Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém so "systémom"

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Problém so "systémom"

#1 Příspěvek od seamus »

Už viackrát mi pri spúšťaní PC zobrazilo tú správu, že mám chýbajúci alebo poškodený súbor v cieľovom adresári c:/windows/system...Podarilo sa mi komp viackrát zapnúť aspoň cez Safe Mode, teraz napodiv normálne, avšak je strašne zavírený a bojím sa, že ho nabudúce nezapnem už vôbec :(...
Vopred ďakujem za pomoc.

DDS (Ver_10-11-27.01) - NTFSx86
Run by Jakub at 8:31:34,09 on ne 28.11.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.88 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Jakub\My Documents\Preberanie\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://googleure.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: Taskman=c:\documents and settings\jakub\application data\juzjf.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-4349727068-6333880499-498343625-6351\nvapbar.exe,c:\recycler\s-1-5-21-3492822507-1643205622-369944611-5105\yv8g67.exe,explorer.exe,c:\documents and settings\jakub\application data\juzjf.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [CmUCRRun] c:\windows\system32\CmUCReye.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0ggbssn.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0kplbbx.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0tpkk6w.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\1ieezqq.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\6ss6ee6.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\c3eezqqlccx.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\e3ggbssneez.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\eezk6ww6ii.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\f0lhcc6oo.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\fbww6ii6.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\s70tpkq70.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\wwriiduupg.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\jakub\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/5854/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\
FF - plugin: c:\documents and settings\jakub\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jakub\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2009-7-9 72320]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
S2 ea26a79qboa;Asset Management Daemon;c:\windows\system32\venelyzu.exe --> c:\windows\system32\venelyzu.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S3 jkzycxdn;jkzycxdn;\??\c:\windows\system32\drivers\jkzycxdn.sys --> c:\windows\system32\drivers\jkzycxdn.sys [?]
S3 rwaofnwl;rwaofnwl;\??\c:\windows\system32\drivers\rwaofnwl.sys --> c:\windows\system32\drivers\rwaofnwl.sys [?]
S3 yvhsauqu;yvhsauqu;\??\c:\windows\system32\drivers\yvhsauqu.sys --> c:\windows\system32\drivers\yvhsauqu.sys [?]

=============== Created Last 30 ================

2010-11-28 06:28:06 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-27 16:54:30 -------- d-----w- c:\program files\VirtualDJ
2010-11-27 10:28:50 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-22 15:42:37 -------- d-----w- c:\docume~1\jakub\locals~1\applic~1\Electronic Arts
2010-11-21 21:26:31 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31:17 85504 --sh--r- c:\docume~1\jakub\applic~1\juzjf.exe
2010-11-20 14:31:07 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30:41 90978 ----a-w- C:\winnt7.exe
2010-11-15 14:40:38 72192 --sh--r- c:\windows\nvsvc32.exe
2010-11-09 14:25:42 -------- d-----w- c:\docume~1\jakub\locals~1\applic~1\Unity
2010-11-08 06:25:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Norton
2010-11-08 06:25:53 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Symantec
2010-11-08 06:25:45 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2010-11-06 10:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 10:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-03 17:09:47 -------- d-----w- C:\divx
2010-11-03 09:07:23 -------- d-----w- c:\program files\AllToAVI

==================== Find3M ====================

2010-11-28 06:18:23 98304 ----a-w- c:\windows\DUMP6b3d.tmp
2010-11-28 06:16:50 98304 ----a-w- c:\windows\DUMP6a14.tmp
2010-11-27 14:33:40 98304 ----a-w- c:\windows\DUMP70f9.tmp
2010-09-08 07:09:46 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07:36 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 8:32:47,06 ===============
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#2 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Mate zazalohovana dulezita data a instalacni CD, vypada to na hodne naboreny system :o

:arrow: Pracujte tedy v nouzovem rezimu prozatim

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Re: Problém so "systémom"

#3 Příspěvek od seamus »

A ak sa môžem ešte opýtať, ako "vypnúť" ESET v Safe Mode? Lebo dole na lište nemám tú kolonku a nemám poňatia, ako to inak vypnúť...
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#4 Příspěvek od vyosek »

Tak to tedy nereste a pokracujte dale :wink:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Re: Problém so "systémom"

#5 Příspěvek od seamus »

Ako pozerám, je tam stále nejaký problém s cdrom...

