Prosím o kontrolu logu,
od včerejška zpomalení internetu, dneska ráno se mi najednou začala ozývat muzika, ač nebylo nic spuštěného... AVG jsem odinstaloval dnes ráno, protože nešlo deaktivovat, dale jsem spustil combofix, ted bych potreboval zkontrolovat log
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-12-05 09:37:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 100 GB (33%) free of 305 GB
Total RAM: 2046 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:05, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 10036 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-06-01 848376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2010-06-01 848376]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"GBB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-07-12 356352]
"gemstrmw"=C:\WINDOWS\system32\gemstrmw.exe [2004-08-09 24576]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-11-28 2424560]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-01-15 16200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-12-14 531784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor Ver.5.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1.5\TRANSF~1\CAMERA~1.EXE [2008-09-24 253952]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-13 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoResolveTrack"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveTrack"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Zoner\AtlasObchod\DataExchange.exe"="C:\Program Files\Zoner\AtlasObchod\DataExchange.exe:*:Enabled:DataExchange"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-12-05 09:35:56 ----D---- C:\rsit
2010-12-05 09:35:56 ----D---- C:\Program Files\trend micro
2010-12-05 09:31:31 ----D---- C:\Program Files\Ultimate Process Manager
2010-12-05 09:30:19 ----A---- C:\log.txt
2010-12-05 09:24:42 ----A---- C:\ComboFix.txt
2010-12-05 09:14:39 ----D---- C:\ComboFix2
2010-12-05 08:39:06 ----A---- C:\Boot.bak
2010-12-05 08:39:01 ----RASHD---- C:\cmdcons
2010-12-05 08:34:55 ----A---- C:\WINDOWS\zip.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\SWSC.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\SWREG.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\sed.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\PEV.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\MBR.exe
2010-12-05 08:34:55 ----A---- C:\WINDOWS\grep.exe
2010-12-05 08:18:45 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-04 13:45:19 ----A---- C:\WINDOWS\Mgicyb.exe
2010-12-04 13:42:54 ----A---- C:\WINDOWS\Mgicya.exe
2010-12-02 12:59:07 ----D---- C:\Program Files\In The Money
2010-11-28 15:17:10 ----D---- C:\Program Files\Full Tilt Poker
2010-11-21 10:55:21 ----D---- C:\filmy
2010-11-18 16:24:45 ----D---- C:\Program Files\ddpoker3
2010-11-15 20:01:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-14 12:17:24 ----D---- C:\Documents and Settings\Admin\Data aplikací\LolClient
2010-11-14 12:11:26 ----D---- C:\Riot Games
2010-11-14 11:31:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2010-11-14 11:30:53 ----D---- C:\Program Files\Pando Networks
2010-11-13 11:03:39 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-11-13 11:03:38 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-11-13 11:03:38 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-11-13 11:03:37 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-11-13 11:03:37 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-11-13 11:03:37 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-11-13 11:03:36 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
======List of files/folders modified in the last 1 months======
2010-12-05 09:35:56 ----RD---- C:\Program Files
2010-12-05 09:24:43 ----AD---- C:\Qoobox
2010-12-05 09:23:35 ----AD---- C:\WINDOWS
2010-12-05 09:23:35 ----A---- C:\WINDOWS\system.ini
2010-12-05 09:22:04 ----D---- C:\WINDOWS\system32\drivers
2010-12-05 09:22:04 ----D---- C:\WINDOWS\system32
2010-12-05 09:22:04 ----D---- C:\WINDOWS\AppPatch
2010-12-05 09:22:01 ----D---- C:\Program Files\Common Files
2010-12-05 09:15:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-05 09:14:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-05 09:08:01 ----SD---- C:\WINDOWS\Tasks
2010-12-05 09:07:43 ----D---- C:\WINDOWS\ERDNT
2010-12-05 09:03:55 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-05 09:02:45 ----D---- C:\WINDOWS\Temp
