VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomalé PC asi virus

https://forum.viry.cz:443/viewtopic.php?t=124241

Stránka 2 z 4

Re: Pomalé PC asi virus

Napsal: 11 zář 2012 20:02
od karelstepanik
Poznámkový blok - systém nemuže nalézt uvedenou cestu

tuhle hlášku mi to háže poté co zapnu rkill - nemám tedys žádnou zprávu co bych tu mohl zkopírovat

Mám pokračovat s tím Combofixem?

Re: Pomalé PC asi virus

Napsal: 11 zář 2012 20:07
od vyosek
Nic se nedeje, pokracujte ComboFixem

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 19:53
od karelstepanik
ComboFix 12-09-12.03 - Karlos 12.09.2012 20:23:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1165 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karlos\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Karlos\LOCALS~1\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\documents and settings\Karlos\Local Settings\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\documents and settings\Karlos\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\documents and settings\Karlos\setup_FOTOSVET_Schlecker_2.exe
c:\documents and settings\Karlos\WINDOWS
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\BCHelper.exe
c:\program files\BrowserCompanion\blabbers-ff-full.xpi
c:\program files\BrowserCompanion\jsloader.dll
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\sqlite3.dll
c:\program files\BrowserCompanion\tdataprotocol.dll
c:\program files\BrowserCompanion\toolbar.dll
c:\program files\BrowserCompanion\uninstall.exe
c:\program files\BrowserCompanion\updatebhoWin32.dll
c:\program files\BrowserCompanion\updater.ini
c:\program files\BrowserCompanion\widgetserv.exe
c:\program files\codec
c:\program files\codec\uninstall.exe
c:\windows\iun6002.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\CddbCdda.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\SET1E95.tmp
c:\windows\system32\SET1EA1.tmp
c:\windows\system32\SET1EF2.tmp
c:\windows\system32\SET1EF5.tmp
c:\windows\system32\SET1EF8.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-12 do 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-11 17:10 . 2012-09-11 17:10 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-11 15:23 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-11 15:23 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-11 15:22 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-11 15:22 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-11 15:22 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-11 15:22 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-11 15:22 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-11 15:22 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-11 15:21 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-11 15:21 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-11 15:20 . 2012-09-11 15:20 -------- d-----w- c:\program files\AVAST Software
2012-09-11 15:20 . 2012-09-11 15:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-09-02 13:12 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-02 13:12 . 2012-09-12 18:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2012-09-02 13:12 . 2012-09-02 13:12 -------- d-----w- c:\documents and settings\Karlos\Data aplikací\Spyware Terminator
2012-09-02 13:09 . 2012-09-02 13:10 -------- d-----w- c:\documents and settings\Karlos\Data aplikací\Ad-Aware Antivirus
2012-08-31 19:03 . 2012-08-31 19:03 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-08-31 19:02 . 2012-09-11 15:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-08-27 19:31 . 2012-08-27 19:31 -------- d-----w- c:\documents and settings\Karlos\Local Settings\Data aplikací\Temp
2012-08-24 11:00 . 2012-08-25 16:55 -------- d-----w- c:\program files\Wrocklage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 13:10 . 2008-10-08 10:16 87608 ----a-w- c:\documents and settings\Karlos\Data aplikací\inst.exe
2012-09-02 13:10 . 2008-10-08 10:16 47360 ----a-w- c:\documents and settings\Karlos\Data aplikací\pcouffin.sys
2012-08-24 09:23 . 2012-04-16 07:25 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 09:23 . 2011-06-06 17:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-01-21 18:10 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-11 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-01 20065896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-06-21 2786512]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-06-21 3669712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\r:\0autocheck autochk /r \??\q:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"AlcoholAutomount"="d:\program files\Alcohol 120\axcmd.exe" /automount
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Documents and Settings\\Karlos\\Plocha\\STRONG\\StrongDC.exe"=
"d:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22669:TCP"= 22669:TCP:BitComet 22669 TCP
