Ahoj
Po startu, ale většinou po nějaké době používání PC zatuhne (tato doba je velmi proměnlivá).
Prosím o kontrolu logu combofixu:
ComboFix 10-09-03.02 - Uživatel 04.09.2010 13:35:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.458 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\program files\Internet Explorer\SET1BF.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-04 11:17 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-10 16:23 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2009-01-09 15:57 . 2009-01-09 15:57 56 --sh--r- c:\windows\system32\515AAE214E.sys
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-AtiPTA - atiptaxx.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 13:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-04 13:44:57
ComboFix-quarantined-files.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 26 170 109 952
Po spuštění: Volných bajtů: 26 256 576 512
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 84A622D820E626B7E709F8E6CC3EDB9C
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC zatuhává
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC zatuhává
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťted. CF se spustí a vykoná příkaz ze skriptu.Collect::
c:\windows\system32\515AAE214E.sys
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: PC zatuhává
Tak připojuji nový log, ale musel jsem ho provést v nouzovém režimu, jelikož se v normálním režimu 3x po sobě kousnul PC při činnosti CF.
ComboFix 10-09-04.06 - Uživatel 05.09.2010 10:50:11.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.811 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-05 08:39 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 14:40 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-10 16:23 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2009-01-09 15:57 . 2009-01-09 15:57 56 --sh--r- c:\windows\system32\515AAE214E.sys
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 10:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-05 10:59:12
ComboFix-quarantined-files.txt 2010-09-05 08:59
ComboFix2.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 26 060 222 464
Po spuštění: Volných bajtů: 26 048 872 448
- - End Of File - - 390D83456A7FFD71154F36B11B139F3E
ComboFix 10-09-04.06 - Uživatel 05.09.2010 10:50:11.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.811 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-05 08:39 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 14:40 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-10 16:23 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2009-01-09 15:57 . 2009-01-09 15:57 56 --sh--r- c:\windows\system32\515AAE214E.sys
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 10:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-05 10:59:12
ComboFix-quarantined-files.txt 2010-09-05 08:59
ComboFix2.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 26 060 222 464
Po spuštění: Volných bajtů: 26 048 872 448
- - End Of File - - 390D83456A7FFD71154F36B11B139F3E
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC zatuhává
Zůstalo to tam. Použijte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:
Files to delete:
c:\windows\system32\515AAE214E.sys
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: PC zatuhává
Nevím jestli něco dělám špatně, ale nejde to:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Sun Sep 05 12:53:39 2010
12:53:39: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
-----------------------------------------------------------------------------------------------------
Jinak to zatuhávání PC bylo pravděpodobně způsobeno frekvencí RAM (základní). Snížil jsem ji a zatím klid.
Zkusil jsem ještě v normal režimu CF a log přiožen:
