Zdravim vas po spusteni pocitaca mi vyhadzuje windows tuto hlasku(vid priloha) mozem mi niekto prosim poradit co stym?
dakujem
..pripajam log
Logfile of random's system information tool 1.07 (written by random/random)
Run by Karolko at 2010-06-15 19:53:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 156 GB (62%) free of 250 GB
Total RAM: 2047 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:08, on 15.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnp325.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe
C:\Program Files\Autocad Electric 2005\Autodesk Network License Manager\adskflex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\scialm\Lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\scialm\Lmgrd.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\scialm\SCIA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Download\RSIT.exe
C:\Program Files\trend micro\Karolko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Thoosje Sevenbar.lnk = C:\Program Files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6835663281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6835914562
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18A0ACC0-4A33-43E0-999F-0250B4A80535}: NameServer = 192.168.202.213,192.168.108.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{18A0ACC0-4A33-43E0-999F-0250B4A80535}: NameServer = 192.168.202.213,192.168.108.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 123 - Macrovision Corporation - C:\Program Files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1c9a295a594df56) (gupdate1c9a295a594df56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SCIA - Macrovision Corporation - C:\scialm\Lmgrd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9070 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PC Translator\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"snp325"=C:\WINDOWS\vsnp325.exe [2007-05-09 835584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-05-06 2815192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-05-22 405504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2007-05-16 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\Autodesk Shared\acstart16.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karolko^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
C:\DOCUME~1\Karolko\DATAAP~1\Dropbox\bin\Dropbox.exe [2009-09-26 26801794]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2
"LightScribeService"=2
"Ati HotKey Poller"=2
C:\Documents and Settings\Karolko\Nabídka Start\Programy\Po spuštění
Thoosje Sevenbar.lnk - C:\Program Files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Hry\COD4\iw3mp.exe"="C:\Hry\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Hry\COHOF\RelicCOH.exe"="C:\Hry\COHOF\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\hasplms.exe"="C:\WINDOWS\system32\hasplms.exe:*:Enabled:HASP LLM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7dae987-c924-11dd-831d-001d922b4f1e}]
shell\AutoRun\command - I:\hnypt.com
shell\explore\command - I:\hnypt.com
shell\open\command - I:\hnypt.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd246b47-c613-11dd-8bc6-001d922b4f1e}]
shell\AutoRun\command - qquq.bat
shell\explore\command - qquq.bat
shell\open\command - qquq.bat
======File associations======
.js - open - NOTEPAD.EXE %1
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2010-06-15 19:53:55 ----D---- C:\rsit
2010-06-15 19:53:55 ----D---- C:\Program Files\trend micro
2010-06-11 16:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 16:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 16:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 16:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 16:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 16:11:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-08 15:10:20 ----A---- C:\WINDOWS\system32\akshhl28.dll
2010-06-08 14:57:39 ----D---- C:\SEMA
2010-05-26 16:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-19 16:20:36 ----D---- C:\Documents and Settings\Karolko\Data aplikací\gtk-2.0
2010-05-19 16:19:24 ----D---- C:\Program Files\GIMP-2.0
======List of files/folders modified in the last 1 months======
2010-06-15 19:53:55 ----RD---- C:\Program Files
2010-06-15 19:51:16 ----D---- C:\WINDOWS\Temp
2010-06-15 19:50:39 ----D---- C:\scialm
2010-06-15 16:25:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-15 16:20:53 ----D---- C:\Documents and Settings\Karolko\Data aplikací\vlc
2010-06-15 15:58:52 ----D---- C:\Documents and Settings\Karolko\Data aplikací\dvdcss
2010-06-14 20:02:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-14 20:02:55 ----RSD---- C:\WINDOWS\assembly
