toto je z OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SoftwareDistribution\Download\92a1110b4a13054f0e17f670b412b9ab\BIT6.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kaspersky
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Monika
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 163974 bytes
->FireFox cache emptied: 42279194 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2354 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 41.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.15.0 log created on 08122010_172543
Files moved on Reboot...
Registry entries deleted on Reboot...
A toto je z Comba
ComboFix 10-08-11.05 - Monika 08/12/2010 17:49:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.722 [GMT 1:00]
Running from: c:\documents and settings\Monika\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Monika\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sxvthg
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 16:25 . 2010-08-12 16:25 -------- d-----w- C:\_OTM
2010-08-05 13:44 . 2010-08-12 08:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 11:31 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-05 09:43 . 2010-08-12 08:40 -------- d-----w- c:\program files\trend micro
2010-08-05 09:43 . 2010-08-05 09:47 -------- d-----w- C:\rsit
2010-08-05 09:43 . 2010-08-05 09:44 -------- d-----w- c:\windows\ie8updates
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\Monika\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\INTERNET security
2010-08-03 22:26 . 2010-08-03 22:26 -------- d-----w- C:\kav
2010-08-03 22:16 . 2010-08-10 17:41 56832 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-08-03 22:16 . 2010-08-10 17:41 74240 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-08-03 22:16 . 2010-08-05 11:45 41288 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-08-03 22:16 . 2010-08-05 11:45 29000 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-08-03 22:16 . 2010-08-11 08:51 -------- d-----w- c:\program files\Spyware Doctor
2010-08-03 22:16 . 2010-08-03 22:16 -------- d-----w- c:\documents and settings\Monika\Application Data\PC Tools
2010-08-03 22:16 . 2005-09-23 06:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-03 22:16 . 2005-07-06 16:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-03 22:16 . 2005-07-06 16:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-03 21:46 . 2010-08-03 21:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-03 15:45 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-03 15:45 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-03 15:45 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-03 15:45 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-03 15:45 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-03 15:45 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-03 15:45 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-03 13:14 . 2010-08-03 13:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMRXATBDWAV
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-sh--w- c:\documents and settings\Monika\PrivacIE
2010-08-03 10:51 . 2010-08-03 10:51 -------- d-sh--w- c:\documents and settings\Monika\IETldCache
2010-08-03 10:47 . 2010-08-03 10:49 -------- dc-h--w- c:\windows\ie8
2010-07-27 09:58 . 2010-07-27 10:00 -------- d-----w- c:\documents and settings\Monika\Application Data\WeatherWatcherLive
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\AskBarDis
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\Weather Watcher Live
2010-07-27 09:48 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\Monika\Application Data\AVS4YOU
2010-07-24 22:54 . 2010-07-24 22:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-24 22:50 . 2010-07-24 22:50 -------- d-----w- c:\windows\system32\drivers\umdf
2010-07-24 22:48 . 2010-07-24 22:48 -------- d-----w- c:\windows\SxsCaPendDel
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\program files\AVS4YOU
2010-07-24 22:44 . 2008-08-13 10:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-24 22:44 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-18 23:03 . 2010-07-18 23:57 -------- d-----w- C:\hudba na ipod
2010-07-18 22:57 . 2010-07-18 22:57 -------- d-----w- c:\program files\iPod
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\program files\iTunes
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-18 22:55 . 2010-07-18 22:55 -------- d-----w- c:\program files\QuickTime
2010-07-18 22:51 . 2010-07-18 22:51 -------- d-----w- c:\program files\Apple Software Update
2010-07-18 22:38 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-18 22:38 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-18 22:37 . 2010-07-18 22:37 -------- d-----w- c:\program files\Bonjour
2010-07-17 09:47 . 2010-06-29 23:13 52224 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-17 09:47 . 2010-06-29 23:13 101376 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 16:56 . 2010-06-18 08:56 -------- d-----w- c:\documents and settings\Monika\Application Data\Skype
2010-08-12 16:19 . 2010-06-18 08:57 -------- d-----w- c:\documents and settings\Monika\Application Data\skypePM
2010-07-28 10:14 . 2010-07-04 20:48 -------- d-----w- c:\documents and settings\Monika\Application Data\Apple Computer
2010-07-27 09:47 . 2010-06-18 08:55 -------- d-----w- c:\program files\Google
2010-07-18 22:57 . 2010-07-04 20:46 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 21:21 . 2010-06-24 14:22 68456 ----a-w- c:\documents and settings\Monika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-04 20:47 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-04 20:46 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-04 20:42 . 2010-07-04 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 20:39 . 2010-07-04 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-04 20:25 . 2010-07-04 20:25 -------- d-----w- c:\program files\Microsoft Works
2010-07-04 20:25 . 2010-06-26 00:19 -------- d-----w- c:\program files\MSBuild
2010-07-04 20:23 . 2010-07-04 20:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-04 20:20 . 2010-07-04 20:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-04 16:47 . 2010-06-18 09:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\Monika\Application Data\Yahoo!
