Prosím o kontrolu, NTB Windows 7 32bit HP, nevidí okolní počítače, zpomalil práci, mám podezření na napadení.
Díky.
Logfile of random's system information tool 1.08 (written by random/random)
Run by markulka at 2010-09-24 11:27:03
Microsoft Windows 7 Home Premium
System drive C: has 242 GB (84%) free of 288 GB
Total RAM: 3066 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:06, on 24.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\markulka\Downloads\RSIT.exe
C:\Program Files\trend micro\markulka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = daril.local
O17 - HKLM\Software\..\Telephony: DomainName = daril.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = daril.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = daril.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DWSPZJQI - Sysinternals - www.sysinternals.com - C:\Users\markulka\AppData\Local\Temp\DWSPZJQI.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8837 bytes
======Scheduled tasks folder======
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-21 1619296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-12 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-21 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-12 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-28 288312]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-22 2065760]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-03 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2010-06-13 655672]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-09-24 11:12:32 ----D---- C:\Users\markulka\AppData\Roaming\GHISLER
2010-09-24 11:12:32 ----D---- C:\totalcmd
2010-09-24 11:12:32 ----A---- C:\windows\UC.PIF
2010-09-24 11:12:32 ----A---- C:\windows\RAR.PIF
2010-09-24 11:12:32 ----A---- C:\windows\PKZIP.PIF
2010-09-24 11:12:32 ----A---- C:\windows\PKUNZIP.PIF
2010-09-24 11:12:32 ----A---- C:\windows\NOCLOSE.PIF
2010-09-24 11:12:32 ----A---- C:\windows\LHA.PIF
2010-09-24 11:12:32 ----A---- C:\windows\ARJ.PIF
2010-09-24 11:05:22 ----D---- C:\ProgramData\Norton
2010-09-24 11:05:22 ----A---- C:\windows\system32\drivers\SymSMR130.SYS
2010-09-23 21:29:49 ----A---- C:\RootkitRevealer.exe
2010-09-23 20:59:10 ----D---- C:\rsit
2010-09-23 20:59:10 ----D---- C:\Program Files\trend micro
2010-09-23 20:16:38 ----SHD---- C:\$RECYCLE.BIN
2010-09-23 20:16:31 ----D---- C:\windows\temp
2010-09-23 19:22:01 ----RD---- C:\Program Files\Skype
2010-09-23 19:22:01 ----D---- C:\Program Files\Common Files\Skype
2010-09-23 19:18:17 ----D---- C:\Users\markulka\AppData\Roaming\Skype
2010-09-23 16:54:02 ----D---- C:\Program Files\Common Files\Adobe
2010-09-23 16:54:02 ----D---- C:\Program Files\Adobe
2010-09-23 16:53:41 ----D---- C:\Config.Msi
2010-09-23 13:52:26 ----A---- C:\windows\system32\iertutil.dll
2010-09-23 13:28:12 ----A---- C:\windows\system32\CNMLM9Z.DLL
2010-09-23 13:24:25 ----A---- C:\windows\system32\drivers\sffp_sd.sys
2010-09-23 13:02:51 ----D---- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 12:22:42 ----D---- C:\Program Files\CCleaner
2010-09-15 17:42:19 ----A---- C:\windows\system32\spoolsv.exe
2010-09-02 13:30:45 ----D---- C:\Users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 13:30:06 ----AD---- C:\ProgramData\TEMP
2010-09-02 13:29:55 ----D---- C:\Program Files\Common Files\Oberon Media
2010-09-02 13:29:30 ----D---- C:\Program Files\Gamesgames.com
2010-08-25 08:31:21 ----A---- C:\windows\system32\oleaut32.dll
======List of files/folders modified in the last 1 months======
2010-09-24 11:12:54 ----D---- C:\windows\Prefetch
2010-09-24 11:12:32 ----D---- C:\Windows
2010-09-24 11:08:27 ----D---- C:\windows\System32
2010-09-24 11:08:27 ----D---- C:\windows\inf