2010-06-14 17:14:17 ----D---- C:\WINDOWS
2010-06-14 17:13:17 ----D---- C:\WINDOWS\system32
2010-06-11 16:16:11 ----HD---- C:\WINDOWS\inf
2010-06-11 16:16:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-11 16:16:07 ----A---- C:\WINDOWS\imsins.BAK
2010-06-11 16:16:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 16:16:02 ----SHD---- C:\WINDOWS\Installer
2010-06-11 16:16:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-06-11 16:14:44 ----D---- C:\Program Files\Internet Explorer
2010-06-11 16:14:37 ----D---- C:\WINDOWS\ie8updates
2010-06-11 16:11:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-11 16:10:48 ----D---- C:\WINDOWS\WinSxS
2010-06-11 16:08:57 ----D---- C:\WINDOWS\Prefetch
2010-06-11 15:22:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 22:29:30 ----D---- C:\Documents and Settings\Karolko\Data aplikací\Skype
2010-06-10 19:29:35 ----D---- C:\Documents and Settings\Karolko\Data aplikací\skypePM
2010-06-08 16:02:05 ----D---- C:\Program Files\K2
2010-06-08 15:12:29 ----D---- C:\WINDOWS\system32\drivers
2010-06-08 14:58:43 ----D---- C:\Program Files\SEMA
2010-06-08 14:57:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-29 09:45:39 ----D---- C:\Program Files\Winamp
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-24 19:52:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-23 17:22:31 ----D---- C:\Program Files\Thoosje
2010-05-18 22:02:30 ----D---- C:\Program Files\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2003-06-24 182784]
R2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2003-06-24 9472]
R2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2003-06-24 29568]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 10343168]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver; C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2007-04-03 437760]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S2 DS1410D;DS1410D; C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS []
S3 akshasp;SafeNet Inc. HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2009-03-13 238208]
S3 aksusb;SafeNet Inc. USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2009-06-22 16384]
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2007-04-03 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-23 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-04-03 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 123;123; C:\Program Files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe [2003-12-10 659456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 hasplms;Sentinel HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2009-12-16 3750400]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-03 190144]
R2 SCIA;SCIA; C:\scialm\Lmgrd.exe [2005-09-12 974848]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 gupdate1c9a295a594df56;Služba Google Update (gupdate1c9a295a594df56); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-12-03 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-02 75064]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o konntrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Prosim o konntrolu
- Přílohy
-
- hlaska.JPG (18.21 KiB) Zobrazeno 2291 x
Re: Prosim o konntrolu
Zdravím!
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
Vypis z Combofixu...
ComboFix 10-06-15.03 - Karolko 16.06.2010 15:30:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1384 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karolko\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-15 18:12 . 2010-06-02 11:41 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-06-15 18:12 . 2010-06-15 18:12 -------- d-----w- c:\program files\Soluto
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- C:\rsit
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- c:\program files\trend micro
2010-06-11 13:25 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 13:10 . 2009-10-23 07:22 36864 ----a-w- c:\windows\system32\akshhl28.dll
2010-06-08 12:57 . 2010-06-08 12:57 -------- d-----w- C:\SEMA
2010-05-19 14:26 . 2010-05-19 14:26 -------- d-----w- c:\documents and settings\Karolko\.thumbnails
2010-05-19 14:19 . 2010-05-23 15:21 -------- d-----w- c:\documents and settings\Karolko\.gimp-2.6
2010-05-19 14:19 . 2010-05-19 14:19 -------- d-----w- c:\program files\GIMP-2.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 14:11 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2010-06-11 14:11 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2010-06-08 14:02 . 2009-11-04 19:26 -------- d-----w- c:\program files\K2