2010-12-05 08:39:06 ----RASH---- C:\boot.ini
2010-12-05 08:37:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-05 08:34:46 ----D---- C:\ComboFix
2010-12-05 08:34:31 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2010-12-05 08:34:26 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2010-12-05 08:33:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-12-05 07:52:35 ----D---- C:\staženo
2010-12-05 07:50:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-05 07:44:37 ----D---- C:\Program Files\Google
2010-12-05 07:44:08 ----SHD---- C:\WINDOWS\Installer
2010-12-05 07:44:07 ----D---- C:\Config.Msi
2010-12-05 07:42:33 ----D---- C:\WINDOWS\Prefetch
2010-12-05 07:37:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-05 06:24:59 ----D---- C:\Documents and Settings\Admin\Data aplikací\Inbox Toolbar
2010-12-04 13:42:51 ----D---- C:\__scan
2010-12-02 13:00:05 ----D---- C:\WINDOWS\system32\config
2010-11-30 19:05:45 ----D---- C:\scan
2010-11-30 19:05:44 ----D---- C:\Documents and Settings\Admin\Data aplikací\Canon
2010-11-30 16:33:19 ----D---- C:\Documents and Settings\Admin\Data aplikací\vlc
2010-11-30 16:31:35 ----D---- C:\Documents and Settings\Admin\Data aplikací\dvdcss
2010-11-29 20:22:44 ----D---- C:\Program Files\bwin
2010-11-28 11:28:35 ----D---- C:\Program Files\SUPERAntiSpyware
2010-11-21 14:56:14 ----D---- C:\Program Files\Bethesda Softworks
2010-11-21 10:48:36 ----D---- C:\hry
2010-11-20 17:26:24 ----D---- C:\bwinPoker
2010-11-18 11:50:13 ----A---- C:\WINDOWS\wincmd.ini
2010-11-15 20:03:12 ----D---- C:\Program Files\Adobe
2010-11-15 20:02:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-15 20:02:01 ----D---- C:\Documents and Settings\Admin\Data aplikací\Adobe
2010-11-14 12:16:02 ----D---- C:\WINDOWS\system32\DirectX
2010-11-14 12:16:00 ----HD---- C:\WINDOWS\inf
2010-11-14 12:11:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-13 11:29:08 ----RSD---- C:\WINDOWS\assembly
2010-11-13 11:28:37 ----D---- C:\WINDOWS\WinSxS
2010-11-13 11:03:24 ----D---- C:\WINDOWS\Logs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-07-20 41728]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-05 691696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-23 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-23 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-12 248192]
S3 a4c7zrp7;a4c7zrp7; C:\WINDOWS\system32\drivers\a4c7zrp7.sys []
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2008-06-16 57088]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 mbr;mbr; \??\C:\ComboFix2\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\TF1D091000SER.sys [2008-01-08 99968]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-02 607576]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-25 66872]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-03 570880]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-24 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-29 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomalejší internet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalejší internet
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalejší internet
Tak tady je log z combo fixu
ComboFix 10-12-04.01 - Admin 05.12.2010 10:57:47.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1636 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\windows\LastGood
2010-12-05 08:35 . 2010-12-05 08:37 -------- d-----w- c:\program files\trend micro
2010-12-05 08:35 . 2010-12-05 08:35 -------- d-----w- C:\rsit
2010-12-05 08:31 . 2010-12-05 08:32 -------- d-----w- c:\program files\Ultimate Process Manager
2010-12-04 12:45 . 2010-12-04 12:45 257024 ----a-w- c:\windows\Mgicyb.exe
2010-12-04 12:42 . 2010-12-04 12:42 257024 ----a-w- c:\windows\Mgicya.exe
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In_The_Money_LLC
2010-12-02 11:59 . 2010-12-04 12:52 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In The Money
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\program files\In The Money
2010-11-28 14:37 . 2010-11-28 14:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\cache
2010-11-28 14:17 . 2010-11-28 14:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FullTiltPoker
2010-11-28 14:17 . 2010-12-05 09:42 -------- d-----w- c:\program files\Full Tilt Poker
2010-11-21 14:36 . 2010-11-21 14:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FalloutNV
2010-11-21 09:55 . 2010-11-21 10:01 -------- d-----w- C:\filmy
2010-11-18 15:29 . 2010-11-18 15:29 -------- d-----w- c:\documents and settings\Admin\.dd-poker3
2010-11-18 15:24 . 2010-11-18 15:25 -------- d-----w- c:\program files\ddpoker3
2010-11-15 19:01 . 2010-11-15 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 11:17 . 2010-11-14 11:17 -------- d-----w- c:\documents and settings\Admin\Data aplikací\LolClient
2010-11-14 11:11 . 2010-11-14 11:11 -------- d-----w- C:\Riot Games
2010-11-14 10:31 . 2010-11-17 14:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2010-11-14 10:31 . 2010-11-14 10:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2010-11-14 10:30 . 2010-11-14 10:30 -------- d-----w- c:\program files\Pando Networks
2010-11-13 10:50 . 2010-11-13 10:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\My Games
2010-11-13 10:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-13 10:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-11-13 10:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:50 . 2010-04-15 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-01-17 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
((((((((((((((((((((((((((((( SnapShot@2010-12-05_08.04.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-12-05 09:56 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2010-12-05 09:56 . 2008-10-16 13:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2008-10-16 13:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-28 2424560]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2004-08-09 24576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor Ver.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor Ver.5.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zoner\\AtlasObchod\\DataExchange.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57480:TCP"= 57480:TCP:Pando Media Booster
"57480:UDP"= 57480:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 21:18 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.3.2009 13:07 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 13:07 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 8:15 135664]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [17.11.2009 13:32 25832]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.6.2007 17:43 61776]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 13:07 12872]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [30.6.2010 14:13 99968]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\artur.dubovoy@gmail.com
FF - Extension: Geocaching.com GPX Downloader: gpxdown@geocaching.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\gpxdown@geocaching.com
FF - Extension: Foxit Toolbar: toolbar@ask.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\toolbar@ask.com
FF - Extension: Inbox Toolbar: inboxcomtoolbar@inbox.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\inboxcomtoolbar@inbox.com
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\DTToolbar@toolbarnet.com
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,c3,f1,ba,86,f5,7b,1b,5a,e7,bb,ea,09,a9,14,e9,68,43,16,fb,3e,
83,28,67,4f,f6,7b,8b,30,3c,a4,48,59,ed,0a,c8,d9,7a,e1,30,1a,9a,c4,03,d8,d6,\
"rkeysecu"=hex:10,1a,38,d9,f6,d0,1f,48,7d,fe,88,78,f3,d0,be,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-12-05 11:08:55
ComboFix-quarantined-files.txt 2010-12-05 10:08
ComboFix2.txt 2010-12-05 08:24
ComboFix3.txt 2010-12-05 08:08
ComboFix4.txt 2009-04-08 14:04
Před spuštěním: Volných bajtů: 104 560 730 112
Po spuštění: Volných bajtů: 104 540 807 168
- - End Of File - - A18A30FA559504AB751FBB5305BBEC4B
ComboFix 10-12-04.01 - Admin 05.12.2010 10:57:47.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1636 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\windows\LastGood
2010-12-05 08:35 . 2010-12-05 08:37 -------- d-----w- c:\program files\trend micro
2010-12-05 08:35 . 2010-12-05 08:35 -------- d-----w- C:\rsit
2010-12-05 08:31 . 2010-12-05 08:32 -------- d-----w- c:\program files\Ultimate Process Manager
2010-12-04 12:45 . 2010-12-04 12:45 257024 ----a-w- c:\windows\Mgicyb.exe
2010-12-04 12:42 . 2010-12-04 12:42 257024 ----a-w- c:\windows\Mgicya.exe
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In_The_Money_LLC
2010-12-02 11:59 . 2010-12-04 12:52 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In The Money
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\program files\In The Money
2010-11-28 14:37 . 2010-11-28 14:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\cache
2010-11-28 14:17 . 2010-11-28 14:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FullTiltPoker
2010-11-28 14:17 . 2010-12-05 09:42 -------- d-----w- c:\program files\Full Tilt Poker
2010-11-21 14:36 . 2010-11-21 14:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FalloutNV
2010-11-21 09:55 . 2010-11-21 10:01 -------- d-----w- C:\filmy
2010-11-18 15:29 . 2010-11-18 15:29 -------- d-----w- c:\documents and settings\Admin\.dd-poker3
2010-11-18 15:24 . 2010-11-18 15:25 -------- d-----w- c:\program files\ddpoker3
2010-11-15 19:01 . 2010-11-15 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 11:17 . 2010-11-14 11:17 -------- d-----w- c:\documents and settings\Admin\Data aplikací\LolClient
2010-11-14 11:11 . 2010-11-14 11:11 -------- d-----w- C:\Riot Games
2010-11-14 10:31 . 2010-11-17 14:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2010-11-14 10:31 . 2010-11-14 10:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2010-11-14 10:30 . 2010-11-14 10:30 -------- d-----w- c:\program files\Pando Networks
2010-11-13 10:50 . 2010-11-13 10:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\My Games
2010-11-13 10:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-13 10:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-11-13 10:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:50 . 2010-04-15 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-01-17 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
((((((((((((((((((((((((((((( SnapShot@2010-12-05_08.04.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-12-05 09:56 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2010-12-05 09:56 . 2008-10-16 13:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2008-10-16 13:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-28 2424560]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2004-08-09 24576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor Ver.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor Ver.5.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zoner\\AtlasObchod\\DataExchange.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57480:TCP"= 57480:TCP:Pando Media Booster
"57480:UDP"= 57480:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 21:18 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.3.2009 13:07 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 13:07 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 8:15 135664]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [17.11.2009 13:32 25832]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.6.2007 17:43 61776]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 13:07 12872]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [30.6.2010 14:13 99968]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\artur.dubovoy@gmail.com
FF - Extension: Geocaching.com GPX Downloader: gpxdown@geocaching.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\gpxdown@geocaching.com
FF - Extension: Foxit Toolbar: toolbar@ask.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\toolbar@ask.com
FF - Extension: Inbox Toolbar: inboxcomtoolbar@inbox.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\inboxcomtoolbar@inbox.com
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\DTToolbar@toolbarnet.com
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,c3,f1,ba,86,f5,7b,1b,5a,e7,bb,ea,09,a9,14,e9,68,43,16,fb,3e,
83,28,67,4f,f6,7b,8b,30,3c,a4,48,59,ed,0a,c8,d9,7a,e1,30,1a,9a,c4,03,d8,d6,\
"rkeysecu"=hex:10,1a,38,d9,f6,d0,1f,48,7d,fe,88,78,f3,d0,be,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-12-05 11:08:55
ComboFix-quarantined-files.txt 2010-12-05 10:08
ComboFix2.txt 2010-12-05 08:24
ComboFix3.txt 2010-12-05 08:08
ComboFix4.txt 2009-04-08 14:04
Před spuštěním: Volných bajtů: 104 560 730 112
Po spuštění: Volných bajtů: 104 540 807 168
- - End Of File - - A18A30FA559504AB751FBB5305BBEC4B
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalejší internet
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\Mgicyb.exe
c:\windows\Mgicya.exe
Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalejší internet
Po proběhnutí combofixu se scriptem se mi objevilo hlášení, že potřebuje zkontrolovat malware na internetu, a po chvilce hlášení že spojení se servrem nenavázáno a že vytvořil soubor cf-submit.htm
Co s tím ?
Zde je log
ComboFix 10-12-04.01 - Admin 05.12.2010 11:28:49.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1577 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
file zipped: c:\windows\Mgicya.exe
file zipped: c:\windows\Mgicyb.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_1899.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1898.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Mgicya.exe
c:\windows\Mgicyb.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\windows\LastGood
2010-12-05 08:35 . 2010-12-05 08:37 -------- d-----w- c:\program files\trend micro
2010-12-05 08:35 . 2010-12-05 08:35 -------- d-----w- C:\rsit
2010-12-05 08:31 . 2010-12-05 08:32 -------- d-----w- c:\program files\Ultimate Process Manager
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In_The_Money_LLC
2010-12-02 11:59 . 2010-12-04 12:52 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In The Money
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\program files\In The Money
2010-11-28 14:37 . 2010-11-28 14:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\cache
2010-11-28 14:17 . 2010-11-28 14:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FullTiltPoker
2010-11-28 14:17 . 2010-12-05 09:42 -------- d-----w- c:\program files\Full Tilt Poker
2010-11-21 14:36 . 2010-11-21 14:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FalloutNV
2010-11-21 09:55 . 2010-11-21 10:01 -------- d-----w- C:\filmy
2010-11-18 15:29 . 2010-11-18 15:29 -------- d-----w- c:\documents and settings\Admin\.dd-poker3
2010-11-18 15:24 . 2010-11-18 15:25 -------- d-----w- c:\program files\ddpoker3
2010-11-15 19:01 . 2010-11-15 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 11:17 . 2010-11-14 11:17 -------- d-----w- c:\documents and settings\Admin\Data aplikací\LolClient
2010-11-14 11:11 . 2010-11-14 11:11 -------- d-----w- C:\Riot Games
2010-11-14 10:31 . 2010-11-17 14:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2010-11-14 10:31 . 2010-11-14 10:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2010-11-14 10:30 . 2010-11-14 10:30 -------- d-----w- c:\program files\Pando Networks
2010-11-13 10:50 . 2010-11-13 10:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\My Games
2010-11-13 10:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-13 10:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-11-13 10:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:50 . 2010-04-15 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-01-17 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
((((((((((((((((((((((((((((( SnapShot@2010-12-05_08.04.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-12-05 09:56 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2010-12-05 09:56 . 2008-10-16 13:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2008-10-16 13:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-28 2424560]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2004-08-09 24576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor Ver.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor Ver.5.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zoner\\AtlasObchod\\DataExchange.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57480:TCP"= 57480:TCP:Pando Media Booster
"57480:UDP"= 57480:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 21:18 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.3.2009 13:07 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 13:07 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 8:15 135664]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [17.11.2009 13:32 25832]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.6.2007 17:43 61776]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 13:07 12872]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [30.6.2010 14:13 99968]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\artur.dubovoy@gmail.com
FF - Extension: Geocaching.com GPX Downloader: gpxdown@geocaching.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\gpxdown@geocaching.com
FF - Extension: Foxit Toolbar: toolbar@ask.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\toolbar@ask.com
FF - Extension: Inbox Toolbar: inboxcomtoolbar@inbox.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\inboxcomtoolbar@inbox.com
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\DTToolbar@toolbarnet.com
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 11:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,c3,f1,ba,86,f5,7b,1b,5a,e7,bb,ea,09,a9,14,e9,68,43,16,fb,3e,
83,28,67,4f,f6,7b,8b,30,3c,a4,48,59,ed,0a,c8,d9,7a,e1,30,1a,9a,c4,03,d8,d6,\
"rkeysecu"=hex:10,1a,38,d9,f6,d0,1f,48,7d,fe,88,78,f3,d0,be,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2010-12-05 11:34:50
ComboFix-quarantined-files.txt 2010-12-05 10:34
ComboFix2.txt 2010-12-05 10:08
ComboFix3.txt 2010-12-05 08:24
ComboFix4.txt 2010-12-05 08:08
ComboFix5.txt 2010-12-05 10:27
Před spuštěním: Volných bajtů: 104 602 611 712
Po spuštění: Volných bajtů: 104 579 923 968
- - End Of File - - 245C6C6B1F3F9365166FD39F8BAD4BB2
Co s tím ?
Zde je log
ComboFix 10-12-04.01 - Admin 05.12.2010 11:28:49.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1577 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
file zipped: c:\windows\Mgicya.exe
file zipped: c:\windows\Mgicyb.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_1899.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1898.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Mgicya.exe
c:\windows\Mgicyb.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\windows\LastGood
2010-12-05 08:35 . 2010-12-05 08:37 -------- d-----w- c:\program files\trend micro
2010-12-05 08:35 . 2010-12-05 08:35 -------- d-----w- C:\rsit
2010-12-05 08:31 . 2010-12-05 08:32 -------- d-----w- c:\program files\Ultimate Process Manager
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In_The_Money_LLC
2010-12-02 11:59 . 2010-12-04 12:52 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\In The Money
2010-12-02 11:59 . 2010-12-02 11:59 -------- d-----w- c:\program files\In The Money
2010-11-28 14:37 . 2010-11-28 14:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\cache
2010-11-28 14:17 . 2010-11-28 14:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FullTiltPoker
2010-11-28 14:17 . 2010-12-05 09:42 -------- d-----w- c:\program files\Full Tilt Poker
2010-11-21 14:36 . 2010-11-21 14:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\FalloutNV
2010-11-21 09:55 . 2010-11-21 10:01 -------- d-----w- C:\filmy
2010-11-18 15:29 . 2010-11-18 15:29 -------- d-----w- c:\documents and settings\Admin\.dd-poker3
2010-11-18 15:24 . 2010-11-18 15:25 -------- d-----w- c:\program files\ddpoker3
2010-11-15 19:01 . 2010-11-15 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 11:17 . 2010-11-14 11:17 -------- d-----w- c:\documents and settings\Admin\Data aplikací\LolClient
2010-11-14 11:11 . 2010-11-14 11:11 -------- d-----w- C:\Riot Games
2010-11-14 10:31 . 2010-11-17 14:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\PMB Files
2010-11-14 10:31 . 2010-11-14 10:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2010-11-14 10:30 . 2010-11-14 10:30 -------- d-----w- c:\program files\Pando Networks
2010-11-13 10:50 . 2010-11-13 10:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\My Games
2010-11-13 10:03 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-13 10:03 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-11-13 10:03 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-11-13 10:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 02:50 . 2010-04-15 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-01-17 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
((((((((((((((((((((((((((((( SnapShot@2010-12-05_08.04.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-12-05 09:54 . 2010-12-05 09:54 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-12-05 09:56 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2010-12-05 09:56 . 2008-10-16 13:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2010-12-05 09:56 . 2008-10-16 13:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-12-05 09:56 . 2008-10-16 13:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-01-30 01:26 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2010-12-05 09:56 . 2008-10-16 13:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2007-01-30 01:26 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-12-05 09:56 . 2008-10-16 13:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-28 2424560]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2004-08-09 24576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-4 113664]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor Ver.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor Ver.5.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Zoner\\AtlasObchod\\DataExchange.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57480:TCP"= 57480:TCP:Pando Media Booster
"57480:UDP"= 57480:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2007 21:18 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.3.2009 13:07 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 13:07 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 8:15 135664]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [17.11.2009 13:32 25832]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.6.2007 17:43 61776]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 13:07 12872]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [30.6.2010 14:13 99968]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 07:14]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\artur.dubovoy@gmail.com
FF - Extension: Geocaching.com GPX Downloader: gpxdown@geocaching.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\gpxdown@geocaching.com
FF - Extension: Foxit Toolbar: toolbar@ask.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\toolbar@ask.com
FF - Extension: Inbox Toolbar: inboxcomtoolbar@inbox.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\inboxcomtoolbar@inbox.com
FF - Extension: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xa6jwov3.default\extensions\DTToolbar@toolbarnet.com
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 11:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,c3,f1,ba,86,f5,7b,1b,5a,e7,bb,ea,09,a9,14,e9,68,43,16,fb,3e,
83,28,67,4f,f6,7b,8b,30,3c,a4,48,59,ed,0a,c8,d9,7a,e1,30,1a,9a,c4,03,d8,d6,\
"rkeysecu"=hex:10,1a,38,d9,f6,d0,1f,48,7d,fe,88,78,f3,d0,be,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2010-12-05 11:34:50
ComboFix-quarantined-files.txt 2010-12-05 10:34
ComboFix2.txt 2010-12-05 10:08
ComboFix3.txt 2010-12-05 08:24
ComboFix4.txt 2010-12-05 08:08
ComboFix5.txt 2010-12-05 10:27
Před spuštěním: Volných bajtů: 104 602 611 712
Po spuštění: Volných bajtů: 104 579 923 968
- - End Of File - - 245C6C6B1F3F9365166FD39F8BAD4BB2
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalejší internet
Log již vypadá čistý. Nastala nějaká změna? CF-submit buď smažte, nebo ponechte. Soubor není vir.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalejší internet
Změna je výrazná, zdá se, že to pomohlo, tisíceré díky.
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalejší internet
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?