2010-09-24 11:08:27 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-09-24 11:05:43 ----D---- C:\windows\system32\drivers
2010-09-24 11:05:22 ----D---- C:\ProgramData
2010-09-24 11:04:46 ----A---- C:\ProgramData\HPWALog.txt
2010-09-24 11:02:53 ----D---- C:\windows\system32\NDF
2010-09-24 10:58:18 ----SHD---- C:\System Volume Information
2010-09-24 10:57:27 ----D---- C:\windows\system32\config
2010-09-24 10:46:40 ----D---- C:\windows\system32\drivers\Avg
2010-09-24 10:43:41 ----D---- C:\ProgramData\PDFC
2010-09-23 21:32:07 ----D---- C:\windows\system32\catroot2
2010-09-23 21:05:05 ----D---- C:\Users\markulka\AppData\Roaming\BitTorrent
2010-09-23 20:59:10 ----RD---- C:\Program Files
2010-09-23 20:42:38 ----SHD---- C:\windows\Installer
2010-09-23 20:42:37 ----D---- C:\Program Files\Common Files\microsoft shared
2010-09-23 20:41:58 ----D---- C:\windows\debug
2010-09-23 20:13:39 ----A---- C:\windows\system.ini
2010-09-23 20:13:21 ----D---- C:\windows\system32\drivers\etc
2010-09-23 20:10:46 ----D---- C:\windows\AppPatch
2010-09-23 20:10:45 ----D---- C:\Program Files\Common Files
2010-09-23 19:22:05 ----D---- C:\windows\system32\Tasks
2010-09-23 19:22:01 ----D---- C:\ProgramData\Skype
2010-09-23 19:06:27 ----D---- C:\ProgramData\Adobe
2010-09-23 17:04:27 ----D---- C:\windows\winsxs
2010-09-23 16:53:37 ----D---- C:\windows\Downloaded Program Files
2010-09-23 15:08:53 ----D---- C:\windows\Microsoft.NET
2010-09-23 15:08:52 ----RSD---- C:\windows\assembly
2010-09-23 13:52:30 ----D---- C:\windows\system32\catroot
2010-09-23 13:52:11 ----D---- C:\windows\SoftwareDistribution
2010-09-23 13:41:22 ----D---- C:\Users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 13:29:10 ----D---- C:\windows\system32\DriverStore
2010-09-23 13:27:53 ----D---- C:\windows\system32\cs-CZ
2010-09-23 13:24:53 ----D---- C:\windows\system32\en-US
2010-09-23 13:24:52 ----D---- C:\Program Files\Microsoft.NET
2010-09-23 13:07:45 ----D---- C:\ProgramData\Hewlett-Packard
2010-09-23 13:07:45 ----D---- C:\Program Files\Hewlett-Packard
2010-09-23 13:07:41 ----D---- C:\windows\Help
2010-09-23 13:05:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-23 13:02:07 ----D---- C:\swsetup
2010-09-23 12:08:18 ----SD---- C:\ProgramData\Microsoft
2010-09-22 20:14:03 ----D---- C:\Program Files\Google
2010-09-15 22:52:16 ----D---- C:\ProgramData\Microsoft Help
2010-09-15 22:50:55 ----A---- C:\windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
R0 AvgRkx86;avgrkx86.sys; C:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2010-06-05 29584]
R1 AvgTdiX;AVG Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 SymSMR130;SMR Utility Service 1.3.0; \??\C:\windows\System32\drivers\SymSMR130.SYS [2010-09-24 63536]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 5U876UVC;HP Webcam [2 MP series]; C:\windows\system32\DRIVERS\5U876.sys [2009-06-30 118656]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-08-04 4994048]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-01-11 2506232]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\windows\system32\agrsmsvc.exe [2007-09-26 12800]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-08-04 176128]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R2 yksvc;Marvell Yukon Service; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2010-05-14 230968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S3 DWSPZJQI;DWSPZJQI; C:\Users\markulka\AppData\Local\Temp\DWSPZJQI.exe [2010-09-23 465792]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-03 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win 7 32b nevidí okolní počítače+ zpomalení
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Jednu otázku: Toto je firemní, či domácí PC?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Domácí notebook.