ComboFix 10-11-27.01 - Jakub 28.11.2010 16:02:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.204 [GMT 1:00]
Running from: c:\documents and settings\Jakub\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\common.data
c:\documents and settings\Jakub\Application Data\juzjf.exe
c:\documents and settings\Jakub\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Jakub\secupdat.dat
c:\documents and settings\LocalService.NT AUTHORITY\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\000F99B6.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\windows\nvsvc32.exe
c:\windows\system32\secupdat.dat

c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 14:50 . 2010-11-28 14:50 2291 ----a-w- c:\windows\system32\drivers\fjrprqzs.sys
2010-11-28 14:19 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\venelyzu.exe
2010-11-28 14:18 . 2010-11-28 14:18 82944 ----a-w- c:\windows\system32\drivers\xjuosbfv.sys
2010-11-28 14:17 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\quoowohu.exe
2010-11-28 08:25 . 2010-11-28 08:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-28 07:03 . 2010-11-28 14:15 98304 ----a-w- c:\windows\DUMP72ed.tmp
2010-11-28 06:28 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-27 16:54 . 2010-11-27 16:54 -------- d-----w- c:\program files\VirtualDJ
2010-11-27 10:28 . 2010-11-27 10:28 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Electronic Arts
2010-11-21 21:26 . 2010-11-21 21:26 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31 . 2010-11-20 14:31 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30 . 2010-11-15 19:30 90978 ----a-w- C:\winnt7.exe
2010-11-09 14:25 . 2010-11-09 14:25 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Unity
2010-11-08 06:25 . 2010-11-17 11:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-11-08 06:25 . 2010-11-08 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-03 17:09 . 2010-11-08 08:04 -------- d-----w- C:\divx
2010-11-03 09:07 . 2010-11-03 16:18 -------- d-----w- c:\program files\AllToAVI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 06:18 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP6b3d.tmp
2010-11-28 06:16 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP6a14.tmp
2010-11-27 14:33 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP70f9.tmp
2010-11-23 17:42 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-08 07:09 . 2010-10-17 06:57 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07 . 2010-10-17 06:57 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57 . 2006-07-11 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-13_18.36.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-11-28 14:49 . 2010-11-28 14:49 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
+ 2010-11-27 16:50 . 2001-04-27 15:11 24576 c:\windows\system32\SmartSubClass.dll
+ 2010-11-27 16:50 . 2001-10-14 00:48 28672 c:\windows\system32\SmartMenuXP.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 68592 c:\windows\system32\pxinsa64.exe
- 2009-07-09 08:31 . 2008-11-20 19:19 72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 68080 c:\windows\system32\pxcpya64.exe
+ 2009-10-20 18:19 . 2009-10-20 18:19 53299 c:\windows\system32\pthreadVC.dll
- 2001-08-23 12:00 . 2010-06-24 07:05 79368 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-10-31 06:10 79368 c:\windows\system32\perfc009.dat
+ 2010-11-28 07:10 . 2010-11-28 07:10 81336 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2010-11-27 16:50 . 2003-06-06 11:21 81920 c:\windows\system32\eSellerateControl350.dll
+ 2008-11-20 19:19 . 2010-08-12 04:07 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2009-10-20 18:19 . 2009-10-20 18:19 50704 c:\windows\system32\drivers\npf.sys
+ 2010-08-26 12:50 . 2010-08-26 12:50 18048 c:\windows\system32\drivers\lirsgt.sys
- 2008-07-01 07:04 . 2008-07-01 07:04 34312 c:\windows\system32\drivers\epfwtdir.sys
+ 2008-07-01 08:04 . 2008-07-01 08:04 34312 c:\windows\system32\drivers\epfwtdir.sys
+ 2008-07-01 07:57 . 2008-07-01 07:57 53256 c:\windows\system32\drivers\easdrv.sys
- 2008-07-01 06:57 . 2008-07-01 06:57 53256 c:\windows\system32\drivers\easdrv.sys
+ 2008-07-01 07:56 . 2008-07-01 07:56 39944 c:\windows\system32\drivers\eamon.sys
- 2008-07-01 06:56 . 2008-07-01 06:56 39944 c:\windows\system32\drivers\eamon.sys
+ 2010-03-10 19:29 . 2010-03-10 19:29 94208 c:\windows\system32\dpl100.dll
+ 2010-11-27 16:50 . 2001-06-21 20:13 81332 c:\windows\system32\BASS.DLL