2010-06-08 12:58 . 2009-04-03 15:37 -------- d-----w- c:\program files\SEMA
2010-06-08 12:57 . 2008-11-16 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 07:45 . 2008-11-16 12:08 -------- d-----w- c:\program files\Winamp
2010-05-23 15:22 . 2010-02-27 08:58 -------- d-----w- c:\program files\Thoosje
2010-05-18 20:02 . 2008-11-25 16:24 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2010-04-05 15:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-05 15:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-05 15:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-05 15:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-05 15:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-05 15:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-05 15:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-05 15:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2010-04-05 15:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2008-11-16 11:17 . 2009-08-09 19:13 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thoosje Sevenbar.lnk - c:\program files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe [2010-2-27 605696]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Karolko^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Karolko\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-05-22 09:14 405504 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-05-16 13:43 69632 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\COD4\\iw3mp.exe"=
"c:\\Hry\\COHOF\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2010 17:02 164048]
R2 123;123;c:\program files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe [9.2.2009 9:48 659456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2010 17:02 19024]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SCIA;SCIA;c:\scialm\Lmgrd.exe [28.4.2009 15:58 974848]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2.6.2010 13:51 338464]
R2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [16.11.2008 22:22 182784]
R2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [16.11.2008 22:23 9472]
R2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [16.11.2008 22:24 29568]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23.11.2008 23:16 10343168]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [15.6.2010 20:12 179144]
S2 gupdate1c9a295a594df56;Služba Google Update (gupdate1c9a295a594df56);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2009 0:06 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.12.2008 5:21 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.12.2008 5:21 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.12.2008 5:21 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.12.2008 5:21 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.12.2008 5:21 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.12.2008 5:21 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.12.2008 5:21 115752]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [16.11.2008 13:30 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
TCP: {18A0ACC0-4A33-43E0-999F-0250B4A80535} = 192.168.202.213,192.168.108.222
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/firefox/
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09} - c:\program files\InstallShield Installation Information\{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}\setup.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,7c,c0,02,65,27,c9,be,d1,45,7f,ba,df,0b,10,2c,54,36,59,ca,35,87,e6,
30,e4,4f,83,09,88,a0,46,eb,e0,07,a7,41,20,d7,5a,e1,9a,67,36,b0,4b,79,48,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,0d,ca,87,92,ab,f0,92,91,8c,67,92,c6,28,33,a4,f6,fc,1c,a7,41,
1a,4a,fa,58,00,5d,fd,61,06,53,1e,65,b5,d0,54,bd,f2,e8,5f,0e,11,20,69,91,a7,\
"rkeysecu"=hex:60,28,48,73,82,11,dd,fc,48,d8,7f,71,1b,10,03,a0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4068)
c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-16 15:37:24
ComboFix-quarantined-files.txt 2010-06-16 13:37
Před spuštěním: Volných bajtů: 163 307 085 824
Po spuštění: Volných bajtů: 163 689 095 168
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
- - End Of File - - 64E61011FB79055CCBDF0092957C5A25
ComboFix 10-06-15.03 - Karolko 16.06.2010 15:30:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1384 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karolko\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-15 18:12 . 2010-06-02 11:41 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-06-15 18:12 . 2010-06-15 18:12 -------- d-----w- c:\program files\Soluto
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- C:\rsit