"22669:UDP"= 22669:UDP:BitComet 22669 UDP
"2385:UDP"= 2385:UDP:Windows Media Format SDK (winamp.exe)
"2384:UDP"= 2384:UDP:Windows Media Format SDK (winamp.exe)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.1.2008 20:55 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.9.2012 17:22 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.9.2012 17:23 355632]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2.9.2012 15:12 32768]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [16.10.2008 16:13 120320]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [16.10.2008 20:47 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [16.10.2008 17:44 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2012 17:23 21256]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 12:08 47616]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2.9.2012 15:12 483024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 19:23 1483072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [11.10.2011 21:29 99856]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [19.6.2009 9:48 618112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 14:34 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2011 13:04 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.4.2012 9:25 250568]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Karlos\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Karlos\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.10.2011 21:56 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [24.6.2012 21:26 30312]
S3 AODDriver;AODDriver;\??\c:\program files\GIGABYTE\ET6\i386\AODDriver.sys --> c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [24.6.2012 21:18 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5.2.2011 15:02 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [11.2.2010 15:01 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5.2.2011 15:02 8456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.12.2009 13:31 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2011 13:04 136176]
S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\system32\drivers\lg3gbus.sys [12.4.2008 13:26 83080]
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\system32\drivers\lg3gmdfl.sys [12.4.2008 13:26 15112]
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\system32\drivers\lg3gmdm.sys [12.4.2008 13:26 108552]
S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lg3gmgmt.sys [12.4.2008 13:26 100360]
S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\lg3gnd5.sys [12.4.2008 13:26 23176]
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\system32\drivers\lg3gobex.sys [12.4.2008 13:26 98568]
S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\lg3gunic.sys [12.4.2008 13:26 98952]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8.10.2008 12:16 47360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [24.6.2012 21:26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [24.6.2012 21:26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [24.6.2012 21:26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [24.6.2012 21:26 114280]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 09:23]
.
2012-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-11 09:12]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:04]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:04]
.
2012-09-12 c:\windows\Tasks\User_Feed_Synchronization-{A81602BA-E1F3-411F-B5EB-6A752FD77DBF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-09-12 c:\windows\Tasks\User_Feed_Synchronization-{BAC2A0E8-C6F9-4FAC-92B1-DE34CE31843F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-68784659.sys
AddRemove-BrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe
AddRemove-Codec - c:\program files\Codec\uninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-LifeGlobe Goldfish Aquarium 2.0_is1 - c:\program files\Prolific Publishing
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-12 20:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1604221776-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:92,5a,fd,ca,0b,f1,88,2d,47,47,b7,16,10,ca,76,9b,bf,77,f4,24,2d,
c5,29,d0,9f,2d,99,2f,ad,ac,2b,17,de,1c,2e,bd,39,ae,fe,0f,b6,a5,9f,89,64,55,\
"rkeysecu"=hex:15,1f,80,4e,c4,b4,1a,b9,15,45,1c,d7,95,7a,9d,2f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5872)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
c:\windows\WebIE.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
d:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\UAService7.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
**************************************************************************
.
Celkový čas: 2012-09-12 20:52:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-12 18:52
.
Před spuštěním: 6 105 358 336
Po spuštění: 7 623 876 608
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 994131ED7D0393F421F3EDF925E371B8