ComboFix 10-09-04.06 - Uživatel 05.09.2010 13:01:57.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.462 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-30 21:25 . 2010-08-30 21:25 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-08-30 21:23 . 2010-08-30 21:23 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-05 09:29 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 09:51 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-10 16:23 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2009-01-09 15:57 . 2009-01-09 15:57 56 --sh--r- c:\windows\system32\515AAE214E.sys
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_11.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 09:25 . 2010-09-05 09:25 16384 c:\windows\temp\Perflib_Perfdata_214.dat
+ 2010-09-05 10:17 . 2010-09-05 10:17 50528 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut24_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut11_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\ARPPRODUCTICON.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 6412800 c:\windows\Installer\2f8086.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-08-30 2770760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [30.8.2010 23:25 2317128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - OODEFRAGAGENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 13:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
"OODEFRAG14.00.00.01PROFESSIONAL"="B8D74BA2DA3C6FAE8715602E530E17F347D6E7AF945E47E3457E74C4BC5FCA805DC761C21841BAEBDDA625BE0D069B97F583B45F0A1385C53338748D1426E25B0FEC3B685A8F36FC0DB2E78FDABAF601ED03FDBA9C137CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407BA7FD869164D6794BE222B09840AAAC70F43074A7DB8EEA0B1E2D6F43D920B82DF7C3EE4DBD88FA79B791820F908756521ECEA7ED70A7A19A843AA5A407EC722731B51D03D90F4E8AFA03E18A35F528227F970E0EAF1844E3F480646D43F71BCCCB592D4E5C3FB91B014C61730A814C24989DD40E77A8D60B5D0E953CFEFD38EE08AE2F2703EDC15E8140D291E817FF3497C2E4ED3330A115F020F7D5EB13072B91E5510CDD146073726A2BAC20CD103F9F90DA40B2FE14AA5BF5E23FC263C6AF238B0F5BF52DA230D144C9EC8ED3A8441EB5C3E3803EF188439770B00F51F9A3FE47253E019AFC5F06B810CABCF592E9B80B27ADE4A06A80CDAACDC0E4D794BE476C6B61B81CE727DFB6F9DBB5FC85B98AA571C55A5E65261D703A422DA586BB9FD14182E6DB74D60DAF5CF1ECF918ADA1F4B4943B3CA0B3B28B6538953C38A2ED5F1CE2F425A22DC63AA87CBD535DE1AD7BC91A79F5E6E678736BCE8EDB2DD4319A91A05661EDD4831550912AAA41FA09593E0D51141BD45732399B565143E0CA7BC99EB47DC920DA47280100DC6B64E58670B71B686DC49AF55863BF9C628B3275ED472D764F42AE3B2FBBC3D77B317E5074874443753FBC45683186F223E777EF4347E0976E0B0D8FAEBDE82064902C9F3B32DF0504C787B64F5BE8EECC228D91D844556C853C82F642914A5354FA9D0634DBDF54098706572A477A0E5202AAAA576D33B076FAAD739ECCD743B403D8EBF771B12EBABA85427BDDA773DE3F8A293A18A38CD78A5897C564F3FC4B902D8247A8F892B9DF7DE5DCF596697BC9FBC1D7E1D52305A1C3DE0E633DD6F7F4CC8648039A049AA4A61A2D035C30F81C0B3AD6A1213322284AF5085E429CEF989BD061A89A407B2227BBA97856B302B9107E4A7C5855002E760E57CA5FD6A3237D8403A45E298B8920E1B62343EFBD55B7B1759E83AF7D0661774FA8A3F3CD6EA8103B808ACA5E5C2C2EE50809FE7C1F999CA8A7E480986B0DB7D12FBD2333CC960EED03EDAC98470829365FCF55C55DFAD3DA8DDC55CC28DFBBB38B5A0B35891E45AA12A4796866B7E9D0C91AE361992C6DA0534503B46D7081BC94B9614C60FC0CD2EE0508E7D9729530FF7B746B9ABBA4A547F8862F77C553B829EA79EC425E986DE4E59A9A36EB8AC1FBF065387D7A06231941305617F7E7207E94913374E1B767EADC7D5D37AA8DAD04A1094F757"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-09-05 13:10:09
ComboFix-quarantined-files.txt 2010-09-05 11:10
ComboFix2.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 25 620 258 816
Po spuštění: Volných bajtů: 25 637 814 272
- - End Of File - - A38BB15390595DBEE0A6802EC99872E8
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Sun Sep 05 12:53:39 2010
12:53:39: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
-----------------------------------------------------------------------------------------------------
Jinak to zatuhávání PC bylo pravděpodobně způsobeno frekvencí RAM (základní). Snížil jsem ji a zatím klid.
Zkusil jsem ještě v normal režimu CF a log přiožen:
ComboFix 10-09-04.06 - Uživatel 05.09.2010 13:01:57.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.462 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-30 21:25 . 2010-08-30 21:25 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-08-30 21:23 . 2010-08-30 21:23 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-05 09:29 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 09:51 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-10 16:23 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2009-01-09 15:57 . 2009-01-09 15:57 56 --sh--r- c:\windows\system32\515AAE214E.sys
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_11.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 09:25 . 2010-09-05 09:25 16384 c:\windows\temp\Perflib_Perfdata_214.dat
+ 2010-09-05 10:17 . 2010-09-05 10:17 50528 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut24_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut11_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\ARPPRODUCTICON.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 6412800 c:\windows\Installer\2f8086.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-08-30 2770760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [30.8.2010 23:25 2317128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - OODEFRAGAGENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 13:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
"OODEFRAG14.00.00.01PROFESSIONAL"="B8D74BA2DA3C6FAE8715602E530E17F347D6E7AF945E47E3457E74C4BC5FCA805DC761C21841BAEBDDA625BE0D069B97F583B45F0A1385C53338748D1426E25B0FEC3B685A8F36FC0DB2E78FDABAF601ED03FDBA9C137CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407BA7FD869164D6794BE222B09840AAAC70F43074A7DB8EEA0B1E2D6F43D920B82DF7C3EE4DBD88FA79B791820F908756521ECEA7ED70A7A19A843AA5A407EC722731B51D03D90F4E8AFA03E18A35F528227F970E0EAF1844E3F480646D43F71BCCCB592D4E5C3FB91B014C61730A814C24989DD40E77A8D60B5D0E953CFEFD38EE08AE2F2703EDC15E8140D291E817FF3497C2E4ED3330A115F020F7D5EB13072B91E5510CDD146073726A2BAC20CD103F9F90DA40B2FE14AA5BF5E23FC263C6AF238B0F5BF52DA230D144C9EC8ED3A8441EB5C3E3803EF188439770B00F51F9A3FE47253E019AFC5F06B810CABCF592E9B80B27ADE4A06A80CDAACDC0E4D794BE476C6B61B81CE727DFB6F9DBB5FC85B98AA571C55A5E65261D703A422DA586BB9FD14182E6DB74D60DAF5CF1ECF918ADA1F4B4943B3CA0B3B28B6538953C38A2ED5F1CE2F425A22DC63AA87CBD535DE1AD7BC91A79F5E6E678736BCE8EDB2DD4319A91A05661EDD4831550912AAA41FA09593E0D51141BD45732399B565143E0CA7BC99EB47DC920DA47280100DC6B64E58670B71B686DC49AF55863BF9C628B3275ED472D764F42AE3B2FBBC3D77B317E5074874443753FBC45683186F223E777EF4347E0976E0B0D8FAEBDE82064902C9F3B32DF0504C787B64F5BE8EECC228D91D844556C853C82F642914A5354FA9D0634DBDF54098706572A477A0E5202AAAA576D33B076FAAD739ECCD743B403D8EBF771B12EBABA85427BDDA773DE3F8A293A18A38CD78A5897C564F3FC4B902D8247A8F892B9DF7DE5DCF596697BC9FBC1D7E1D52305A1C3DE0E633DD6F7F4CC8648039A049AA4A61A2D035C30F81C0B3AD6A1213322284AF5085E429CEF989BD061A89A407B2227BBA97856B302B9107E4A7C5855002E760E57CA5FD6A3237D8403A45E298B8920E1B62343EFBD55B7B1759E83AF7D0661774FA8A3F3CD6EA8103B808ACA5E5C2C2EE50809FE7C1F999CA8A7E480986B0DB7D12FBD2333CC960EED03EDAC98470829365FCF55C55DFAD3DA8DDC55CC28DFBBB38B5A0B35891E45AA12A4796866B7E9D0C91AE361992C6DA0534503B46D7081BC94B9614C60FC0CD2EE0508E7D9729530FF7B746B9ABBA4A547F8862F77C553B829EA79EC425E986DE4E59A9A36EB8AC1FBF065387D7A06231941305617F7E7207E94913374E1B767EADC7D5D37AA8DAD04A1094F757"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-09-05 13:10:09
ComboFix-quarantined-files.txt 2010-09-05 11:10
ComboFix2.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 25 620 258 816
Po spuštění: Volných bajtů: 25 637 814 272
- - End Of File - - A38BB15390595DBEE0A6802EC99872E8
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC zatuhává
Něco je určitě špatně. Řiďte se přesně podle popisu v odkazu a zkontrolujte skript, zda je správně a zda v něm není něco navíc (např. mezera).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: PC zatuhává
Dobrý den
Tak Avenger hlásí pořád stejnou chybu, opravdu nevím, co je špatně.
Přikládám znovu log z CF (zkoušel jsem smazání ještě jinou formou, ale nevím).