+ 1999-01-12 09:35 . 1999-01-12 09:35 53760 c:\windows\speech\WrapSAPI.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-10-16 11:14 . 2010-10-16 11:14 21504 c:\windows\Installer\63c528.msi
- 2010-06-18 08:50 . 2010-06-18 08:50 10134 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\callmsi.exe
+ 2010-11-21 18:16 . 2010-11-21 18:16 10134 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\callmsi.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-17 14:15 . 2010-09-17 14:15 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-17 14:15 . 2010-09-17 14:15 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\ARPPRODUCTICON.exe
+ 2010-11-22 15:27 . 2010-11-22 15:27 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 1999-01-12 09:39 . 1999-01-12 09:39 6656 c:\windows\delttsul.exe
+ 2007-06-28 16:54 . 2007-06-28 16:54 180224 c:\windows\system32\xvidvfw.dll
+ 2007-06-28 16:52 . 2007-06-28 16:52 765952 c:\windows\system32\xvidcore.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 281104 c:\windows\system32\wpcap.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 100848 c:\windows\system32\vxblock.dll
+ 2009-01-28 18:50 . 2009-01-28 18:50 368640 c:\windows\system32\vobsub.dll
+ 2009-01-28 18:50 . 2009-01-28 18:50 153088 c:\windows\system32\unrar.dll
+ 2010-09-04 12:01 . 2010-09-04 12:03 663204 c:\windows\system32\Restore\rstrlog.dat
+ 2009-07-09 08:31 . 2010-08-12 04:07 440816 c:\windows\system32\pxwave.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 219632 c:\windows\system32\pxmas.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 126448 c:\windows\system32\pxinsi64.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 567792 c:\windows\system32\pxdrv.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 133616 c:\windows\system32\pxafs.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 698864 c:\windows\system32\px.dll
+ 2001-08-23 12:00 . 2010-10-31 06:10 461552 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-06-24 07:05 461552 c:\windows\system32\perfh009.dat
+ 2009-10-20 18:19 . 2009-10-20 18:19 100880 c:\windows\system32\Packet.dll
+ 2009-07-08 17:53 . 2010-11-28 06:20 292480 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-26 12:50 . 2010-08-26 12:50 165376 c:\windows\system32\drivers\atksgt.sys
- 2009-07-09 01:04 . 2004-08-03 22:56 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-07-09 01:04 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 195584 c:\windows\speech\Xvoice.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 203776 c:\windows\speech\XTel.Dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 208896 c:\windows\speech\Xlisten.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 128000 c:\windows\speech\Xcommand.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 173056 c:\windows\speech\VText.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 179712 c:\windows\speech\Vdict.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 156160 c:\windows\speech\vcmshl.dll
+ 1999-01-12 13:09 . 1999-01-12 13:09 380928 c:\windows\speech\vcmd.exe
+ 1999-01-12 13:19 . 1999-01-12 13:19 248832 c:\windows\speech\spchtel.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 562176 c:\windows\speech\speech.dll
+ 2009-07-09 01:04 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-07-09 01:04 . 2004-08-03 22:56 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-11-22 15:27 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2010-08-29 15:13 . 2010-08-29 15:13 169472 c:\windows\Installer\4b4ff0.msi
+ 2010-08-04 13:13 . 2010-08-04 13:13 686080 c:\windows\Installer\4ab69.msp
+ 2010-07-14 14:45 . 2010-07-14 14:45 424960 c:\windows\Installer\496921.msi
+ 2010-11-22 15:25 . 2010-11-22 15:25 331264 c:\windows\Installer\258907.msi
+ 2010-09-17 14:15 . 2010-09-17 14:15 874496 c:\windows\Installer\222577.msi
+ 2010-11-21 18:16 . 2010-11-21 18:16 858624 c:\windows\Installer\14489.msi
+ 2010-11-21 18:16 . 2010-11-21 18:16 136448 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\egui.exe
- 2010-06-18 08:50 . 2010-06-18 08:50 136448 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\egui.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-09-22 16:10 . 2010-09-22 16:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0400000010\9.4.0\nppdf32.dll