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-26 00:19 . 2010-06-26 00:19 -------- d-----w- c:\program files\Reference Assemblies
2010-06-26 00:16 . 2010-06-26 00:16 -------- d-----w- c:\program files\MSXML 6.0
2010-06-24 15:45 . 2010-06-24 13:48 -------- d-----w- c:\program files\Electronic Arts
2010-06-24 15:45 . 2010-06-17 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 14:23 . 2010-06-24 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 13:57 . 2010-06-24 13:57 10134 ----a-r- c:\documents and settings\Monika\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-24 13:57 . 2010-06-24 13:57 -------- d-----w- c:\program files\Microsoft WSE
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\documents and settings\Monika\Application Data\ACD Systems
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\program files\Yahoo!
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\program files\ACD Systems
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Monika\Application Data\Winamp
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\program files\Winamp
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Detect
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Toolbar
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-06-18 08:57 . 2010-06-18 08:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-18 08:55 . 2010-06-18 08:54 -------- d-----r- c:\program files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\program files\Common Files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-17 17:17 . 2010-06-17 17:17 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 16:58 . 2010-06-17 16:51 -------- d-----w- c:\program files\HPQ
2010-06-17 16:58 . 2010-06-17 06:23 79395 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-17 16:58 . 2010-06-17 16:58 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-06-17 16:58 . 2010-06-17 16:56 -------- d-----w- c:\program files\HP
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\DIFX
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\Texas Instruments Inc
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\Broadcom
2010-06-17 16:55 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\HP Analog TV Tuner
2010-06-17 16:54 . 2010-06-17 16:54 -------- d-----w- c:\program files\NetWaiting
2010-06-17 16:53 . 2010-06-17 16:53 -------- d-----w- c:\program files\Synaptics
2010-06-17 16:52 . 2010-06-17 16:52 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 16:51 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-17 16:50 . 2010-06-17 16:50 -------- d-----w- c:\program files\CONEXANT
2010-06-17 06:24 . 2010-06-17 06:24 -------- d-----w- c:\program files\microsoft frontpage
2010-06-17 06:21 . 2010-06-17 06:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:30 . 2010-06-17 06:21 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-12_08.58.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-12 16:56 . 2010-08-12 16:56 16384 c:\windows\temp\Perflib_Perfdata_fc4.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 68558 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 68558 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 435828 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 435828 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-22 13:38 284040 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 PM 231424]
S2 gupdate1cb0ec4d4140e;Google Update Service (gupdate1cb0ec4d4140e);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2010 9:55 AM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [8/3/2010 11:16 PM 311112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
dobi REG_MULTI_SZ dobi
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 08:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-12 17:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 16:59
ComboFix2.txt 2010-08-12 09:02
Pre-Run: 40,331,636,736 bytes free
Post-Run: 40,323,407,872 bytes free
- - End Of File - - BE097929B9CAA759219FEB14CF3E3777
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Žádám o kontrolu logu z PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Žádám o kontrolu logu z PC
toto je z OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SoftwareDistribution\Download\92a1110b4a13054f0e17f670b412b9ab\BIT6.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kaspersky
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Monika
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 163974 bytes
->FireFox cache emptied: 42279194 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2354 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 41.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.15.0 log created on 08122010_172543
Files moved on Reboot...
