Rozesílání spamů

[earl]

Do you want to restore the default HOSTS file?

Dejte Ano - tim se obnovi hodnoty v souboru HOST a pokud v nem je obsazena nejaka zavadna url adresa,tak bude odstranena.

Co to cislo te chyby?

[brkys]

tak počítač zatím nepadá.
log z OTL:
OTL logfile created on: 18.11.2010 17:13:57 - Run 4
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Kaska\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 183.29 Gb Total Space | 64.25 Gb Free Space | 35.05% Space Free | Partition Type: FAT32
Drive D: | 76.67 Gb Total Space | 57.10 Gb Free Space | 74.48% Space Free | Partition Type: FAT32

Computer Name: SERVER | User Name: Kaska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.11.18 16:53:02 | 000,124,216 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Kaska\Local Settings\Temp\520662E3-5C9705D1-15AEDCB5-C618FE94\718be1.exe
PRC - [2010.11.06 08:56:58 | 051,635,120 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\cureit.exe
PRC - [2010.10.29 07:44:02 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2010.10.23 17:26:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
PRC - [2010.10.11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.10.11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.10.06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010.10.06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010.10.06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010.10.06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010.09.27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010.09.27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010.09.20 19:52:38 | 005,352,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe
PRC - [2010.09.20 19:52:36 | 000,505,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe
PRC - [2010.09.15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010.09.10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010.09.07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010.09.07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.05.31 11:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010.05.31 11:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008.04.14 05:22:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.11 03:06:00 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.04.13 22:36:10 | 000,307,200 | ---- | M] () -- C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
PRC - [2002.10.17 16:26:36 | 000,532,541 | ---- | M] () -- C:\Program Files\WinRoute Pro\winroute.exe
PRC - [2001.11.06 18:09:00 | 000,053,248 | ---- | M] () -- C:\Program Files\WinRoute Pro\WrCtrl.exe


========== Modules (SafeList) ==========

MOD - [2010.10.23 17:26:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
MOD - [2010.08.23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- C:\windows\System32\hasplms.exe -- (hasplms)
SRV - [2010.10.11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.10.06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.09.27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.09.27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.09.20 19:52:38 | 005,352,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe -- (AvgAdminServer)
SRV - [2010.09.10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.05.31 11:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008.04.14 05:21:54 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007.11.19 17:25:52 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006.04.13 22:36:10 | 000,307,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe -- (Transoft Solutions License Server V1.4)
SRV - [2002.10.17 16:26:36 | 000,532,541 | ---- | M] () [Auto | Running] -- C:\Program Files\WinRoute Pro\winroute.exe -- (WinRoute)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.11.03 12:40:50 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010.09.27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.09.13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010.09.07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010.09.07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010.09.07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.09.07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010.09.02 07:15:04 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010.08.19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010.08.19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010.08.19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010.05.31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010.05.31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010.02.11 14:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.04.13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.03.07 12:33:46 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.07.23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005.12.27 14:17:12 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005.08.04 05:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.05.25 16:55:58 | 003,134,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.03.09 10:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004.11.26 07:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002.10.08 09:09:26 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- C:\windows\system32\drivers\wrdrv.sys -- (WRDRV)
DRV - [2002.04.11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001.08.17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.09.29 12:41:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.09.02 11:45:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgAdminServerMonitor] C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe ()
O4 - Startup: C:\Documents and Settings\Kaska\Nabídka Start\Programy\Po spuštění\Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0914300968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\windows\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kaska\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kaska\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.05 08:00:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.03.05 15:25:38 | 000,000,000 | ---D | M] - D:\Autoturn -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========


========== Files - Modified Within 7 Days ==========

[2010.11.18 09:31:40 | 000,012,058 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\Mozne reseni problematiky nehodovosti D1.docx
[2010.11.18 06:59:58 | 000,000,386 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job
[2010.11.18 06:58:28 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010.11.18 06:56:34 | 000,000,416 | ---- | M] () -- C:\windows\tasks\PCConfidential.job
[2010.11.18 06:56:22 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010.11.18 06:56:14 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.16 14:24:44 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.16 08:30:48 | 000,062,400 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\TB_výsadba stromů.dwg