+ 2009-03-06 01:37 . 2009-03-06 01:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2008-10-26 05:26 . 2008-10-26 05:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2010-11-27 16:50 . 2005-03-10 22:57 356352 c:\windows\eSellerateEngine.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-07-15 05:20 . 2010-02-22 17:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-15 05:20 . 2004-08-03 22:56 743936 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-07-15 05:20 . 2010-02-22 17:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-15 05:20 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 05:33 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-07-14 05:33 . 2010-06-14 14:31 744448 c:\windows\$hf_mig$\KB2229593\SP3GDR\helpsvc.exe
+ 2010-07-14 05:33 . 2010-06-14 15:13 744448 c:\windows\$hf_mig$\KB2229593\SP2QFE\helpsvc.exe
+ 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 2120176 c:\windows\system32\pxsfs.dll
+ 2010-08-26 12:49 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-26 14:00 . 2010-07-26 14:00 5010944 c:\windows\Installer\6eb33.msp
+ 2010-07-10 18:14 . 2010-07-10 18:14 2850816 c:\windows\Installer\6eb1c.msp
+ 2010-10-11 13:41 . 2010-10-11 13:41 3946496 c:\windows\Installer\59833.msi
+ 2010-08-19 15:57 . 2010-08-19 15:57 3395584 c:\windows\Installer\4ab52.msp
+ 2010-07-14 14:50 . 2010-07-14 14:50 3726336 c:\windows\Installer\496925.msi
+ 2010-08-13 16:01 . 2010-08-13 16:01 8993280 c:\windows\Installer\3a176.msp
+ 2010-08-13 15:59 . 2010-08-13 15:59 8182272 c:\windows\Installer\3a15f.msp
+ 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\3a148.msp
+ 2010-08-13 16:00 . 2010-08-13 16:00 9404928 c:\windows\Installer\3a131.msp
+ 2010-09-17 04:06 . 2010-09-17 04:06 3355648 c:\windows\Installer\3a119.msp
+ 2010-05-20 17:57 . 2010-05-20 17:57 4989952 c:\windows\Installer\33bf8.msp
+ 2010-05-20 17:57 . 2010-05-20 17:57 5907456 c:\windows\Installer\33bf7.msp
+ 2010-06-11 09:03 . 2010-06-11 09:03 5021184 c:\windows\Installer\33bd7.msp
+ 2010-09-17 05:04 . 2010-09-17 05:04 9401856 c:\windows\Installer\2d1b2.msp
+ 2010-10-21 17:12 . 2010-10-21 17:12 3359744 c:\windows\Installer\2d19b.msp
+ 2010-10-07 17:43 . 2010-10-07 17:43 1980416 c:\windows\Installer\2d184.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\1b8d0.msp
- 2009-11-25 17:20 . 2010-06-12 10:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-16 01:08 . 2010-09-16 01:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0400000010\9.4.0\authplay.dll
+ 2008-11-10 01:41 . 2008-11-10 01:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2010-11-22 15:27 . 2010-11-22 15:27 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-10 18:06 . 2010-07-10 18:06 10120192 c:\windows\Installer\6eb05.msp
+ 2010-07-22 23:04 . 2010-07-22 23:04 11395072 c:\windows\Installer\4ab3b.msp
+ 2010-05-20 17:58 . 2010-05-20 17:58 12114432 c:\windows\Installer\33bc0.msp
+ 2009-03-06 01:37 . 2009-03-06 01:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"tekeboo"="c:\windows\system32\pyly.exe" [2010-11-28 315392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Jakub\Start Menu\Programs\Startup\
0ggbssn.exe [2010-11-22 43008]
0kplbbx.exe [2010-11-21 43008]
0tpkk6w.exe [2010-11-21 43008]
1ieezqq.exe [2010-11-21 43008]
6ss6ee6.exe [2010-11-21 43008]
c3eezqqlccx.exe [2010-11-21 43008]
e3ggbssneez.exe [2010-11-22 43008]
eezk6ww6ii.exe [2010-11-21 43008]
f0lhcc6oo.exe [2010-11-21 43008]
fbww6ii6.exe [2010-11-21 43008]
s70tpkq70.exe [2010-11-21 43008]
wwriiduupg.exe [2010-11-21 43008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jakub\\My Documents\\Preberanie\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 09:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 09:02 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [9.7.2009 17:17 72320]
S2 ea26a79qboa;Asset Management Daemon;c:\windows\system32\venelyzu.exe [28.11.2010 15:19 315392]
S2 fjrprqzs;fjrprqzs;c:\windows\system32\drivers\fjrprqzs.sys [28.11.2010 15:50 2291]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:08 136176]
S2 xjuosbfv;xjuosbfv;c:\windows\system32\drivers\xjuosbfv.sys [28.11.2010 15:18 82944]
S3 jkzycxdn;jkzycxdn;\??\c:\windows\System32\Drivers\jkzycxdn.sys --> c:\windows\System32\Drivers\jkzycxdn.sys [?]
S3 rwaofnwl;rwaofnwl;\??\c:\windows\System32\Drivers\rwaofnwl.sys --> c:\windows\System32\Drivers\rwaofnwl.sys [?]
S3 yvhsauqu;yvhsauqu;\??\c:\windows\System32\Drivers\yvhsauqu.sys --> c:\windows\System32\Drivers\yvhsauqu.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2010 10:32 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - wcscd
.
Contents of the 'Scheduled Tasks' folder