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- c:\program files\trend micro
2010-06-11 13:25 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 13:10 . 2009-10-23 07:22 36864 ----a-w- c:\windows\system32\akshhl28.dll
2010-06-08 12:57 . 2010-06-08 12:57 -------- d-----w- C:\SEMA
2010-05-19 14:26 . 2010-05-19 14:26 -------- d-----w- c:\documents and settings\Karolko\.thumbnails
2010-05-19 14:19 . 2010-05-23 15:21 -------- d-----w- c:\documents and settings\Karolko\.gimp-2.6
2010-05-19 14:19 . 2010-05-19 14:19 -------- d-----w- c:\program files\GIMP-2.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 14:11 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2010-06-11 14:11 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2010-06-08 14:02 . 2009-11-04 19:26 -------- d-----w- c:\program files\K2
2010-06-08 12:58 . 2009-04-03 15:37 -------- d-----w- c:\program files\SEMA
2010-06-08 12:57 . 2008-11-16 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 07:45 . 2008-11-16 12:08 -------- d-----w- c:\program files\Winamp
2010-05-23 15:22 . 2010-02-27 08:58 -------- d-----w- c:\program files\Thoosje
2010-05-18 20:02 . 2008-11-25 16:24 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2010-04-05 15:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-05 15:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-05 15:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-05 15:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-05 15:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-05 15:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-05 15:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-05 15:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2010-04-05 15:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2008-11-16 11:17 . 2009-08-09 19:13 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thoosje Sevenbar.lnk - c:\program files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe [2010-2-27 605696]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Karolko^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Karolko\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-05-22 09:14 405504 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-05-16 13:43 69632 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\COD4\\iw3mp.exe"=
"c:\\Hry\\COHOF\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2010 17:02 164048]
R2 123;123;c:\program files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe [9.2.2009 9:48 659456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2010 17:02 19024]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SCIA;SCIA;c:\scialm\Lmgrd.exe [28.4.2009 15:58 974848]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2.6.2010 13:51 338464]
R2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [16.11.2008 22:22 182784]
R2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [16.11.2008 22:23 9472]
R2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [16.11.2008 22:24 29568]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23.11.2008 23:16 10343168]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [15.6.2010 20:12 179144]
S2 gupdate1c9a295a594df56;Služba Google Update (gupdate1c9a295a594df56);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2009 0:06 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.12.2008 5:21 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.12.2008 5:21 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.12.2008 5:21 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.12.2008 5:21 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.12.2008 5:21 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.12.2008 5:21 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.12.2008 5:21 115752]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [16.11.2008 13:30 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
TCP: {18A0ACC0-4A33-43E0-999F-0250B4A80535} = 192.168.202.213,192.168.108.222
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/firefox/
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09} - c:\program files\InstallShield Installation Information\{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}\setup.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,7c,c0,02,65,27,c9,be,d1,45,7f,ba,df,0b,10,2c,54,36,59,ca,35,87,e6,
30,e4,4f,83,09,88,a0,46,eb,e0,07,a7,41,20,d7,5a,e1,9a,67,36,b0,4b,79,48,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,0d,ca,87,92,ab,f0,92,91,8c,67,92,c6,28,33,a4,f6,fc,1c,a7,41,
1a,4a,fa,58,00,5d,fd,61,06,53,1e,65,b5,d0,54,bd,f2,e8,5f,0e,11,20,69,91,a7,\