Ve skupině DOMA jsou ještě 2 PC XP a ty nevidí i kdybych se rozkrájel, prošel jsem všechna doporučení od MS a nic.
Ve skupině DOMA jsou ještě 2 PC XP a ty nevidí i kdybych se rozkrájel, prošel jsem všechna doporučení od MS a nic.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
OK. Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
ComboFix 10-09-23.01 - markulka 24.09.2010 17:35:52.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2330 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 15:36 41042 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 15:36 64348 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 15:36 12908 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
+ 2010-01-12 16:32 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 15:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 15:33 . 2010-09-24 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 15:33 . 2010-09-24 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:03 . 2010-09-24 14:24 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 BJODADC;BJODADC;c:\users\markulka\AppData\Local\Temp\BJODADC.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DWSPZJQI;DWSPZJQI;c:\users\markulka\AppData\Local\Temp\DWSPZJQI.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C1E000]<< >>UNKNOWN [0x84200000]<< >>UNKNOWN [0x8D5E3000]<< >>UNKNOWN [0x8D608000]<< >>UNKNOWN [0x8402E000]<< >>UNKNOWN [0x8CB15000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 17:43:34
ComboFix-quarantined-files.txt 2010-09-24 15:43
ComboFix2.txt 2010-09-24 14:19
Před spuštěním: Volných bajtů: 252 857 790 464
Po spuštění: Volných bajtů: 252 797 243 392
- - End Of File - - 11F36C1164FBF71B2ECF53DAE5B3E460
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2330 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 15:41 . 2010-09-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 15:36 41042 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 15:36 64348 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 15:36 12908 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
+ 2010-01-12 16:32 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 15:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 15:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 15:33 . 2010-09-24 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 15:33 . 2010-09-24 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:03 . 2010-09-24 14:24 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 BJODADC;BJODADC;c:\users\markulka\AppData\Local\Temp\BJODADC.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DWSPZJQI;DWSPZJQI;c:\users\markulka\AppData\Local\Temp\DWSPZJQI.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C1E000]<< >>UNKNOWN [0x84200000]<< >>UNKNOWN [0x8D5E3000]<< >>UNKNOWN [0x8D608000]<< >>UNKNOWN [0x8402E000]<< >>UNKNOWN [0x8CB15000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 17:43:34
ComboFix-quarantined-files.txt 2010-09-24 15:43
ComboFix2.txt 2010-09-24 14:19
Před spuštěním: Volných bajtů: 252 857 790 464
Po spuštění: Volných bajtů: 252 797 243 392
- - End Of File - - 11F36C1164FBF71B2ECF53DAE5B3E460
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Otevřte poznámkový blok a zkopírujte do něj:
Dále stáhněte DelDomains: http://www.arcisit.wz.cz/DelDomains.rar . Rozbalte na plochu. Pak kliněte pravým myšítkem na soubor s příponou *.inf a dejte instalovat.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\users\markulka\AppData\Local\Temp\BJODADC.exe
c:\users\markulka\AppData\Local\Temp\DWSPZJQI.exe
Driver::
BJODADC
DWSPZJQI
Dále stáhněte DelDomains: http://www.arcisit.wz.cz/DelDomains.rar . Rozbalte na plochu. Pak kliněte pravým myšítkem na soubor s příponou *.inf a dejte instalovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Provedeno.