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-11 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Jakub\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
FF - ProfilePath - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\
FF - plugin: c:\documents and settings\Jakub\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jakub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-hqznrvcw
SafeBoot-xjuosbfv



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [9264]
? [8436]
? [10048]
? [10072]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\windows\TEMP\cdfss"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]
"haikfoapifpgcbkk"=hex:6a,61,67,61,70,63,65,6d,63,62,69,6b,6e,6d,67,69,65,67,
6d,6a,00,f0
"iackhenlgadblagbko"=hex:69,61,64,62,6b,66,65,6c,6d,6c,6c,61,65,63,6e,62,6d,66,
00,00
.
Completion time: 2010-11-28 16:20:18
ComboFix-quarantined-files.txt 2010-11-28 15:20

Pre-Run: 8 532 340 736 bytes free
Post-Run: 13 079 769 088 bytes free

- - End Of File - - 1EB7FEE913D793918D3FB3C05C968F8A
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#6 Příspěvek od vyosek »

:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

  • Kód: Vybrat vše

    :files
P1876832.JPG-www.facebook.exe /s
c:\documents and settings\Jakub\Start Menu\Programs\Startup\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Restore::
c:\windows\system32\drivers\cdrom.sys

SRPeek::
c:\windows\system32\drivers\cdrom.sys

Collect::
c:\windows\system32\venelyzu.exe
c:\windows\system32\drivers\fjrprqzs.sys
c:\windows\system32\drivers\xjuosbfv.sys
c:\windows\System32\Drivers\jkzycxdn.sys
c:\windows\System32\Drivers\rwaofnwl.sys
c:\windows\System32\Drivers\yvhsauqu.sys
c:\windows\system32\pyly.exe