"rkeysecu"=hex:60,28,48,73,82,11,dd,fc,48,d8,7f,71,1b,10,03,a0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4068)
c:\documents and settings\Karolko\Data aplikací\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-16 15:37:24
ComboFix-quarantined-files.txt 2010-06-16 13:37
Před spuštěním: Volných bajtů: 163 307 085 824
Po spuštění: Volných bajtů: 163 689 095 168
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
- - End Of File - - 64E61011FB79055CCBDF0092957C5A25
Re: Prosim o konntrolu
Tento soubor otestujte na www.virustotal.com :
c:\windows\system32\akshhl28.dll
výsledek sem zkopírujte.
Zkoušel jste vypnout tento program: c:\program files\Soluto ?
Někdy může pěkně rozhasit systém.
c:\windows\system32\akshhl28.dll
výsledek sem zkopírujte.
Zkoušel jste vypnout tento program: c:\program files\Soluto ?
Někdy může pěkně rozhasit systém.
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2010.01.30 -
AntiVir 7.9.1.154 2010.01.29 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.30 -
Avast 4.8.1351.0 2010.01.30 -
AVG 9.0.0.730 2010.01.30 -
BitDefender 7.2 2010.01.30 -
CAT-QuickHeal 10.00 2010.01.30 -
ClamAV 0.96.0.0-git 2010.01.30 -
Comodo 3761 2010.01.30 -
DrWeb 5.0.1.12222 2010.01.30 -
eSafe 7.0.17.0 2010.01.28 -
eTrust-Vet 35.2.7271 2010.01.29 -
F-Prot 4.5.1.85 2010.01.29 -
F-Secure 9.0.15370.0 2010.01.29 -
Fortinet 4.0.14.0 2010.01.30 -
GData 19 2010.01.30 -
Ikarus T3.1.1.80.0 2010.01.30 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.01.30 -
McAfee 5876 2010.01.29 -
McAfee+Artemis 5876 2010.01.29 -
McAfee-GW-Edition 6.8.5 2010.01.30 -
Microsoft 1.5406 2010.01.30 -
NOD32 4820 2010.01.30 -
Norman 6.04.03 2010.01.30 -
nProtect 2009.1.8.0 2010.01.30 -
Panda 10.0.2.2 2010.01.30 -
PCTools 7.0.3.5 2010.01.30 -
Prevx 3.0 2010.01.30 -
Rising 22.32.05.04 2010.01.30 -
Sophos 4.50.0 2010.01.30 -
Sunbelt 3.2.1858.2 2010.01.30 -
Symantec 20091.2.0.41 2010.01.30 -
TheHacker 6.5.1.0.172 2010.01.30 -
TrendMicro 9.120.0.1004 2010.01.30 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.1.30.2164 2010.01.30 -
VirusBuster 5.0.21.0 2010.01.29 -
Additional information
File size: 36864 bytes
MD5 : fe89e3ac930bcd6f77e573f724069c9c
SHA1 : 2683e5da23872389e0ee9a23a082935b462639cf
SHA256: 626405c63d861c330f400f633defe8180e0e1982358081db7a797908646a5827
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1170
timedatestamp.....: 0x4AE05414 (Thu Oct 22 14:46:12 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x50C6 0x5200 6.44 309e31bb365399c7f05ac176e03923f3
.rdata 0x7000 0x14A9 0x1600 4.62 9b26324d3e25c0712d1096e0463b39ab
.data 0x9000 0x2510 0x1000 4.04 130d359dcad580935e364b4191698242
.rsrc 0xC000 0x798 0x800 3.24 41d0886f2580fbbe10947cf5f2148eb6
.reloc 0xD000 0xA88 0xC00 4.12 981ad210625e2bafa5fa9fedb75bfce0
( 5 imports )
> advapi32.dll: RegDeleteKeyA, QueryServiceStatus, RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegOpenKeyA, RegEnumValueA
> comctl32.dll: -
> kernel32.dll: FindClose, FindFirstFileA, CopyFileA, GetTickCount, GetVersionExA, LoadLibraryA, GetProcAddress, GetLastError, Sleep, CreateFileA, DeviceIoControl, CloseHandle, LocalAlloc, GetSystemDirectoryA, LocalFree, DisableThreadLibraryCalls, FlushFileBuffers, GetModuleFileNameA, RtlUnwind, HeapFree, HeapAlloc, InterlockedExchange, VirtualQuery, VirtualFree, VirtualAlloc, HeapReAlloc, ExitProcess, GetModuleHandleA, TerminateProcess, GetCurrentProcess, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetACP, GetOEMCP, GetCPInfo, SetFilePointer, GetStdHandle, WriteFile, WideCharToMultiByte, GetLocaleInfoA, VirtualProtect, GetSystemInfo, LCMapStringA, LCMapStringW, SetStdHandle, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime
> setupapi.dll: SetupDiSetDeviceInstallParamsA, SetupDiGetDeviceInstallParamsA
> version.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
( 1 exports )
> AksHhlCoInstallEntryPoint
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:BOSIaFWNmXPPMgvVLr/Ijvmpk/JtFSDN36lPx4frLA:vIaFWNmXPT9H43/JyDU8frLA
PEiD : -
RDS : NSRL Reference Data Set
-
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
AhnLab-V3 5.0.0.2 2010.01.30 -
AntiVir 7.9.1.154 2010.01.29 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.30 -
Avast 4.8.1351.0 2010.01.30 -
AVG 9.0.0.730 2010.01.30 -
BitDefender 7.2 2010.01.30 -
CAT-QuickHeal 10.00 2010.01.30 -
ClamAV 0.96.0.0-git 2010.01.30 -
Comodo 3761 2010.01.30 -
DrWeb 5.0.1.12222 2010.01.30 -
eSafe 7.0.17.0 2010.01.28 -
eTrust-Vet 35.2.7271 2010.01.29 -
F-Prot 4.5.1.85 2010.01.29 -
F-Secure 9.0.15370.0 2010.01.29 -
Fortinet 4.0.14.0 2010.01.30 -
GData 19 2010.01.30 -
Ikarus T3.1.1.80.0 2010.01.30 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.01.30 -