ComboFix 10-09-07.01 - Uživatel 07.09.2010 20:31:55.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.453 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\BITS
c:\documents and settings\Uživatel\Data aplikací\BITS\BITS.ini
c:\documents and settings\Uživatel\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\Uživatel\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\Uživatel\Data aplikací\BITS\UPnP.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-07 do 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-30 21:25 . 2010-08-30 21:25 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-08-30 21:23 . 2010-08-30 21:23 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-07 18:04 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 14:31 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 13:42 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-30 12:33 . 2003-04-16 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2010-06-14 07:43 . 2003-04-16 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_11.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-07 18:04 . 2010-09-07 18:04 16384 c:\windows\temp\Perflib_Perfdata_18c.dat
- 2006-11-07 20:03 . 2010-05-04 17:18 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-10-17 10:58 . 2010-06-24 12:19 63488 c:\windows\system32\icardie.dll
- 2006-10-17 10:58 . 2010-05-04 17:18 63488 c:\windows\system32\icardie.dll
+ 2009-01-09 13:23 . 2010-09-05 14:13 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-08-10 15:54 . 2010-08-10 15:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-08-10 15:54 . 2010-09-05 14:15 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-05 10:17 . 2010-09-05 10:17 50528 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut24_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-01-09 13:23 . 2010-09-05 14:13 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-04-16 12:00 . 2010-06-24 12:19 832512 c:\windows\system32\wininet.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 832512 c:\windows\system32\wininet.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 233472 c:\windows\system32\webcheck.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 233472 c:\windows\system32\webcheck.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 105984 c:\windows\system32\url.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 105984 c:\windows\system32\url.dll
+ 2003-04-16 12:00 . 2010-06-30 12:33 149504 c:\windows\system32\schannel.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 477696 c:\windows\system32\mshtmled.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 459264 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2010-05-04 17:18 459264 c:\windows\system32\msfeeds.dll
- 2006-10-17 10:57 . 2010-05-04 17:18 268288 c:\windows\system32\iertutil.dll
+ 2006-10-17 10:57 . 2010-06-24 12:19 268288 c:\windows\system32\iertutil.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 192512 c:\windows\system32\iepeers.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 192512 c:\windows\system32\iepeers.dll
+ 2006-10-17 10:27 . 2010-06-24 12:19 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 10:27 . 2010-05-04 17:18 380928 c:\windows\system32\ieapfltr.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 214528 c:\windows\system32\dxtrans.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 214528 c:\windows\system32\dxtrans.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 347136 c:\windows\system32\dxtmsft.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 347136 c:\windows\system32\dxtmsft.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 124928 c:\windows\system32\advpack.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 124928 c:\windows\system32\advpack.dll
- 2009-01-09 13:23 . 2010-08-30 18:36 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut11_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\ARPPRODUCTICON.exe
+ 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\a3dutility.exe
- 2003-04-16 12:00 . 2010-05-04 17:18 1168384 c:\windows\system32\urlmon.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 1168384 c:\windows\system32\urlmon.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 3600896 c:\windows\system32\mshtml.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 6067200 c:\windows\system32\ieframe.dll
- 2006-11-07 20:03 . 2010-05-04 17:18 6067200 c:\windows\system32\ieframe.dll
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\99184.msp
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\774dc3.msp
+ 2010-09-05 10:17 . 2010-09-05 10:17 6412800 c:\windows\Installer\2f8086.msi