Driver::
ea26a79qboa
fjrprqzs
xjuosbfv
jkzycxdn
rwaofnwl
yvhsauqu
wcscd

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://googleure.com

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Jakub\\My Documents\\Preberanie\\P1876832.JPG-www.facebook.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"UpdatePDRShortCut"=-
NokiaMusic FastStart"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"DivXUpdate"=-
"tekeboo"=-

RegLock::
[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]

RegNull::
[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Re: Problém so "systémom"

#7 Příspěvek od seamus »

Cez ten ComboFix mi to akosi nejde, lebo keď presuniem ten txt súbor na kolonku Combofix, tá hneď "zmodrie" a tým sa mi opäť spustí.
Z OTM:
All processes killed
========== FILES ==========
\Documents and Settings\Jakub\My Documents\Preberanie\P1876832.JPG-www.facebook.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0ggbssn.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0kplbbx.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0tpkk6w.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\1ieezqq.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\6ss6ee6.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\c3eezqqlccx.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\e3ggbssneez.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\eezk6ww6ii.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\f0lhcc6oo.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\fbww6ii6.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\s70tpkq70.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\wwriiduupg.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET395.tmp moved successfully.
C:\WINDOWS\system32\SET399.tmp moved successfully.
C:\WINDOWS\system32\SET3A1.tmp moved successfully.
C:\WINDOWS\DUMP64d4.tmp moved successfully.
C:\WINDOWS\DUMP686e.tmp moved successfully.
C:\WINDOWS\DUMP6a14.tmp moved successfully.
C:\WINDOWS\DUMP6afe.tmp moved successfully.
C:\WINDOWS\DUMP6b3d.tmp moved successfully.
C:\WINDOWS\DUMP70f9.tmp moved successfully.
C:\WINDOWS\DUMP72ed.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\AppPatch\SET272.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP245.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31E9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP452.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP736.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP824.tmp folder moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp0 moved successfully.
C:\WINDOWS\Installer\MSIAF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC8.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltD25.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\NS3.tmp moved successfully.
C:\WINDOWS\Temp\sdnC90B.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 487211529 bytes
->Temporary Internet Files folder emptied: 842735169 bytes
->Flash cache emptied: 132226 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jakub
->Temp folder emptied: 7197737 bytes
->Temporary Internet Files folder emptied: 1073130 bytes
->Java cache emptied: 73975430 bytes
->FireFox cache emptied: 79400462 bytes
->Flash cache emptied: 3097633 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1182868 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: windows
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3334938 bytes

Total Files Cleaned = 1 430,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11292010_065343

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5YV05YJ\board%26rnd%3D687495535%26fid%3D291484689%26bg1%3D28%26bg2%3D38%26bg3%3D0%26mlt%3D2%26ged%3D0%3A0%3AMGFiYjNmODQzZDkzOGNjYuIEploc0mCUbR6DqgBeGEVXYwJ7Rare-2nQpmByvSaB1M6onhegI&r=0 not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\AAG43ZGW\aomy7aT6np2cn1YFUITPim4mBdP6rE4Wrm0tULpdTw4AUS3s38UVQ8VcZb8S6rvUtU3Wbj52bAmWqQvTErlPaBJSsQIRreoSWQiWGvP5bTxmWqmXTau4WYZdQsrD26nLoHErUH37YUfkUcFX67ul3P[1].gif not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ANURQDMN\metal brile not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0D2RSTUJ\evanna not found!

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#8 Příspěvek od vyosek »

No vsak ano, sken bude vypadat jako pri prvnim spusteni, ale provede i prikazy ve skriptu...Pokud by se seknul na vic jak pul hodky, tak jej aplikujte v nouzovem rezimu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Re: Problém so "systémom"

#9 Příspěvek od seamus »