McAfee 5876 2010.01.29 -
McAfee+Artemis 5876 2010.01.29 -
McAfee-GW-Edition 6.8.5 2010.01.30 -
Microsoft 1.5406 2010.01.30 -
NOD32 4820 2010.01.30 -
Norman 6.04.03 2010.01.30 -
nProtect 2009.1.8.0 2010.01.30 -
Panda 10.0.2.2 2010.01.30 -
PCTools 7.0.3.5 2010.01.30 -
Prevx 3.0 2010.01.30 -
Rising 22.32.05.04 2010.01.30 -
Sophos 4.50.0 2010.01.30 -
Sunbelt 3.2.1858.2 2010.01.30 -
Symantec 20091.2.0.41 2010.01.30 -
TheHacker 6.5.1.0.172 2010.01.30 -
TrendMicro 9.120.0.1004 2010.01.30 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.1.30.2164 2010.01.30 -
VirusBuster 5.0.21.0 2010.01.29 -
Additional information
File size: 36864 bytes
MD5 : fe89e3ac930bcd6f77e573f724069c9c
SHA1 : 2683e5da23872389e0ee9a23a082935b462639cf
SHA256: 626405c63d861c330f400f633defe8180e0e1982358081db7a797908646a5827
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1170
timedatestamp.....: 0x4AE05414 (Thu Oct 22 14:46:12 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x50C6 0x5200 6.44 309e31bb365399c7f05ac176e03923f3
.rdata 0x7000 0x14A9 0x1600 4.62 9b26324d3e25c0712d1096e0463b39ab
.data 0x9000 0x2510 0x1000 4.04 130d359dcad580935e364b4191698242
.rsrc 0xC000 0x798 0x800 3.24 41d0886f2580fbbe10947cf5f2148eb6
.reloc 0xD000 0xA88 0xC00 4.12 981ad210625e2bafa5fa9fedb75bfce0
( 5 imports )
> advapi32.dll: RegDeleteKeyA, QueryServiceStatus, RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegOpenKeyA, RegEnumValueA
> comctl32.dll: -
> kernel32.dll: FindClose, FindFirstFileA, CopyFileA, GetTickCount, GetVersionExA, LoadLibraryA, GetProcAddress, GetLastError, Sleep, CreateFileA, DeviceIoControl, CloseHandle, LocalAlloc, GetSystemDirectoryA, LocalFree, DisableThreadLibraryCalls, FlushFileBuffers, GetModuleFileNameA, RtlUnwind, HeapFree, HeapAlloc, InterlockedExchange, VirtualQuery, VirtualFree, VirtualAlloc, HeapReAlloc, ExitProcess, GetModuleHandleA, TerminateProcess, GetCurrentProcess, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetACP, GetOEMCP, GetCPInfo, SetFilePointer, GetStdHandle, WriteFile, WideCharToMultiByte, GetLocaleInfoA, VirtualProtect, GetSystemInfo, LCMapStringA, LCMapStringW, SetStdHandle, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime
> setupapi.dll: SetupDiSetDeviceInstallParamsA, SetupDiGetDeviceInstallParamsA
> version.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
( 1 exports )
> AksHhlCoInstallEntryPoint
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:BOSIaFWNmXPPMgvVLr/Ijvmpk/JtFSDN36lPx4frLA:vIaFWNmXPT9H43/JyDU8frLA
PEiD : -
RDS : NSRL Reference Data Set
-
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Re: Prosim o konntrolu
O.K.
Co vypnutí tohoto:
Soluto
Dropbox
Klikněte ještě v mém podpise na MBAM, proscanujte počítač a vložte sem log.
Co vypnutí tohoto:
Soluto
Dropbox
Klikněte ještě v mém podpise na MBAM, proscanujte počítač a vložte sem log.
Re: Prosim o konntrolu
Halooooo, jak to vypadá? Máte ještě zavirovaný flash disky, je potřeba to dočistit. 
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
TIE PROGRAMI SOM ODINSTALOVAL ALE STALE MI VYPISUJE TU HLASKU PO STARTE WINDOWSU
Re: Prosim o konntrolu
Ještě, prosím, zkontrolujte na virustotal tento soubor:
c:\windows\system32\drivers\PCGenFAM.sys
a vrhneme se na mazání.
c:\windows\system32\drivers\PCGenFAM.sys
a vrhneme se na mazání.
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
TEN SUBOR SOM TAM NENASIEL...NEMOHOL SA VYMAZAT PRI ODINSTALOVANI TYCH DVOCH PROGRAMOV?CO DALEJ?
Re: Prosim o konntrolu
Nemusíte ho najít. Jenom zkopírujte toto:
c:\windows\system32\drivers\PCGenFAM.sys
do okna na virustotal a dejte Odeslat soubor.
c:\windows\system32\drivers\PCGenFAM.sys
do okna na virustotal a dejte Odeslat soubor.
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
Na VT mi to nejde vlozit...teda ta cesta sa neda skopirovat do okna na stranke VT.... 
po kliknuti do okna mi vzdy otvori okno na vlozenie suboru...
po kliknuti do okna mi vzdy otvori okno na vlozenie suboru...Re: Prosim o konntrolu
pokud jste tak jeste neucinil, presunte Combofix na plochu
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci
otevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
Kód: Vybrat vše
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7dae987-c924-11dd-831d-001d922b4f1e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd246b47-c613-11dd-8bc6-001d922b4f1e}]
po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem
Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci
-
kocure
- Návštěvník
- Příspěvky: 80
- Registrován: 17 led 2007 18:32
- Bydliště: BB-SK
- Kontaktovat uživatele:
Re: Prosim o konntrolu
nech sa paci ...