========== Files Created - No Company Name ==========

[2010.11.18 09:31:42 | 000,012,058 | ---- | C] () -- C:\Documents and Settings\Kaska\Plocha\Mozne reseni problematiky nehodovosti D1.docx
[2010.11.16 08:32:07 | 000,062,400 | ---- | C] () -- C:\Documents and Settings\Kaska\Plocha\TB_výsadba stromů.dwg
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2008.12.18 14:53:24 | 000,000,000 | ---- | C] () -- C:\windows\OODCNT.INI
[2008.11.11 08:33:16 | 000,001,056 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2008.08.20 12:45:27 | 000,176,128 | ---- | C] () -- C:\windows\System32\~global.dll
[2008.01.21 12:19:37 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.21 10:38:42 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\fusioncache.dat
[2006.06.16 16:50:14 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.02.07 19:42:22 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2006.02.06 11:51:04 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2006.01.30 12:32:19 | 000,000,310 | ---- | C] () -- C:\windows\WINCMD.INI
[2005.12.27 18:42:20 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2005.12.27 14:35:29 | 030,604,794 | ---- | C] () -- C:\Program Files\Roadpac ze Server 12-05.zip
[2005.12.27 14:17:10 | 000,000,383 | ---- | C] () -- C:\windows\System32\haspdos.sys
[2005.12.22 17:08:09 | 000,001,125 | ---- | C] () -- C:\windows\winamp.ini
[2005.12.22 16:05:23 | 000,000,327 | ---- | C] () -- C:\windows\SWWATER.INI
[2005.12.22 13:39:41 | 000,064,000 | ---- | C] () -- C:\windows\System32\drivers\wrdrv.sys
[2005.12.22 09:46:57 | 000,000,390 | ---- | C] () -- C:\windows\ODBC.INI
[2005.12.05 12:24:00 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005.12.05 11:44:11 | 000,156,672 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2005.12.05 07:56:11 | 000,004,249 | ---- | C] () -- C:\windows\ODBCINST.INI
[2004.08.13 03:56:20 | 000,005,810 | ---- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002.04.11 11:47:52 | 000,049,152 | ---- | C] () -- C:\windows\System32\msmscoin.dll
[1980.01.01 00:00:00 | 000,014,060 | ---- | C] () -- C:\windows\System32\OEMINFO.INI

< End of report >

[earl]

:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu

C:\windows\System32\~global.dll

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Jinak se chova pc ok?

[brkys]

Občas po zapnutí počítače vyskočí tabulka PC Confidental a cosi se testuje. na ploše mám ikonu Shredder, která nejde smazat a nevím kde se vzala. jinak bych řek že PC běží normálně.
Díky za pomoc



AhnLab-V3 2010.11.21.01 2010.11.21 -
AntiVir 7.10.14.56 2010.11.21 -
Antiy-AVL 2.0.3.7 2010.11.22 -
Avast 4.8.1351.0 2010.11.21 -
Avast5 5.0.594.0 2010.11.21 -
AVG 9.0.0.851 2010.11.21 -
BitDefender 7.2 2010.11.22 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.21 -
Command 5.2.11.5 2010.11.21 -
Comodo 6802 2010.11.22 -
DrWeb 5.0.2.03300 2010.11.22 -
eSafe 7.0.17.0 2010.11.21 -
eTrust-Vet 36.1.7989 2010.11.20 -
F-Prot 4.6.2.117 2010.11.21 -
F-Secure 9.0.16160.0 2010.11.22 -
Fortinet 4.2.254.0 2010.11.20 -
GData 21 2010.11.22 -
Ikarus T3.1.1.90.0 2010.11.22 -
Jiangmin 13.0.900 2010.11.20 -
K7AntiVirus 9.68.3041 2010.11.20 -
Kaspersky 7.0.0.125 2010.11.22 -
McAfee 5.400.0.1158 2010.11.22 -
McAfee-GW-Edition 2010.1C 2010.11.22 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6402 2010.11.22 -
NOD32 5637 2010.11.21 -
Norman 6.06.10 2010.11.21 -
nProtect 2010-11-22.01 2010.11.22 -
Panda 10.0.2.7 2010.11.21 -
PCTools 7.0.3.5 2010.11.22 -
Prevx 3.0 2010.11.22 -
Rising 22.74.05.01 2010.11.21 -
Sophos 4.59.0 2010.11.22 -
SUPERAntiSpyware 4.40.0.1006 2010.11.22 -
Symantec 20101.2.0.161 2010.11.22 -
TheHacker 6.7.0.1.087 2010.11.20 -
TrendMicro 9.120.0.1004 2010.11.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.22 -
VBA32 3.12.14.2 2010.11.19 -
VIPRE 7376 2010.11.22 W32.Gruel@mm (fs)
ViRobot 2010.11.20.4158 2010.11.22 -
VirusBuster 13.6.52.1 2010.11.21 -

[brkys]

Výsledky
2010-11-22 Žádný nález 2010-11-22 Žádný nález
2010-11-21 Žádný nález 2010-11-22 Žádný nález
2010-11-21 Žádný nález 2010-11-22 Žádný nález
2010-11-21 Žádný nález 2010-11-21 Žádný nález
2010-11-22 Žádný nález 2010-11-21 Žádný nález
2010-11-21 Žádný nález 2010-11-22 Žádný nález
2010-11-21 Žádný nález 2010-11-22 Žádný nález
2010-11-22 Žádný nález 2010-11-19 Žádný nález
2010-11-21 Žádný nález 2010-11-21 Žádný nález
2010-11-22 Žádný nález

[earl]

PC Confidental odinstalujte.

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

V operacnich systemech Windows Vista a Windows 7 je nutno spoustet aplikaci jako spravce (kliknutim pravym tlacitkem mysi na ikonu ComboFixu a klepnutim levym na volbu "Spustit jako spravce")

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem