05-18 19:48 436936 c:\windows\system32\perfh009.dat
+ 2009-05-28 22:58 . 2010-05-18 21:06 344064 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-08 06:47 . 2010-05-18 19:55 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-05-08 06:47 . 2010-05-18 11:52 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 23:05
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spns.sys >>UNKNOWN [0x86783938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7639f28
\Driver\ACPI -> ACPI.sys @ 0xf7413cb8
\Driver\atapi -> atapi.sys @ 0xf7300b40
\Driver\iaStor -> iaStor.sys @ 0xf7354eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71c4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d1a21
SendHandler -> NDIS.sys @ 0xf71af87b
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 23:08:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 21:08
ComboFix2.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 138 525 163 520
Po spuštění: Volných bajtů: 138 482 782 208
- - End Of File - - 42EA993CCEAEE94935D4FF58A0BC3DFE
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
Problém se zase vyskytuje, vyskakují IE okna s reklamami, občas se při nstartování Windows objeví logon obrazovka, ačkoli žádné heslo nastavené nemám. Zkoušel jsem aplikovat postup s ComboFixem několikrát, neúspěšně.
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Dejte log z posledního skenu ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
ComboFix 10-06-03.01 - kajan 06.06.2010 13:29:28.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-06 do 2010-06-06 )))))))))))))))))))))))))))))))
.
2010-06-05 13:56 . 2010-06-05 14:07 -------- d-----w- C:\totalcmd
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-06-05 11:26 . 2010-06-05 11:26 -------- d-----w- c:\documents and settings\kajan\.kmlcsv
2010-06-05 11:25 . 2010-06-05 11:25 -------- d-----w- c:\program files\Choon-Chern Lim
2010-06-04 09:23 . 2010-06-04 09:26 -------- d-----w- C:\Richard_Davies
2010-06-04 09:23 . 2004-05-29 07:55 86016 ------w- c:\windows\system32\qtXLS.dll
2010-06-04 09:23 . 2000-01-30 20:24 421888 ------w- c:\windows\system32\DFORRT.DLL
2010-05-29 14:22 . 2010-05-29 14:22 -------- d-----w- c:\windows\Sun
2010-05-29 14:22 . 2010-05-29 14:22 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 14:21 . 2010-05-29 14:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 14:21 . 2010-05-29 14:21 -------- d-----w- c:\program files\Java
2010-05-28 00:53 . 2010-05-28 00:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 16:56 . 2010-05-26 16:56 -------- d-----w- c:\temp\SQL Server 2008 Developer (x86, x64, ia64) - DVD (English)
2010-05-26 16:48 . 2010-05-26 17:00 -------- d-----w- C:\Temp
2010-05-26 09:19 . 2010-05-26 09:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-20 22:30 . 2010-05-20 22:30 -------- d-----w- c:\program files\BestGameEver
2010-05-18 19:50 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-18 19:50 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 18:59 . 2010-06-05 15:04 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-19 09:41 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-03-11 12:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-07 19:18 . 2010-03-11 12:36 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 11:25 . 2010-06-05 11:25 -------- d-----w- c:\program files\Choon-Chern Lim
2010-05-29 14:13 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-29 14:13 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 12:36 . 2009-01-22 11:15 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-01-22 11:15 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2009-01-22 11:15 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-06-05_15.36.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-06 11:26 . 2010-06-06 11:26 16384 c:\windows\temp\Perflib_Perfdata_508.dat
+ 2009-05-28 23:00 . 2010-06-06 11:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
- 2009-05-28 23:00 . 2010-06-05 13:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
+ 2010-06-06 10:53 . 2010-06-06 11:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 22:58 . 2010-06-06 11:28 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-28 22:58 . 2010-06-05 15:29 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1ad360b35c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 13:34
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
Celkový čas: 2010-06-06 13:36:18
ComboFix-quarantined-files.txt 2010-06-06 11:36
ComboFix2.txt 2010-06-05 15:38
ComboFix3.txt 2010-05-18 21:08
ComboFix4.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 130 985 144 320
Po spuštění: Volných bajtů: 130 890 694 656
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E03989771FBC34016D8BDD85B61F98E9
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\kajan\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-06 do 2010-06-06 )))))))))))))))))))))))))))))))
.