+ 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-21 18:00 . 2009-12-21 18:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\99185.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\99183.msp
+ 2010-09-05 14:14 . 2010-09-05 14:14 20303872 c:\windows\Installer\774dce.msp
+ 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-08-30 2770760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [30.8.2010 23:25 2317128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 20:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
"OODEFRAG14.00.00.01PROFESSIONAL"="B8D74BA2DA3C6FAE8715602E530E17F347D6E7AF945E47E3457E74C4BC5FCA805DC761C21841BAEBDDA625BE0D069B97F583B45F0A1385C53338748D1426E25B0FEC3B685A8F36FC0DB2E78FDABAF601ED03FDBA9C137CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407BA7FD869164D6794BE222B09840AAAC70F43074A7DB8EEA0B1E2D6F43D920B82DF7C3EE4DBD88FA79B791820F908756521ECEA7ED70A7A19A843AA5A407EC722731B51D03D90F4E8AFA03E18A35F528227F970E0EAF1844E3F480646D43F71BCCCB592D4E5C3FB91B014C61730A814C24989DD40E77A8D60B5D0E953CFEFD38EE08AE2F2703EDC15E8140D291E817FF3497C2E4ED3330A115F020F7D5EB13072B91E5510CDD146073726A2BAC20CD103F9F90DA40B2FE14AA5BF5E23FC263C6AF238B0F5BF52DA230D144C9EC8ED3A8441EB5C3E3803EF188439770B00F51F9A3FE47253E019AFC5F06B810CABCF592E9B80B27ADE4A06A80CDAACDC0E4D794BE476C6B61B81CE727DFB6F9DBB5FC85B98AA571C55A5E65261D703A422DA586BB9FD14182E6DB74D60DAF5CF1ECF918ADA1F4B4943B3CA0B3B28B6538953C38A2ED5F1CE2F425A22DC63AA87CBD535DE1AD7BC91A79F5E6E678736BCE8EDB2DD4319A91A05661EDD4831550912AAA41FA09593E0D51141BD45732399B565143E0CA7BC99EB47DC920DA47280100DC6B64E58670B71B686DC49AF55863BF9C628B3275ED472D764F42AE3B2FBBC3D77B317E5074874443753FBC45683186F223E777EF4347E0976E0B0D8FAEBDE82064902C9F3B32DF0504C787B64F5BE8EECC228D91D844556C853C82F642914A5354FA9D0634DBDF54098706572A477A0E5202AAAA576D33B076FAAD739ECCD743B403D8EBF771B12EBABA85427BDDA773DE3F8A293A18A38CD78A5897C564F3FC4B902D8247A8F892B9DF7DE5DCF596697BC9FBC1D7E1D52305A1C3DE0E633DD6F7F4CC8648039A049AA4A61A2D035C30F81C0B3AD6A1213322284AF5085E429CEF989BD061A89A407B2227BBA97856B302B9107E4A7C5855002E760E57CA5FD6A3237D8403A45E298B8920E1B62343EFBD55B7B1759E83AF7D0661774FA8A3F3CD6EA8103B808ACA5E5C2C2EE50809FE7C1F999CA8A7E480986B0DB7D12FBD2333CC960EED03EDAC98470829365FCF55C55DFAD3DA8DDC55CC28DFBBB38B5A0B35891E45AA12A4796866B7E9D0C91AE361992C6DA0534503B46D7081BC94B9614C60FC0CD2EE0508E7D9729530FF7B746B9ABBA4A547F8862F77C553B829EA79EC425E986DE4E59A9A36EB8AC1FBF065387D7A06231941305617F7E7207E94913374E1B767EADC7D5D37AA8DAD04A1094F757"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-07 20:41:10
ComboFix-quarantined-files.txt 2010-09-07 18:41
ComboFix2.txt 2010-09-05 11:10
ComboFix3.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 25 602 932 736
Po spuštění: Volných bajtů: 25 621 970 944
- - End Of File - - 84527D480D21BDB3474717A46BE0EA09
Tak Avenger hlásí pořád stejnou chybu, opravdu nevím, co je špatně.
Přikládám znovu log z CF (zkoušel jsem smazání ještě jinou formou, ale nevím).
ComboFix 10-09-07.01 - Uživatel 07.09.2010 20:31:55.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.453 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\BITS
c:\documents and settings\Uživatel\Data aplikací\BITS\BITS.ini
c:\documents and settings\Uživatel\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\Uživatel\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\Uživatel\Data aplikací\BITS\UPnP.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-07 do 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-04 11:23 . 2010-09-04 11:23 390144 ----a-w- c:\windows\system32\CF13036.exe
2010-09-04 11:23 . 2010-09-04 11:22 390144 ----a-w- c:\windows\system32\CF12919.exe
2010-08-30 21:25 . 2010-08-30 21:25 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-08-30 21:23 . 2010-08-30 21:23 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-08-24 18:38 . 2010-08-24 18:38 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-24 18:35 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-08-24 18:34 . 2010-08-24 18:37 -------- d-----w- c:\program files\ATI Technologies
2010-08-24 18:33 . 2010-08-24 18:33 -------- d-----w- C:\ATI
2010-08-21 08:28 . 2010-08-30 16:32 -------- d-----w- c:\program files\VIA
2010-08-21 08:27 . 2010-08-21 08:27 -------- d-----w- c:\windows\OPTIONS
2010-08-21 08:27 . 1999-12-23 15:04 41852 ----a-w- c:\windows\system32\UpdDrv2K.exe
2010-08-21 08:27 . 1999-12-15 10:51 65173 ----a-w- c:\windows\system32\TDInst2K.exe
2010-08-21 08:26 . 2003-04-23 12:16 61440 ----a-w- c:\windows\system\EL2k_CPP.dll