Combofix ale hlásí stále " Combofix detekoval přítomnost rootkitu a vyžaduje restart"
zde je log:
ComboFix 10-09-23.01 - markulka 24.09.2010 20:06:00.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2256 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 18:06 41488 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 18:06 64580 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 18:06 13308 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 18:00 . 2010-09-24 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 18:00 . 2010-09-24 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:03 . 2010-09-24 17:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C04000]<< >>UNKNOWN [0x84200000]<< >>UNKNOWN [0x8D849000]<< >>UNKNOWN [0x8D419000]<< >>UNKNOWN [0x84014000]<< >>UNKNOWN [0x8CAE7000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x49706e50
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 20:13:05
ComboFix-quarantined-files.txt 2010-09-24 18:13
ComboFix2.txt 2010-09-24 17:40
ComboFix3.txt 2010-09-24 17:23
ComboFix4.txt 2010-09-24 15:43
ComboFix5.txt 2010-09-24 17:57
Před spuštěním: Volných bajtů: 252 357 058 560
Po spuštění: Volných bajtů: 252 296 912 896
- - End Of File - - C55791687EFDFFDF57F614348A061034
Combofix ale hlásí stále " Combofix detekoval přítomnost rootkitu a vyžaduje restart"
zde je log:
ComboFix 10-09-23.01 - markulka 24.09.2010 20:06:00.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2256 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 18:11 . 2010-09-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 18:06 41488 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 18:06 64580 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 18:06 13308 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-12 11:27 . 2010-09-24 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 18:00 . 2010-09-24 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 18:00 . 2010-09-24 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:03 . 2010-09-24 17:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C04000]<< >>UNKNOWN [0x84200000]<< >>UNKNOWN [0x8D849000]<< >>UNKNOWN [0x8D419000]<< >>UNKNOWN [0x84014000]<< >>UNKNOWN [0x8CAE7000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x49706e50
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 20:13:05
ComboFix-quarantined-files.txt 2010-09-24 18:13
ComboFix2.txt 2010-09-24 17:40
ComboFix3.txt 2010-09-24 17:23
ComboFix4.txt 2010-09-24 15:43
ComboFix5.txt 2010-09-24 17:57
Před spuštěním: Volných bajtů: 252 357 058 560
Po spuštění: Volných bajtů: 252 296 912 896
- - End Of File - - C55791687EFDFFDF57F614348A061034
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Stáhněte http://www2.gmer.net/mbr/mbr.exe a uložte ho do adresáře Windows . Pak z příkazové řádky spustte s parametrem -f:
pak restartujte PC a spustte mbr normálně dvouklikem a dejte sem log.mbr.exe -f
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Mělo by být vše OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Combofix stále hlásí přítomnost rootkitu
Jestli to není nějaký falešný poplach.
Jestli to není nějaký falešný poplach.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Ještě ten posledni log
ComboFix 10-09-23.01 - markulka 24.09.2010 21:29:42.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2330 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 19:30 41626 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 19:30 64588 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 18:06 13308 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
- 2010-01-12 01:54 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 01:54 . 2010-09-24 11:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 19:28 . 2010-09-24 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 19:28 . 2010-09-24 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-12 10:34 . 2010-09-24 18:49 628414 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:03 . 2010-09-24 19:07 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C48000]<< >>UNKNOWN [0x8CA13000]<< >>UNKNOWN [0x8D868000]<< >>UNKNOWN [0x8D600000]<< >>UNKNOWN [0x83C11000]<< >>UNKNOWN [0x8CB22000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x49706e50
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 21:37:06
ComboFix-quarantined-files.txt 2010-09-24 19:37
ComboFix2.txt 2010-09-24 18:13
ComboFix3.txt 2010-09-24 17:40
ComboFix4.txt 2010-09-24 17:23
ComboFix5.txt 2010-09-24 19:26
Před spuštěním: Volných bajtů: 252 118 282 240
Po spuštění: Volných bajtů: 252 050 079 744
- - End Of File - - 9DAB333E722F9E34A44C6746587F0072
ComboFix 10-09-23.01 - markulka 24.09.2010 21:29:42.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3066.2330 [GMT 2:00]
Spuštěný z: c:\users\markulka\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-24 do 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\markulka\AppData\Local\temp
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-24 19:35 . 2010-09-24 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-24 11:43 . 2010-09-24 11:43 -------- d-----w- c:\windows\Profiles
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- C:\totalcmd