Registry entries deleted on Reboot...
A toto je z Comba
ComboFix 10-08-11.05 - Monika 08/12/2010 17:49:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.722 [GMT 1:00]
Running from: c:\documents and settings\Monika\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Monika\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sxvthg
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 16:25 . 2010-08-12 16:25 -------- d-----w- C:\_OTM
2010-08-05 13:44 . 2010-08-12 08:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 11:31 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-05 09:43 . 2010-08-12 08:40 -------- d-----w- c:\program files\trend micro
2010-08-05 09:43 . 2010-08-05 09:47 -------- d-----w- C:\rsit
2010-08-05 09:43 . 2010-08-05 09:44 -------- d-----w- c:\windows\ie8updates
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\Monika\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\INTERNET security
2010-08-03 22:26 . 2010-08-03 22:26 -------- d-----w- C:\kav
2010-08-03 22:16 . 2010-08-10 17:41 56832 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-08-03 22:16 . 2010-08-10 17:41 74240 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-08-03 22:16 . 2010-08-05 11:45 41288 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-08-03 22:16 . 2010-08-05 11:45 29000 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-08-03 22:16 . 2010-08-11 08:51 -------- d-----w- c:\program files\Spyware Doctor
2010-08-03 22:16 . 2010-08-03 22:16 -------- d-----w- c:\documents and settings\Monika\Application Data\PC Tools
2010-08-03 22:16 . 2005-09-23 06:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-03 22:16 . 2005-07-06 16:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-03 22:16 . 2005-07-06 16:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-03 21:46 . 2010-08-03 21:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-03 15:45 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-03 15:45 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-03 15:45 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-03 15:45 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-03 15:45 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-03 15:45 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-03 15:45 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-03 13:14 . 2010-08-03 13:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMRXATBDWAV
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-sh--w- c:\documents and settings\Monika\PrivacIE
2010-08-03 10:51 . 2010-08-03 10:51 -------- d-sh--w- c:\documents and settings\Monika\IETldCache
2010-08-03 10:47 . 2010-08-03 10:49 -------- dc-h--w- c:\windows\ie8
2010-07-27 09:58 . 2010-07-27 10:00 -------- d-----w- c:\documents and settings\Monika\Application Data\WeatherWatcherLive
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\AskBarDis
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\Weather Watcher Live
2010-07-27 09:48 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\Monika\Application Data\AVS4YOU
2010-07-24 22:54 . 2010-07-24 22:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-24 22:50 . 2010-07-24 22:50 -------- d-----w- c:\windows\system32\drivers\umdf
2010-07-24 22:48 . 2010-07-24 22:48 -------- d-----w- c:\windows\SxsCaPendDel
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\program files\AVS4YOU
2010-07-24 22:44 . 2008-08-13 10:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-24 22:44 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-18 23:03 . 2010-07-18 23:57 -------- d-----w- C:\hudba na ipod
2010-07-18 22:57 . 2010-07-18 22:57 -------- d-----w- c:\program files\iPod
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\program files\iTunes
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-18 22:55 . 2010-07-18 22:55 -------- d-----w- c:\program files\QuickTime
2010-07-18 22:51 . 2010-07-18 22:51 -------- d-----w- c:\program files\Apple Software Update
2010-07-18 22:38 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-18 22:38 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-18 22:37 . 2010-07-18 22:37 -------- d-----w- c:\program files\Bonjour
2010-07-17 09:47 . 2010-06-29 23:13 52224 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-17 09:47 . 2010-06-29 23:13 101376 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 16:56 . 2010-06-18 08:56 -------- d-----w- c:\documents and settings\Monika\Application Data\Skype
2010-08-12 16:19 . 2010-06-18 08:57 -------- d-----w- c:\documents and settings\Monika\Application Data\skypePM
2010-07-28 10:14 . 2010-07-04 20:48 -------- d-----w- c:\documents and settings\Monika\Application Data\Apple Computer
2010-07-27 09:47 . 2010-06-18 08:55 -------- d-----w- c:\program files\Google
2010-07-18 22:57 . 2010-07-04 20:46 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 21:21 . 2010-06-24 14:22 68456 ----a-w- c:\documents and settings\Monika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-04 20:47 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-04 20:46 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-04 20:42 . 2010-07-04 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 20:39 . 2010-07-04 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-04 20:25 . 2010-07-04 20:25 -------- d-----w- c:\program files\Microsoft Works
2010-07-04 20:25 . 2010-06-26 00:19 -------- d-----w- c:\program files\MSBuild
2010-07-04 20:23 . 2010-07-04 20:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-04 20:20 . 2010-07-04 20:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-04 16:47 . 2010-06-18 09:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\Monika\Application Data\Yahoo!
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-26 00:19 . 2010-06-26 00:19 -------- d-----w- c:\program files\Reference Assemblies
2010-06-26 00:16 . 2010-06-26 00:16 -------- d-----w- c:\program files\MSXML 6.0
2010-06-24 15:45 . 2010-06-24 13:48 -------- d-----w- c:\program files\Electronic Arts
2010-06-24 15:45 . 2010-06-17 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 14:23 . 2010-06-24 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 13:57 . 2010-06-24 13:57 10134 ----a-r- c:\documents and settings\Monika\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-24 13:57 . 2010-06-24 13:57 -------- d-----w- c:\program files\Microsoft WSE
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\documents and settings\Monika\Application Data\ACD Systems
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\program files\Yahoo!
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\program files\ACD Systems
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Monika\Application Data\Winamp
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\program files\Winamp
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Detect
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Toolbar
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-06-18 08:57 . 2010-06-18 08:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-18 08:55 . 2010-06-18 08:54 -------- d-----r- c:\program files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\program files\Common Files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-17 17:17 . 2010-06-17 17:17 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 16:58 . 2010-06-17 16:51 -------- d-----w- c:\program files\HPQ
2010-06-17 16:58 . 2010-06-17 06:23 79395 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-17 16:58 . 2010-06-17 16:58 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-06-17 16:58 . 2010-06-17 16:56 -------- d-----w- c:\program files\HP
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\DIFX
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\Texas Instruments Inc
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\Broadcom
2010-06-17 16:55 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\HP Analog TV Tuner
2010-06-17 16:54 . 2010-06-17 16:54 -------- d-----w- c:\program files\NetWaiting
2010-06-17 16:53 . 2010-06-17 16:53 -------- d-----w- c:\program files\Synaptics
2010-06-17 16:52 . 2010-06-17 16:52 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 16:51 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-17 16:50 . 2010-06-17 16:50 -------- d-----w- c:\program files\CONEXANT
2010-06-17 06:24 . 2010-06-17 06:24 -------- d-----w- c:\program files\microsoft frontpage
2010-06-17 06:21 . 2010-06-17 06:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:30 . 2010-06-17 06:21 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-12_08.58.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-12 16:56 . 2010-08-12 16:56 16384 c:\windows\temp\Perflib_Perfdata_fc4.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 68558 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 68558 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 435828 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 435828 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-22 13:38 284040 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 PM 231424]
S2 gupdate1cb0ec4d4140e;Google Update Service (gupdate1cb0ec4d4140e);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2010 9:55 AM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [8/3/2010 11:16 PM 311112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
dobi REG_MULTI_SZ dobi
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 08:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-12 17:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 16:59
ComboFix2.txt 2010-08-12 09:02
Pre-Run: 40,331,636,736 bytes free
Post-Run: 40,323,407,872 bytes free
- - End Of File - - BE097929B9CAA759219FEB14CF3E3777
tak dufam, ze som to urobil spravne
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SoftwareDistribution\Download\92a1110b4a13054f0e17f670b412b9ab\BIT6.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kaspersky
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Monika
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 163974 bytes
->FireFox cache emptied: 42279194 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2354 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 41.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTM Restore Point set!
OTM by OldTimer - Version 3.1.15.0 log created on 08122010_172543
Files moved on Reboot...
Registry entries deleted on Reboot...
A toto je z Comba
ComboFix 10-08-11.05 - Monika 08/12/2010 17:49:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.722 [GMT 1:00]
Running from: c:\documents and settings\Monika\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Monika\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sxvthg
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 16:25 . 2010-08-12 16:25 -------- d-----w- C:\_OTM
2010-08-05 13:44 . 2010-08-12 08:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 11:31 . 2010-08-05 11:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-05 09:43 . 2010-08-12 08:40 -------- d-----w- c:\program files\trend micro
2010-08-05 09:43 . 2010-08-05 09:47 -------- d-----w- C:\rsit
2010-08-05 09:43 . 2010-08-05 09:44 -------- d-----w- c:\windows\ie8updates
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\Monika\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-03 23:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 23:11 . 2010-08-03 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky
2010-08-03 22:27 . 2010-08-03 22:27 -------- d-----w- c:\documents and settings\Kaspersky\INTERNET security
2010-08-03 22:26 . 2010-08-03 22:26 -------- d-----w- C:\kav
2010-08-03 22:16 . 2010-08-10 17:41 56832 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-08-03 22:16 . 2010-08-10 17:41 74240 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-08-03 22:16 . 2010-08-05 11:45 41288 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-08-03 22:16 . 2010-08-05 11:45 29000 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-08-03 22:16 . 2010-08-11 08:51 -------- d-----w- c:\program files\Spyware Doctor
2010-08-03 22:16 . 2010-08-03 22:16 -------- d-----w- c:\documents and settings\Monika\Application Data\PC Tools
2010-08-03 22:16 . 2005-09-23 06:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-03 22:16 . 2005-07-06 16:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-03 22:16 . 2005-07-06 16:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-03 21:46 . 2010-08-03 21:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-03 15:45 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-03 15:45 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-03 15:45 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-03 15:45 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-03 15:45 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-03 15:45 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-03 15:45 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-03 13:14 . 2010-08-03 13:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMRXATBDWAV
2010-08-03 12:37 . 2010-08-03 12:37 -------- d-sh--w- c:\documents and settings\Monika\PrivacIE
2010-08-03 10:51 . 2010-08-03 10:51 -------- d-sh--w- c:\documents and settings\Monika\IETldCache
2010-08-03 10:47 . 2010-08-03 10:49 -------- dc-h--w- c:\windows\ie8
2010-07-27 09:58 . 2010-07-27 10:00 -------- d-----w- c:\documents and settings\Monika\Application Data\WeatherWatcherLive
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\AskBarDis
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\program files\Weather Watcher Live
2010-07-27 09:48 . 2004-05-27 00:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2010-07-24 22:57 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\Monika\Application Data\AVS4YOU
2010-07-24 22:54 . 2010-07-24 22:56 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-24 22:50 . 2010-07-24 22:50 -------- d-----w- c:\windows\system32\drivers\umdf
2010-07-24 22:48 . 2010-07-24 22:48 -------- d-----w- c:\windows\SxsCaPendDel
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-07-24 22:44 . 2010-07-24 22:57 -------- d-----w- c:\program files\AVS4YOU
2010-07-24 22:44 . 2008-08-13 10:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-24 22:44 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-18 23:03 . 2010-07-18 23:57 -------- d-----w- C:\hudba na ipod
2010-07-18 22:57 . 2010-07-18 22:57 -------- d-----w- c:\program files\iPod
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\program files\iTunes
2010-07-18 22:57 . 2010-07-18 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-18 22:55 . 2010-07-18 22:55 -------- d-----w- c:\program files\QuickTime
2010-07-18 22:51 . 2010-07-18 22:51 -------- d-----w- c:\program files\Apple Software Update
2010-07-18 22:38 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-07-18 22:38 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-18 22:37 . 2010-07-18 22:37 -------- d-----w- c:\program files\Bonjour
2010-07-17 09:47 . 2010-06-29 23:13 52224 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-17 09:47 . 2010-06-29 23:13 101376 ----a-w- c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 16:56 . 2010-06-18 08:56 -------- d-----w- c:\documents and settings\Monika\Application Data\Skype
2010-08-12 16:19 . 2010-06-18 08:57 -------- d-----w- c:\documents and settings\Monika\Application Data\skypePM
2010-07-28 10:14 . 2010-07-04 20:48 -------- d-----w- c:\documents and settings\Monika\Application Data\Apple Computer
2010-07-27 09:47 . 2010-06-18 08:55 -------- d-----w- c:\program files\Google
2010-07-18 22:57 . 2010-07-04 20:46 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 21:21 . 2010-06-24 14:22 68456 ----a-w- c:\documents and settings\Monika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-04 20:47 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-04 20:46 . 2010-07-04 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-04 20:42 . 2010-07-04 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-04 20:39 . 2010-07-04 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-04 20:25 . 2010-07-04 20:25 -------- d-----w- c:\program files\Microsoft Works
2010-07-04 20:25 . 2010-06-26 00:19 -------- d-----w- c:\program files\MSBuild
2010-07-04 20:23 . 2010-07-04 20:23 -------- d-----w- c:\program files\Microsoft.NET
2010-07-04 20:20 . 2010-07-04 20:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-04 16:47 . 2010-06-18 09:10 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\Monika\Application Data\Yahoo!
2010-07-01 21:52 . 2010-07-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-26 00:19 . 2010-06-26 00:19 -------- d-----w- c:\program files\Reference Assemblies
2010-06-26 00:16 . 2010-06-26 00:16 -------- d-----w- c:\program files\MSXML 6.0
2010-06-24 15:45 . 2010-06-24 13:48 -------- d-----w- c:\program files\Electronic Arts
2010-06-24 15:45 . 2010-06-17 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 14:23 . 2010-06-24 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 13:57 . 2010-06-24 13:57 10134 ----a-r- c:\documents and settings\Monika\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-24 13:57 . 2010-06-24 13:57 -------- d-----w- c:\program files\Microsoft WSE
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\documents and settings\Monika\Application Data\ACD Systems
2010-06-18 09:11 . 2010-06-18 09:11 -------- d-----w- c:\program files\Yahoo!