2010-08-21 08:21 . 2010-09-07 18:04 -------- d-----w- c:\program files\DNA
2010-08-16 17:17 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\winrm
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-10 16:02 . 2010-08-10 16:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-10 15:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 14:31 . 2009-01-10 10:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 13:42 . 2009-01-10 11:57 -------- d-----w- c:\program files\Spyware Terminator
2010-09-02 16:43 . 2003-04-16 12:00 500412 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 16:43 . 2003-04-16 12:00 103628 ----a-w- c:\windows\system32\perfc005.dat
2010-08-30 18:49 . 2009-01-09 13:22 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 18:35 . 2009-01-07 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 18:35 . 2009-01-07 20:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-24 18:31 . 2009-12-12 12:35 10096 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 17:08 . 2009-01-07 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 16:23 . 2010-03-16 19:18 -------- d-----w- c:\program files\Defraggler
2010-08-09 15:55 . 2009-01-09 18:45 -------- d-----w- c:\program files\CCleaner
2010-08-08 08:08 . 2009-09-07 18:15 -------- d-----w- c:\program files\IKEA HomePlanner
2010-08-01 18:16 . 2009-12-11 16:00 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-28 12:56 . 2010-07-28 12:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 12:56 . 2010-05-13 14:46 -------- d-----w- c:\program files\Java
2010-07-17 03:00 . 2010-05-13 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2010-06-30 12:33 149504 ----a-w- c:\windows\system32\SET220.tmp
2010-06-30 12:33 . 2003-04-16 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-03 09:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-01-09 16:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-01-09 16:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-01-09 16:08 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-01-09 16:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-01-09 16:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-01-09 16:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-01-09 16:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-01-09 16:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 09:02 . 2003-04-16 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-16 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 19:59 . 2010-06-17 19:59 2855 ----a-w- c:\windows\PIF\HL.PIF
2010-06-17 14:03 . 2003-04-16 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-01-07 19:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:43 . 2010-06-14 07:43 1172480 ----a-w- c:\windows\system32\SET19C.tmp
2010-06-14 07:43 . 2003-04-16 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-07-25 08:31 . 2009-06-13 13:48 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
2010-03-11 16:47 . 2009-01-09 15:57 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_11.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-07 18:04 . 2010-09-07 18:04 16384 c:\windows\temp\Perflib_Perfdata_18c.dat
- 2006-11-07 20:03 . 2010-05-04 17:18 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-10-17 10:58 . 2010-06-24 12:19 63488 c:\windows\system32\icardie.dll
- 2006-10-17 10:58 . 2010-05-04 17:18 63488 c:\windows\system32\icardie.dll
+ 2009-01-09 13:23 . 2010-09-05 14:13 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-08-10 15:54 . 2010-08-10 15:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-08-10 15:54 . 2010-09-05 14:15 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-05 10:17 . 2010-09-05 10:17 50528 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut24_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-01-09 13:23 . 2010-09-05 14:13 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-04-16 12:00 . 2010-06-24 12:19 832512 c:\windows\system32\wininet.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 832512 c:\windows\system32\wininet.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 233472 c:\windows\system32\webcheck.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 233472 c:\windows\system32\webcheck.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 105984 c:\windows\system32\url.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 105984 c:\windows\system32\url.dll
+ 2003-04-16 12:00 . 2010-06-30 12:33 149504 c:\windows\system32\schannel.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 477696 c:\windows\system32\mshtmled.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 459264 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2010-05-04 17:18 459264 c:\windows\system32\msfeeds.dll