2010-09-24 09:12 . 2010-09-24 09:12 -------- d-----w- c:\users\markulka\AppData\Roaming\GHISLER
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\UC.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-09-24 09:12 . 2009-09-09 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-09-24 09:05 . 2010-09-24 09:05 -------- d-----w- c:\programdata\Norton
2010-09-24 09:05 . 2010-09-24 09:09 -------- d-----w- c:\users\markulka\AppData\Local\NPE
2010-09-23 19:29 . 2006-11-01 11:07 334720 ----a-w- C:\RootkitRevealer.exe
2010-09-23 18:59 . 2010-09-24 09:27 -------- d-----w- c:\program files\trend micro
2010-09-23 18:59 . 2010-09-23 18:59 -------- d-----w- C:\rsit
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----w- c:\program files\Common Files\Skype
2010-09-23 17:22 . 2010-09-23 17:22 -------- d-----r- c:\program files\Skype
2010-09-23 17:18 . 2010-09-23 17:22 -------- d-----w- c:\users\markulka\AppData\Roaming\Skype
2010-09-23 14:54 . 2010-09-23 14:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 11:28 . 2010-04-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9Z.DLL
2010-09-23 11:28 . 2010-04-24 03:00 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2010-09-23 11:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-23 11:02 . 2010-09-23 11:02 -------- d-----w- c:\programdata\{8D274659-3D84-4410-A197-C170D180BC76}
2010-09-23 10:22 . 2010-09-23 10:22 -------- d-----w- c:\program files\CCleaner
2010-09-15 15:42 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-02 19:07 . 2007-03-22 10:46 126976 ----a-w- c:\users\markulka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-09-02 11:30 . 2010-09-02 11:34 -------- d-----w- c:\users\markulka\AppData\Roaming\Farm Mania 2
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-09-02 11:29 . 2010-09-02 11:29 -------- d-----w- c:\program files\Gamesgames.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 13:52 . 2009-09-20 07:54 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-24 13:52 . 2009-09-20 07:54 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 11:05 . 2010-02-03 18:49 -------- d-----w- c:\program files\Google
2010-09-24 09:58 . 2010-01-11 19:18 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-24 09:58 . 2010-01-11 19:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-24 09:58 . 2010-01-11 19:18 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-24 09:58 . 2010-01-11 19:18 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-24 09:58 . 2010-01-11 19:18 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-09-24 08:43 . 2009-09-20 07:18 -------- d-----w- c:\programdata\PDFC
2010-09-23 17:22 . 2010-01-11 19:20 -------- d-----w- c:\programdata\Skype
2010-09-23 11:41 . 2010-01-11 19:30 -------- d-----w- c:\users\markulka\AppData\Roaming\Hewlett-Packard
2010-09-23 11:28 . 2010-09-23 11:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-23 11:24 . 2010-02-27 10:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 13:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 13:01 . 2010-09-23 11:07 58936 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-06-30 06:25 . 2010-08-11 13:36 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_14.17.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-20 07:08 . 2010-09-24 19:30 41626 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-24 19:30 64588 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 19:13 . 2010-09-24 18:06 13308 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-992590450-2693233549-2948923143-1001_UserData.bin
- 2010-01-12 01:54 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 01:54 . 2010-09-24 18:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 01:54 . 2010-09-24 11:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-09-24 18:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-24 11:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 16:32 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 16:32 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-12 11:27 . 2010-09-24 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-12 11:27 . 2010-09-24 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 21:08 . 2010-09-24 14:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 21:08 . 2010-09-24 19:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 19:28 . 2010-09-24 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-24 14:10 . 2010-09-24 14:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 19:28 . 2010-09-24 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-12 10:34 . 2010-09-24 18:49 628414 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:03 . 2010-09-24 19:07 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-09-24 13:54 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-09-20 07:57 . 2010-09-24 11:51 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-20 07:57 . 2010-09-24 15:28 1909192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\markulka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_CZ&c=92&bd=all&pf=cmnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83C48000]<< >>UNKNOWN [0x8CA13000]<< >>UNKNOWN [0x8D868000]<< >>UNKNOWN [0x8D600000]<< >>UNKNOWN [0x83C11000]<< >>UNKNOWN [0x8CB22000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x49706e50