ComboFix 10-06-17.02 - Karolko 18.06.2010 17:33:17.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karolko\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karolko\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\win.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-15 18:12 . 2010-06-16 17:59 -------- d-----w- c:\program files\Soluto
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- C:\rsit
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- c:\program files\trend micro
2010-06-11 13:25 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 13:10 . 2009-10-23 07:22 36864 ----a-w- c:\windows\system32\akshhl28.dll
2010-06-08 12:57 . 2010-06-08 12:57 -------- d-----w- C:\SEMA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 18:00 . 2008-11-18 16:18 -------- d-----w- c:\program files\CCleaner
2010-06-11 14:11 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2010-06-11 14:11 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2010-06-08 14:02 . 2009-11-04 19:26 -------- d-----w- c:\program files\K2
2010-06-08 12:58 . 2009-04-03 15:37 -------- d-----w- c:\program files\SEMA
2010-06-08 12:57 . 2008-11-16 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 07:45 . 2008-11-16 12:08 -------- d-----w- c:\program files\Winamp
2010-05-23 15:22 . 2010-02-27 08:58 -------- d-----w- c:\program files\Thoosje
2010-05-19 14:19 . 2010-05-19 14:19 -------- d-----w- c:\program files\GIMP-2.0
2010-05-18 20:02 . 2008-11-25 16:24 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2010-04-05 15:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-05 15:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-05 15:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-05 15:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-05 15:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-05 15:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-05 15:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-05 15:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2010-04-05 15:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2008-11-16 11:17 . 2009-08-09 19:13 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-16_13.35.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 19:01 . 2010-06-16 19:01 21504 c:\windows\Installer\2d653f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thoosje Sevenbar.lnk - c:\program files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe [2010-2-27 605696]
[HKLM\~\startupfolder\C:^Documents and Settings^Karolko^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Karolko\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-05-22 09:14 405504 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-05-16 13:43 69632 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\COD4\\iw3mp.exe"=
"c:\\Hry\\COHOF\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2010 17:02 164048]
R2 123;123;c:\program files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe [9.2.2009 9:48 659456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2010 17:02 19024]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SCIA;SCIA;c:\scialm\Lmgrd.exe [28.4.2009 15:58 974848]
R2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [16.11.2008 22:22 182784]
R2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [16.11.2008 22:23 9472]
R2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [16.11.2008 22:24 29568]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23.11.2008 23:16 10343168]
S2 gupdate1c9a295a594df56;Služba Google Update (gupdate1c9a295a594df56);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2009 0:06 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.12.2008 5:21 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.12.2008 5:21 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.12.2008 5:21 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.12.2008 5:21 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.12.2008 5:21 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.12.2008 5:21 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.12.2008 5:21 115752]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [16.11.2008 13:30 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
TCP: {18A0ACC0-4A33-43E0-999F-0250B4A80535} = 192.168.202.213,192.168.108.222
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/firefox/
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 17:39
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,7c,c0,02,65,27,c9,be,d1,45,7f,ba,df,0b,10,2c,54,36,59,ca,35,87,e6,
30,e4,4f,83,09,88,a0,46,eb,e0,07,a7,41,20,d7,5a,e1,9a,67,36,b0,4b,79,48,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,0d,ca,87,92,ab,f0,92,91,8c,67,92,c6,28,33,a4,f6,fc,1c,a7,41,
1a,4a,fa,58,00,5d,fd,61,06,53,1e,65,b5,d0,54,bd,f2,e8,5f,0e,11,20,69,91,a7,\
"rkeysecu"=hex:60,28,48,73,82,11,dd,fc,48,d8,7f,71,1b,10,03,a0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-18 17:41:55
ComboFix-quarantined-files.txt 2010-06-18 15:41
ComboFix2.txt 2010-06-16 13:37
Před spuštěním: Volných bajtů: 161 048 899 584
Po spuštění: Volných bajtů: 161 026 625 536
- - End Of File - - 6F8F989F8F77291688C4043CCDF12ED0
ComboFix 10-06-17.02 - Karolko 18.06.2010 17:33:17.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1525 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karolko\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karolko\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\win.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-15 18:12 . 2010-06-16 17:59 -------- d-----w- c:\program files\Soluto