- 2006-10-17 10:57 . 2010-05-04 17:18 268288 c:\windows\system32\iertutil.dll
+ 2006-10-17 10:57 . 2010-06-24 12:19 268288 c:\windows\system32\iertutil.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 192512 c:\windows\system32\iepeers.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 192512 c:\windows\system32\iepeers.dll
+ 2006-10-17 10:27 . 2010-06-24 12:19 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 10:27 . 2010-05-04 17:18 380928 c:\windows\system32\ieapfltr.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 214528 c:\windows\system32\dxtrans.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 214528 c:\windows\system32\dxtrans.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 347136 c:\windows\system32\dxtmsft.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 347136 c:\windows\system32\dxtmsft.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 124928 c:\windows\system32\advpack.dll
- 2003-04-16 12:00 . 2010-05-04 17:18 124928 c:\windows\system32\advpack.dll
- 2009-01-09 13:23 . 2010-08-30 18:36 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-09 13:23 . 2010-08-30 18:36 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-09 13:23 . 2010-09-05 14:13 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut11_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2010-09-05 10:17 . 2010-09-05 10:17 341344 c:\windows\Installer\{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}\ARPPRODUCTICON.exe
+ 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\a3dutility.exe
- 2003-04-16 12:00 . 2010-05-04 17:18 1168384 c:\windows\system32\urlmon.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 1168384 c:\windows\system32\urlmon.dll
+ 2003-04-16 12:00 . 2010-06-24 12:19 3600896 c:\windows\system32\mshtml.dll
+ 2006-11-07 20:03 . 2010-06-24 12:19 6067200 c:\windows\system32\ieframe.dll
- 2006-11-07 20:03 . 2010-05-04 17:18 6067200 c:\windows\system32\ieframe.dll
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\99184.msp
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\774dc3.msp
+ 2010-09-05 10:17 . 2010-09-05 10:17 6412800 c:\windows\Installer\2f8086.msi
+ 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-21 18:00 . 2009-12-21 18:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\99185.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\99183.msp
+ 2010-09-05 14:14 . 2010-09-05 14:14 20303872 c:\windows\Installer\774dce.msp
+ 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-08-21 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-09 282624]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-08-30 2770760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.1.2009 22:17 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2009 18:08 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.1.2009 13:57 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2009 18:08 17744]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [30.8.2010 23:25 2317128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9def9b3133c18;Služba Google Update (gupdate1c9def9b3133c18);c:\program files\Google\Update\GoogleUpdate.exe [27.5.2009 20:33 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8.6.2010 13:28 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8.6.2010 13:28 8320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [16.4.2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 18:32]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 18:33]
2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{1FD32E00-427E-4A2B-8202-2383AE178BE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\p0t5w4wl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 20:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="F4C2E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140752FB71FB8F1D3519E8C64AA8CFE2DE93DF5095FA6DA97FC79D2F2B1DDBCFE0B2A4FCEC6F79BF365A68495D32106A2AC1F6A795C329DF286B723EF8E5A9E08668D771C51CC399FC001997F115BC55E3E006C158A672D5CB60808FB054C82EE1CF8C18626C4F2EA25FA1DE1BB447E5638D56DCBEA0F2B29EAD5913239E38DB20F7B8321E6F8D43752D7AD35F1839A233C687BE1D52E85B093C5E3E111E0CD2A7D3238549D986E2F506722CBCEBAF5711F00BAEBC80A47D25D7C889B1D169C010386ADCA57F555BD9E92A22227F59146FD5A9775B158B89C23424712EDA0A9727E07E83EA5CAA408A3C18F474C67B2976A1FBE8299B96B2656550F6A3FE3C0B6C6A234CC211C764264387660A5AEE31FE6372D74B46D3F1C5E5009E2528E29514DAF30DCD5E05E4FDAB923EB0761F8597914F995C68E3834E913C71B9E4F4F20815DA201FAC4D1F1783AE4629F88CC58483A90CE67C7CE61F2B61FA59E77AA562641AE13C05A034AB4020CD2567CAD3BA74EA0E6D1E67DF8A589DCCF2841372F57746