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 19:54
od karelstepanik
Ten Combofx mi pořád psal, že je zapnuté AVG, i když to už v PC není, nerozumím tomu.

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:16
od vyosek
Muzete mi prosim zkusit spustit tento RKill http://www.bleepingcomputer.com/temp/rkill.exe - je to prani primo autora Grinlera, snazi se opravit problem, ktery s nim byl\je

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:20
od karelstepanik
Zase mi to nevypíše log , jen se otevře prázdné okno poznámkového bloku.

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:27
od vyosek
Ale poznamkovy blok se otevrel - nepsal opet tu chybu ze system nemuze nalezt uvedenou cestu

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:34
od karelstepanik
Otevřel a zase ta hláška co jste napsal a zůstal prázdný, to samé co minule.

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:42
od vyosek
:arrow: OK, diky za info, predam autorovi, uz na tom pracuje :wink:

:arrow: Poprosim o log z DDS

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:47
od karelstepanik
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Karlos at 21:46:32 on 2012-09-12
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.924 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
D:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: WebTransBHO Class: {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - c:\windows\WebIE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WebTranslator: {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - c:\windows\WebIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{4C6D3959-F5E0-4FD5-8789-E60814E53A10} : DHCPNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{6AD37792-085E-4649-AB07-00EE8F7F0FB3} : DHCPNameServer = 213.46.172.38 213.46.172.39
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-11 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-11 355632]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-9-2 32768]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2008-10-16 120320]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2008-10-16 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-10-16 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-11 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-11 44808]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\data aplikací\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-9-2 483024]
R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-11 99856]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-6-19 618112]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-12-25 47616]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250568]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\karlos\locals~1\temp\alsysio.sys --> c:\docume~1\karlos\locals~1\temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-11 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-6-24 30312]
S3 AODDriver;AODDriver;\??\c:\program files\gigabyte\et6\i386\aoddriver.sys --> c:\program files\gigabyte\et6\i386\AODDriver.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\karlos\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\karlos\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-6-24 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-5 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-2-11 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-5 8456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-25 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\system32\drivers\lg3gbus.sys [2008-4-12 83080]
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\system32\drivers\lg3gmdfl.sys [2008-4-12 15112]
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\system32\drivers\lg3gmdm.sys [2008-4-12 108552]
S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lg3gmgmt.sys [2008-4-12 100360]
S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\lg3gnd5.sys [2008-4-12 23176]
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\system32\drivers\lg3gobex.sys [2008-4-12 98568]
S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\lg3gunic.sys [2008-4-12 98952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-24 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-24 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-24 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-6-24 114280]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-09-12 18:20:56 -------- d-sha-r- C:\cmdcons
2012-09-12 18:18:11 98816 ----a-w- c:\windows\sed.exe
2012-09-12 18:18:11 256000 ----a-w- c:\windows\PEV.exe
2012-09-12 18:18:11 208896 ----a-w- c:\windows\MBR.exe
2012-09-12 18:17:44 -------- d-----w- C:\ComboFix
2012-09-11 17:10:56 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-11 15:22:55 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-11 15:21:45 41224 ----a-w- c:\windows\avastSS.scr
2012-09-11 15:20:52 -------- d-----w- c:\program files\AVAST Software
2012-09-11 15:20:52 -------- d-----w- c:\documents and settings\all users\data aplikací\AVAST Software
2012-09-02 13:12:35 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-02 13:12:34 -------- d-----w- c:\documents and settings\karlos\data aplikací\Spyware Terminator
2012-09-02 13:12:34 -------- d-----w- c:\documents and settings\all users\data aplikací\Spyware Terminator
2012-09-02 13:09:04 -------- d-----w- c:\documents and settings\karlos\data aplikací\Ad-Aware Antivirus
2012-08-31 19:03:14 -------- d--h--w- c:\documents and settings\all users\data aplikací\Common Files
2012-08-31 19:02:45 -------- d-----w- c:\documents and settings\all users\data aplikací\MFAData
2012-08-27 19:31:00 -------- d-----w- c:\documents and settings\karlos\local settings\data aplikací\Temp
2012-08-24 11:00:55 -------- d-----w- c:\program files\Wrocklage
.
==================== Find3M ====================
.
2012-09-02 13:10:40 87608 ----a-w- c:\documents and settings\karlos\data aplikací\inst.exe
2012-09-02 13:10:40 47360 ----a-w- c:\documents and settings\karlos\data aplikací\pcouffin.sys
2012-08-24 09:23:11 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 09:23:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:17 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22:37 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:38:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38:19 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:56 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 21:46:55,23 ===============