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- C:\rsit
2010-06-15 17:53 . 2010-06-15 17:54 -------- d-----w- c:\program files\trend micro
2010-06-11 13:25 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 13:10 . 2009-10-23 07:22 36864 ----a-w- c:\windows\system32\akshhl28.dll
2010-06-08 12:57 . 2010-06-08 12:57 -------- d-----w- C:\SEMA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 18:00 . 2008-11-18 16:18 -------- d-----w- c:\program files\CCleaner
2010-06-11 14:11 . 2004-08-18 12:00 78716 ----a-w- c:\windows\system32\perfc005.dat
2010-06-11 14:11 . 2004-08-18 12:00 431654 ----a-w- c:\windows\system32\perfh005.dat
2010-06-08 14:02 . 2009-11-04 19:26 -------- d-----w- c:\program files\K2
2010-06-08 12:58 . 2009-04-03 15:37 -------- d-----w- c:\program files\SEMA
2010-06-08 12:57 . 2008-11-16 11:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 07:45 . 2008-11-16 12:08 -------- d-----w- c:\program files\Winamp
2010-05-23 15:22 . 2010-02-27 08:58 -------- d-----w- c:\program files\Thoosje
2010-05-19 14:19 . 2010-05-19 14:19 -------- d-----w- c:\program files\GIMP-2.0
2010-05-18 20:02 . 2008-11-25 16:24 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2010-04-05 15:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-05 15:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-05 15:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-05 15:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-05 15:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-05 15:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-05 15:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-05 15:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2010-04-05 15:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2008-11-16 11:17 . 2009-08-09 19:13 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-16_13.35.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 19:01 . 2010-06-16 19:01 21504 c:\windows\Installer\2d653f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolko\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thoosje Sevenbar.lnk - c:\program files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe [2010-2-27 605696]
[HKLM\~\startupfolder\C:^Documents and Settings^Karolko^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Karolko\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 13:50 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2007-05-22 09:14 405504 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-05-16 13:43 69632 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"LightScribeService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\COD4\\iw3mp.exe"=
"c:\\Hry\\COHOF\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.4.2010 17:02 164048]
R2 123;123;c:\program files\Autocad Electric 2005\Autodesk Network License Manager\lmgrd.exe [9.2.2009 9:48 659456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2010 17:02 19024]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SCIA;SCIA;c:\scialm\Lmgrd.exe [28.4.2009 15:58 974848]
R2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [16.11.2008 22:22 182784]
R2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [16.11.2008 22:23 9472]
R2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [16.11.2008 22:24 29568]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23.11.2008 23:16 10343168]
S2 gupdate1c9a295a594df56;Služba Google Update (gupdate1c9a295a594df56);c:\program files\Google\Update\GoogleUpdate.exe [12.3.2009 0:06 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.12.2008 5:21 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.12.2008 5:21 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.12.2008 5:21 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.12.2008 5:21 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.12.2008 5:21 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.12.2008 5:21 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.12.2008 5:21 115752]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [16.11.2008 13:30 9446]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
TCP: {18A0ACC0-4A33-43E0-999F-0250B4A80535} = 192.168.202.213,192.168.108.222
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/firefox/
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Karolko\Data aplikací\Mozilla\Firefox\Profiles\6k1kj6n5.default\extensions\{3ba34663-845a-4931-a6f3-1e033ec342a7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 17:39
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,7c,c0,02,65,27,c9,be,d1,45,7f,ba,df,0b,10,2c,54,36,59,ca,35,87,e6,
30,e4,4f,83,09,88,a0,46,eb,e0,07,a7,41,20,d7,5a,e1,9a,67,36,b0,4b,79,48,bf,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-299502267-920026266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5b,0d,ca,87,92,ab,f0,92,91,8c,67,92,c6,28,33,a4,f6,fc,1c,a7,41,
1a,4a,fa,58,00,5d,fd,61,06,53,1e,65,b5,d0,54,bd,f2,e8,5f,0e,11,20,69,91,a7,\
"rkeysecu"=hex:60,28,48,73,82,11,dd,fc,48,d8,7f,71,1b,10,03,a0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-18 17:41:55
ComboFix-quarantined-files.txt 2010-06-18 15:41
ComboFix2.txt 2010-06-16 13:37
Před spuštěním: Volných bajtů: 161 048 899 584
Po spuštění: Volných bajtů: 161 026 625 536
- - End Of File - - 6F8F989F8F77291688C4043CCDF12ED0
Re: Prosim o konntrolu
Co na to počítač?
Pokud problém přetrvává, zkuste proskenovat s MBAM a vložte sem log.
Pokud problém přetrvává, zkuste proskenovat s MBAM a vložte sem log.
Přispějete na provoz fóra?