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:0000002e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-24 21:37:06
ComboFix-quarantined-files.txt 2010-09-24 19:37
ComboFix2.txt 2010-09-24 18:13
ComboFix3.txt 2010-09-24 17:40
ComboFix4.txt 2010-09-24 17:23
ComboFix5.txt 2010-09-24 19:26
Před spuštěním: Volných bajtů: 252 118 282 240
Po spuštění: Volných bajtů: 252 050 079 744
- - End Of File - - 9DAB333E722F9E34A44C6746587F0072
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Použijte GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win 7 32b nevidí okolní počítače+ zpomalení
LOG 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-24 22:50:32
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\markulka\AppData\Local\Temp\pxldqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
LOG 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 22:57:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\markulka\AppData\Local\Temp\pxldqpow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C13634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C13898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2C1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83C8B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CAFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93826000, 0x2D51CE, 0xE8000020]
.text peauth.sys 9CF4DC9D 28 Bytes [0F, 69, AC, 51, A9, 47, 60, ...]
.text peauth.sys 9CF4DCC1 28 Bytes [0F, 69, AC, 51, A9, 47, 60, ...]
PAGE peauth.sys 9CF53B9B 72 Bytes JMP 73A1B5C7
PAGE peauth.sys 9CF53BEC 111 Bytes [90, 86, 47, D7, 58, 3E, 79, ...]
PAGE peauth.sys 9CF5402C 102 Bytes [47, AE, E7, 90, 21, 1F, 55, ...]
? C:\Users\markulka\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
? C:\Users\markulka\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!UnhookWindowsHookEx 7780CC7B 5 Bytes JMP 6A33835E C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!CallNextHookEx 7780CC8F 5 Bytes JMP 6A319D5C C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!CreateWindowExW 77810E51 5 Bytes JMP 6A328157 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!SetWindowsHookExW 7781210A 5 Bytes JMP 6A2D4633 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxIndirectParamW 77834AA7 5 Bytes JMP 6A44F970 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxParamW 7783564A 5 Bytes JMP 6A244BA7 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxParamA 7784CF6A 5 Bytes JMP 6A44F90D C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxIndirectParamA 7784D29C 5 Bytes JMP 6A44F9D3 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxIndirectA 7785E8C9 5 Bytes JMP 6A44F8A2 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxIndirectW 7785E9C3 5 Bytes JMP 6A44F837 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxExA 7785EA29 5 Bytes JMP 6A44F7D5 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxExW 7785EA4D 5 Bytes JMP 6A44F773 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] ole32.dll!OleLoadFromStream 77D15B88 5 Bytes JMP 6A44FCCE C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] ole32.dll!CoCreateInstance 77D657FC 5 Bytes JMP 6A328C45 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!CreateWindowExW 77810E51 5 Bytes JMP 6A328157 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxIndirectParamW 77834AA7 5 Bytes JMP 6A44F970 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxParamW 7783564A 5 Bytes JMP 6A244BA7 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxParamA 7784CF6A 5 Bytes JMP 6A44F90D C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxIndirectParamA 7784D29C 5 Bytes JMP 6A44F9D3 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxIndirectA 7785E8C9 5 Bytes JMP 6A44F8A2 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxIndirectW 7785E9C3 5 Bytes JMP 6A44F837 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxExA 7785EA29 5 Bytes JMP 6A44F7D5 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxExW 7785EA4D 5 Bytes JMP 6A44F773 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI_HAL \Device\0000006e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271349c38f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271349c38f (not active ControlSet)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-24 22:50:32
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\markulka\AppData\Local\Temp\pxldqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
LOG 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 22:57:58
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\markulka\AppData\Local\Temp\pxldqpow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C13634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C13898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83C2C1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83C8B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CAFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93826000, 0x2D51CE, 0xE8000020]
.text peauth.sys 9CF4DC9D 28 Bytes [0F, 69, AC, 51, A9, 47, 60, ...]