2010-06-05 13:56 . 2010-06-05 14:07 -------- d-----w- C:\totalcmd
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-06-05 13:56 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-06-05 11:26 . 2010-06-05 11:26 -------- d-----w- c:\documents and settings\kajan\.kmlcsv
2010-06-05 11:25 . 2010-06-05 11:25 -------- d-----w- c:\program files\Choon-Chern Lim
2010-06-04 09:23 . 2010-06-04 09:26 -------- d-----w- C:\Richard_Davies
2010-06-04 09:23 . 2004-05-29 07:55 86016 ------w- c:\windows\system32\qtXLS.dll
2010-06-04 09:23 . 2000-01-30 20:24 421888 ------w- c:\windows\system32\DFORRT.DLL
2010-05-29 14:22 . 2010-05-29 14:22 -------- d-----w- c:\windows\Sun
2010-05-29 14:22 . 2010-05-29 14:22 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 14:21 . 2010-05-29 14:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 14:21 . 2010-05-29 14:21 -------- d-----w- c:\program files\Java
2010-05-28 00:53 . 2010-05-28 00:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 16:56 . 2010-05-26 16:56 -------- d-----w- c:\temp\SQL Server 2008 Developer (x86, x64, ia64) - DVD (English)
2010-05-26 16:48 . 2010-05-26 17:00 -------- d-----w- C:\Temp
2010-05-26 09:19 . 2010-05-26 09:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-20 22:30 . 2010-05-20 22:30 -------- d-----w- c:\program files\BestGameEver
2010-05-18 19:50 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-05-18 19:50 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-18 18:59 . 2010-06-05 15:04 -------- d-----w- c:\program files\trend micro
2010-05-18 18:59 . 2010-05-18 18:59 -------- d-----w- C:\rsit
2010-05-18 11:52 . 2010-05-18 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-17 07:27 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\LogFiles
2010-05-14 07:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 07:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 07:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 07:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 07:46 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-14 07:46 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-14 07:46 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-14 07:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 07:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 07:45 . 2010-05-14 07:45 -------- d-----w- c:\program files\Alwil Software
2010-05-13 20:16 . 2010-05-13 20:16 -------- d-----w- c:\program files\CCleaner
2010-05-13 20:09 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-13 20:09 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-12 23:20 . 2010-05-12 23:20 -------- d-----w- c:\program files\WinSCP
2010-05-10 10:03 . 2010-05-10 10:03 -------- d-----w- c:\program files\QIP 2010
2010-05-09 20:09 . 2010-05-09 20:09 -------- d-sh--w- c:\documents and settings\kajan\PrivacIE
2010-05-08 11:58 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-08 11:58 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-08 11:57 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-08 06:47 . 2010-05-08 06:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 20:37 . 2010-05-07 20:37 -------- d-sh--w- c:\documents and settings\kajan\IETldCache
2010-05-07 19:23 . 2010-05-07 19:23 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 19:19 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-07 19:19 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-07 19:19 . 2010-05-19 09:41 -------- d-----w- c:\windows\ie8updates
2010-05-07 19:19 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-07 19:18 . 2010-03-11 12:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-07 19:18 . 2010-03-11 12:36 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 11:25 . 2010-06-05 11:25 -------- d-----w- c:\program files\Choon-Chern Lim
2010-05-29 14:13 . 2009-01-22 11:15 79930 ----a-w- c:\windows\system32\perfc005.dat
2010-05-29 14:13 . 2009-01-22 11:15 433486 ----a-w- c:\windows\system32\perfh005.dat
2010-05-18 15:39 . 2009-01-22 11:15 1034240 ----a-w- c:\windows\explorer.exe
2010-05-14 13:36 . 2009-01-22 03:26 14528 ----a-w- c:\windows\system32\drivers\athw.sys
2010-05-14 08:42 . 2009-01-22 03:59 -------- d-----w- c:\program files\Acer
2010-05-14 08:42 . 2009-01-22 03:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 12:36 . 2009-01-22 11:15 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-01-22 11:15 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2009-01-22 11:15 430080 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-06-05_15.36.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-06 11:26 . 2010-06-06 11:26 16384 c:\windows\temp\Perflib_Perfdata_508.dat
+ 2009-05-28 23:00 . 2010-06-06 11:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
- 2009-05-28 23:00 . 2010-06-05 13:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Feeds Cache\index.dat
+ 2010-06-06 10:53 . 2010-06-06 11:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 22:58 . 2010-06-06 11:28 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-28 22:58 . 2010-06-05 15:29 245760 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1ad360b35c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-04-30 10:44 5562832 ----a-w- c:\program files\QIP 2010\qip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotificationCenterLauncher]
2008-12-22 10:00 225280 ----a-w- c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-26 08:20 18081280 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.5.2010 9:46 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2010 9:46 19024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.1.2009 5:59 237568]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29.5.2009 1:04 145408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [22.1.2009 5:24 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.6.2009 18:02 721904]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\kajan\Data aplikací\Mozilla\Firefox\Profiles\eb952035.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 13:34
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,29,8c,6f,24,85,e4,4b,b4,cf,92,\
.
Celkový čas: 2010-06-06 13:36:18
ComboFix-quarantined-files.txt 2010-06-06 11:36
ComboFix2.txt 2010-06-05 15:38
ComboFix3.txt 2010-05-18 21:08
ComboFix4.txt 2010-05-18 19:54
Před spuštěním: Volných bajtů: 130 985 144 320
Po spuštění: Volných bajtů: 130 890 694 656
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E03989771FBC34016D8BDD85B61F98E9
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Kremě 3 smazaných položek ze zálohy systému vypadá log čistý. Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
Process:
System Idle Process
System
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kajan\Plocha\IceSword122en\IceSword.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iaStor.sys
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\M3000KNT.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\SystemRoot\system32\drivers\kmixer.sys
\WINDOWS\system32\ntdll.dll
System Idle Process
System
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\System Volume Information\_restore{d5fffa500b1b}\smss.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kajan\Plocha\IceSword122en\IceSword.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iaStor.sys
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\M3000KNT.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\SystemRoot\system32\drivers\kmixer.sys
\WINDOWS\system32\ntdll.dll
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Rootkit v systému není. Nainstalujte SuperAntispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ , updatujte, proveďte sken a smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: občasné BSOD, zamrzání systému
V průběhu skenu se restartuje počítač, odzkoušen i test přes klasický Avast, výsledek stejný...
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: občasné BSOD, zamrzání systému
Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?