B42198110C28B700A7CDE904D8E4865383E48F00781AA0747B6936F26247E0487EBC39C7503025BCA9BE4B723E61BD75D236353A7A87F2BF9F919B5D418D18DBA772DCFDED17A7982E887C66B44402B769BD96197843A0A9D4B574ACA236F4939E19200417E7C429152F8FC5AD522055B5CD6236C3705E32BD9429515AE037D2D4FA41BC435FE1D6C02A3F88E18748DC2CA9E840776645AD7EDF424C81E2025241D8A21FAC6F4BE11765E5B94C110F30438C1FF7EDB1D4C33E3CEDB4F5C45A1F5BE2CBB850BD30D98342027A2B526C0778A11EB14790ECEF2B46FCB3D8422C1BA24367A571A2A4A5F4943AFE82E03D6C4A0B22576877D181F40A67078E4C45F89792441B94AC9EFE5DA2D48F9888C1BE3CDC8DE5790D2F1D510AC583BF885744C0E1D5DF069DF9F3B2A93E0879C61EB0D6A063EF66AD91BA77BB568DDACE785727B233CED26A7664F0D906D9734F5CC82454CC185FE96A25250B7A9F91AA25E2D8FB1558CCBCB888965660081A076662B567981BD7028E7D9AD3B8C7D65DB9ED662ADC7E0A7245E8A5B825ABC4890F2C9D3F354309F0B7B61D6ABB29E5DBF950661B0D59669C8A63A58BD0708F2608A8F436B873EEDF8397F4914FF93A4E0B357322CA147D8055AA21500216D65D6C2FD697DCA04930F23D6E8666039610791F298663EDB319DAC3A478FC7340E63669E125FD549B73EB97DA7618A37FB33162AA83C4BA2D923208C56FAA6D322D48D6BA941BAAAF72B7E90E829CCFBD7D85A61EC680DF564ED6A5998E9503"
"OODEFRAG14.00.00.01PROFESSIONAL"="B8D74BA2DA3C6FAE8715602E530E17F347D6E7AF945E47E3457E74C4BC5FCA805DC761C21841BAEBDDA625BE0D069B97F583B45F0A1385C53338748D1426E25B0FEC3B685A8F36FC0DB2E78FDABAF601ED03FDBA9C137CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407BA7FD869164D6794BE222B09840AAAC70F43074A7DB8EEA0B1E2D6F43D920B82DF7C3EE4DBD88FA79B791820F908756521ECEA7ED70A7A19A843AA5A407EC722731B51D03D90F4E8AFA03E18A35F528227F970E0EAF1844E3F480646D43F71BCCCB592D4E5C3FB91B014C61730A814C24989DD40E77A8D60B5D0E953CFEFD38EE08AE2F2703EDC15E8140D291E817FF3497C2E4ED3330A115F020F7D5EB13072B91E5510CDD146073726A2BAC20CD103F9F90DA40B2FE14AA5BF5E23FC263C6AF238B0F5BF52DA230D144C9EC8ED3A8441EB5C3E3803EF188439770B00F51F9A3FE47253E019AFC5F06B810CABCF592E9B80B27ADE4A06A80CDAACDC0E4D794BE476C6B61B81CE727DFB6F9DBB5FC85B98AA571C55A5E65261D703A422DA586BB9FD14182E6DB74D60DAF5CF1ECF918ADA1F4B4943B3CA0B3B28B6538953C38A2ED5F1CE2F425A22DC63AA87CBD535DE1AD7BC91A79F5E6E678736BCE8EDB2DD4319A91A05661EDD4831550912AAA41FA09593E0D51141BD45732399B565143E0CA7BC99EB47DC920DA47280100DC6B64E58670B71B686DC49AF55863BF9C628B3275ED472D764F42AE3B2FBBC3D77B317E5074874443753FBC45683186F223E777EF4347E0976E0B0D8FAEBDE82064902C9F3B32DF0504C787B64F5BE8EECC228D91D844556C853C82F642914A5354FA9D0634DBDF54098706572A477A0E5202AAAA576D33B076FAAD739ECCD743B403D8EBF771B12EBABA85427BDDA773DE3F8A293A18A38CD78A5897C564F3FC4B902D8247A8F892B9DF7DE5DCF596697BC9FBC1D7E1D52305A1C3DE0E633DD6F7F4CC8648039A049AA4A61A2D035C30F81C0B3AD6A1213322284AF5085E429CEF989BD061A89A407B2227BBA97856B302B9107E4A7C5855002E760E57CA5FD6A3237D8403A45E298B8920E1B62343EFBD55B7B1759E83AF7D0661774FA8A3F3CD6EA8103B808ACA5E5C2C2EE50809FE7C1F999CA8A7E480986B0DB7D12FBD2333CC960EED03EDAC98470829365FCF55C55DFAD3DA8DDC55CC28DFBBB38B5A0B35891E45AA12A4796866B7E9D0C91AE361992C6DA0534503B46D7081BC94B9614C60FC0CD2EE0508E7D9729530FF7B746B9ABBA4A547F8862F77C553B829EA79EC425E986DE4E59A9A36EB8AC1FBF065387D7A06231941305617F7E7207E94913374E1B767EADC7D5D37AA8DAD04A1094F757"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-07 20:41:10
ComboFix-quarantined-files.txt 2010-09-07 18:41
ComboFix2.txt 2010-09-05 11:10
ComboFix3.txt 2010-09-04 11:44
Před spuštěním: Volných bajtů: 25 602 932 736
Po spuštění: Volných bajtů: 25 621 970 944
- - End Of File - - 84527D480D21BDB3474717A46BE0EA09
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC zatuhává
Soubor je pryč a mimoto byly smazány ještě další infekce. log je nyní čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: PC zatuhává
Díky moc,
Zatuhávání PC bylo vyřešeno ponechání frekvence RAM a zvýšením frekvence CPU - asi to spolu nějak nechtělo chodit na výchozí hodnoty - nevím proč, ale je po problému.
Jinak se mi po odstranění infekcí jeví PC o něco svižnější při otevírání aplikací atd.
(Jo jen tak mimochodem, pro odstranění toho souboru sys jsem použil killbox. Jestli to byl on, nebo to nakonec smazal CF nevím.)
Ještě jednou díky.
Zatuhávání PC bylo vyřešeno ponechání frekvence RAM a zvýšením frekvence CPU - asi to spolu nějak nechtělo chodit na výchozí hodnoty - nevím proč, ale je po problému.
Jinak se mi po odstranění infekcí jeví PC o něco svižnější při otevírání aplikací atd.
(Jo jen tak mimochodem, pro odstranění toho souboru sys jsem použil killbox. Jestli to byl on, nebo to nakonec smazal CF nevím.)
Ještě jednou díky.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC zatuhává
Některé komponenty se takto při přetaktování chovají. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?