.text peauth.sys 9CF4DCC1 28 Bytes [0F, 69, AC, 51, A9, 47, 60, ...]
PAGE peauth.sys 9CF53B9B 72 Bytes JMP 73A1B5C7
PAGE peauth.sys 9CF53BEC 111 Bytes [90, 86, 47, D7, 58, 3E, 79, ...]
PAGE peauth.sys 9CF5402C 102 Bytes [47, AE, E7, 90, 21, 1F, 55, ...]
? C:\Users\markulka\AppData\Local\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
? C:\Users\markulka\AppData\Local\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\windows\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!UnhookWindowsHookEx 7780CC7B 5 Bytes JMP 6A33835E C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!CallNextHookEx 7780CC8F 5 Bytes JMP 6A319D5C C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!CreateWindowExW 77810E51 5 Bytes JMP 6A328157 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!SetWindowsHookExW 7781210A 5 Bytes JMP 6A2D4633 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxIndirectParamW 77834AA7 5 Bytes JMP 6A44F970 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxParamW 7783564A 5 Bytes JMP 6A244BA7 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxParamA 7784CF6A 5 Bytes JMP 6A44F90D C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!DialogBoxIndirectParamA 7784D29C 5 Bytes JMP 6A44F9D3 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxIndirectA 7785E8C9 5 Bytes JMP 6A44F8A2 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxIndirectW 7785E9C3 5 Bytes JMP 6A44F837 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxExA 7785EA29 5 Bytes JMP 6A44F7D5 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] USER32.dll!MessageBoxExW 7785EA4D 5 Bytes JMP 6A44F773 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] ole32.dll!OleLoadFromStream 77D15B88 5 Bytes JMP 6A44FCCE C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[368] ole32.dll!CoCreateInstance 77D657FC 5 Bytes JMP 6A328C45 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!CreateWindowExW 77810E51 5 Bytes JMP 6A328157 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxIndirectParamW 77834AA7 5 Bytes JMP 6A44F970 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxParamW 7783564A 5 Bytes JMP 6A244BA7 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxParamA 7784CF6A 5 Bytes JMP 6A44F90D C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!DialogBoxIndirectParamA 7784D29C 5 Bytes JMP 6A44F9D3 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxIndirectA 7785E8C9 5 Bytes JMP 6A44F8A2 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxIndirectW 7785E9C3 5 Bytes JMP 6A44F837 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxExA 7785EA29 5 Bytes JMP 6A44F7D5 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1128] USER32.dll!MessageBoxExW 7785EA4D 5 Bytes JMP 6A44F773 C:\windows\system32\IEFRAME.dll (Internetový prohlížeč/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI_HAL \Device\0000006e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271349c38f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271349c38f (not active ControlSet)
---- EOF - GMER 1.0.15 ----
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win 7 32b nevidí okolní počítače+ zpomalení
Ani rootkit nemáte. Zkusíme ještě resetovat Trusted Zone. Stáhněte a rozbalte na plochu DelDomains: http://www.arcisit.wz.cz/DelDomains.rar . Klepněte pravým myšítkem na soubor s příponou *.inf a dejte instalovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?