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-06-18 09:10 . 2010-06-18 09:10 -------- d-----w- c:\program files\ACD Systems
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Monika\Application Data\Winamp
2010-06-18 09:02 . 2010-06-18 09:00 -------- d-----w- c:\program files\Winamp
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Detect
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\program files\Winamp Toolbar
2010-06-18 09:01 . 2010-06-18 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-06-18 08:57 . 2010-06-18 08:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-18 08:55 . 2010-06-18 08:54 -------- d-----r- c:\program files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\program files\Common Files\Skype
2010-06-18 08:54 . 2010-06-18 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-06-17 17:17 . 2010-06-17 17:17 0 ----a-w- c:\windows\nsreg.dat
2010-06-17 16:58 . 2010-06-17 16:51 -------- d-----w- c:\program files\HPQ
2010-06-17 16:58 . 2010-06-17 06:23 79395 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-17 16:58 . 2010-06-17 16:58 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-06-17 16:58 . 2010-06-17 16:56 -------- d-----w- c:\program files\HP
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\DIFX
2010-06-17 16:57 . 2010-06-17 16:57 -------- d-----w- c:\program files\Texas Instruments Inc
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\Broadcom
2010-06-17 16:55 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-17 16:55 . 2010-06-17 16:55 -------- d-----w- c:\program files\HP Analog TV Tuner
2010-06-17 16:54 . 2010-06-17 16:54 -------- d-----w- c:\program files\NetWaiting
2010-06-17 16:53 . 2010-06-17 16:53 -------- d-----w- c:\program files\Synaptics
2010-06-17 16:52 . 2010-06-17 16:52 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 16:51 . 2010-06-17 16:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-17 16:50 . 2010-06-17 16:50 -------- d-----w- c:\program files\CONEXANT
2010-06-17 06:24 . 2010-06-17 06:24 -------- d-----w- c:\program files\microsoft frontpage
2010-06-17 06:21 . 2010-06-17 06:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:30 . 2010-06-17 06:21 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-12_08.58.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-12 16:56 . 2010-08-12 16:56 16384 c:\windows\temp\Perflib_Perfdata_fc4.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 68558 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 68558 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-12 16:42 435828 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-12 08:16 435828 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-22 13:38 284040 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 PM 231424]
S2 gupdate1cb0ec4d4140e;Google Update Service (gupdate1cb0ec4d4140e);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2010 9:55 AM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [8/3/2010 11:16 PM 311112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
dobi REG_MULTI_SZ dobi
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 08:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\rvr59nrt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-12 17:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 16:59
ComboFix2.txt 2010-08-12 09:02
Pre-Run: 40,331,636,736 bytes free
Post-Run: 40,323,407,872 bytes free
- - End Of File - - BE097929B9CAA759219FEB14CF3E3777
tak dufam, ze som to urobil spravne
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Žádám o kontrolu logu z PC
ano spravne,,internet uz funguje?/
Teraz sprav toto:
start-spustit-napis regedit a preklikaj az na zlozku svchost.
+HKEY_LOCAL_MACHINE
+software
+microsoft
+windows nt
+currentversion
svchost<<pravy klik-exportovat-napis nazov- fix.reg-uloz na plochu<pravy klik na fix.reg-upravit-otvor-a obsah vloz sem.
Teraz sprav toto:
start-spustit-napis regedit a preklikaj az na zlozku svchost.
+HKEY_LOCAL_MACHINE
+software
+microsoft
+windows nt
+currentversion
svchost<<pravy klik-exportovat-napis nazov- fix.reg-uloz na plochu<pravy klik na fix.reg-upravit-otvor-a obsah vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: Žádám o kontrolu logu z PC
ten net raz ide, raz nie, ale zatial vsetko ide ako ma, inak tu je ten ten fix
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,\
49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,\
00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"dobi"=hex(7):64,00,6f,00,62,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
Si jednotka mimochodom, ze pomahas takto ludom
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,\
49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,\
00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"dobi"=hex(7):64,00,6f,00,62,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008
Si jednotka mimochodom, ze pomahas takto ludom
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: Žádám o kontrolu logu z PC
pravy klik na fix.reg na ploche-upravit-a otvor.
zmaz tento riadok,ale daj pozor presne tento riadok a nic viac,
"dobi"=hex(7):64,00,6f,00,62,00,69,00,00,00,00,00
suhlasis so zmenou,a zatvor-.
2x klikni a spust fix.reg-suhlas -restart.
Znova vy exportuj svchost na plochu nazov daj ukaz.reg-a obsah vloz sem.
zmaz tento riadok,ale daj pozor presne tento riadok a nic viac,
"dobi"=hex(7):64,00,6f,00,62,00,69,00,00,00,00,00
suhlasis so zmenou,a zatvor-.
2x klikni a spust fix.reg-suhlas -restart.
Znova vy exportuj svchost na plochu nazov daj ukaz.reg-a obsah vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Přispějete na provoz fóra?