No a tu je druhý log z Combofixu:
ComboFix 10-11-28.05 - Jakub 29.11.2010 16:04:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.227 [GMT 1:00]
Running from: c:\documents and settings\Jakub\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jakub\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

file zipped: c:\windows\system32\drivers\fjrprqzs.sys
file zipped: c:\windows\system32\drivers\xjuosbfv.sys
file zipped: c:\windows\system32\pyly.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Application Data\SpyGuarder
c:\documents and settings\Administrator\Application Data\SpyGuarder\base.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\base2.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\Desc.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\spline.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\SpyGuarder.ini
c:\documents and settings\Administrator\Cookies\hpothb07.dat
c:\documents and settings\Administrator\Favorites\Thumbs.db
c:\documents and settings\All Users.WINDOWS\Application Data\common.data
c:\windows\system32\drivers\fjrprqzs.sys
c:\windows\system32\drivers\wcscd.sys
c:\windows\system32\drivers\xjuosbfv.sys

c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS
-------\Legacy_EA26A79QBOA
-------\Legacy_FJRPRQZS
-------\Legacy_WCSCD
-------\Legacy_XJUOSBFV
-------\Service_cdfss
-------\Service_ea26a79qboa
-------\Service_fjrprqzs
-------\Service_jkzycxdn
-------\Service_rwaofnwl
-------\Service_wcscd
-------\Service_xjuosbfv
-------\Service_yvhsauqu


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-29 05:24 . 2010-11-29 05:24 -------- d-----w- C:\_OTM
2010-11-28 14:19 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-28 14:17 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\quoowohu.exe
2010-11-28 08:25 . 2010-11-28 08:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-28 07:03 . 2010-11-29 14:23 90112 ----a-w- c:\windows\DUMP6dae.tmp
2010-11-28 07:03 . 2010-11-29 14:21 90112 ----a-w- c:\windows\DUMP703e.tmp
2010-11-27 16:54 . 2010-11-27 16:54 -------- d-----w- c:\program files\VirtualDJ
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Electronic Arts
2010-11-21 21:26 . 2010-11-21 21:26 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31 . 2010-11-20 14:31 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30 . 2010-11-15 19:30 90978 ----a-w- C:\winnt7.exe
2010-11-09 14:25 . 2010-11-09 14:25 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Unity
2010-11-08 06:25 . 2010-11-17 11:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-11-08 06:25 . 2010-11-08 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-03 17:09 . 2010-11-08 08:04 -------- d-----w- C:\divx
2010-11-03 09:07 . 2010-11-03 16:18 -------- d-----w- c:\program files\AllToAVI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 17:42 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-08 07:09 . 2010-10-17 06:57 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07 . 2010-10-17 06:57 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57 . 2006-07-11 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\dllcache\cdrom.sys [x]
[-] B669E9147C7BB835DA6FE335AF7FF73C 84800 \RP206\A0085795.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 09:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 09:02 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [9.7.2009 17:17 72320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:08 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2010 10:32 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-11 05:18]
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Jakub\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
FF - ProfilePath - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\
FF - plugin: c:\documents and settings\Jakub\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jakub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2010-11-29 16:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 15:34
ComboFix2.txt 2010-11-28 15:20

Pre-Run: 14 519 959 552 bytes free
Post-Run: 14 406 287 360 bytes free

- - End Of File - - BD3490AAD19CB44F1EDCE52388E082E2
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#10 Příspěvek od vyosek »

:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\windows\system32\drivers\cdrom.sys
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :filefind
cdrom.sys
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
seamus
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 22 úno 2009 10:30

Re: Problém so "systémom"

#11 Příspěvek od seamus »

SystemLook 04.09.10 by jpshortstuff
Log created at 15:39 on 07/12/2010 by Jakub
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys --a---- 62976 bytes [18:40 13/04/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\drivers\cdrom.sys --a---- 84800 bytes [20:59 03/08/2004] [17:42 23/11/2010] (Unable to calculate MD5)

-= EOF =-
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Problém so "systémom"

#12 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys | C:\WINDOWS\system32\drivers\cdrom.sys

Collect::
c:\windows\system32\pyly.exe
c:\windows\system32\quoowohu.exe
C:\wifi32.exe
C:\winnt7.exe

File::
c:\windows\DUMP6dae.tmp
c:\windows\DUMP703e.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“