Re: Pomalé PC asi virus

Napsal: 12 zář 2012 20:54
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

SecCenter::
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

DDS::
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uRun: [Skype]
uRun: [swg]
mRun: [ISUSScheduler]
mRun: [Adobe ARM]
mRun: [QuickTime Task]
mRun: [SpywareTerminatorShield]
mRun: [SpywareTerminatorUpdater]

RegNull::
[HKEY_USERS\S-1-5-21-1275210071-1604221776-1801674531-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Pomalé PC asi virus

Napsal: 13 zář 2012 19:40
od karelstepanik
ComboFix 12-09-13.03 - Karlos 13.09.2012 20:21:30.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1281 [GMT 2:00]
Spuštěný z: c:\documents and settings\Karlos\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karlos\Plocha\CFSCRIPT.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-13 do 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-11 17:10 . 2012-09-11 17:10 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-11 15:23 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-11 15:23 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-11 15:22 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-11 15:22 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-11 15:22 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-11 15:22 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-11 15:22 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-11 15:22 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-11 15:21 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-11 15:21 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-11 15:20 . 2012-09-11 15:20 -------- d-----w- c:\program files\AVAST Software
2012-09-11 15:20 . 2012-09-11 15:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-09-02 13:12 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-02 13:12 . 2012-09-13 18:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2012-09-02 13:12 . 2012-09-02 13:12 -------- d-----w- c:\documents and settings\Karlos\Data aplikací\Spyware Terminator
2012-09-02 13:09 . 2012-09-02 13:10 -------- d-----w- c:\documents and settings\Karlos\Data aplikací\Ad-Aware Antivirus
2012-08-31 19:03 . 2012-08-31 19:03 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-08-31 19:02 . 2012-09-11 15:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-08-27 19:31 . 2012-08-27 19:31 -------- d-----w- c:\documents and settings\Karlos\Local Settings\Data aplikací\Temp
2012-08-24 11:00 . 2012-08-25 16:55 -------- d-----w- c:\program files\Wrocklage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 13:10 . 2008-10-08 10:16 87608 ----a-w- c:\documents and settings\Karlos\Data aplikací\inst.exe
2012-09-02 13:10 . 2008-10-08 10:16 47360 ----a-w- c:\documents and settings\Karlos\Data aplikací\pcouffin.sys
2012-08-24 09:23 . 2012-04-16 07:25 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 09:23 . 2011-06-06 17:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-01-21 18:10 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-12_18.45.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-13 18:31 . 2012-09-13 18:31 16384 c:\windows\temp\Perflib_Perfdata_300.dat
+ 2008-05-05 15:27 . 2012-09-12 20:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-08-30 01:06 . 2012-08-30 01:06 5007872 c:\windows\Installer\aafad.msp
+ 2008-05-05 15:27 . 2012-09-12 20:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-05 15:27 . 2012-08-16 08:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-05 15:27 . 2012-09-12 20:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-02-12 08:19 . 2012-09-12 20:28 62164608 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-01 20065896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\r:\0autocheck autochk /r \??\q:\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Documents and Settings\\Karlos\\Plocha\\STRONG\\StrongDC.exe"=
"d:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22669:TCP"= 22669:TCP:BitComet 22669 TCP
"22669:UDP"= 22669:UDP:BitComet 22669 UDP
"2385:UDP"= 2385:UDP:Windows Media Format SDK (winamp.exe)
"2384:UDP"= 2384:UDP:Windows Media Format SDK (winamp.exe)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.1.2008 20:55 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.9.2012 17:22 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.9.2012 17:23 355632]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2.9.2012 15:12 32768]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [16.10.2008 16:13 120320]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [16.10.2008 20:47 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [16.10.2008 17:44 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2012 17:23 21256]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 12:08 47616]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2.9.2012 15:12 483024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 19:23 1483072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [11.10.2011 21:29 99856]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [19.6.2009 9:48 618112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 14:34 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2011 13:04 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.4.2012 9:25 250568]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Karlos\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Karlos\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.10.2011 21:56 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [24.6.2012 21:26 30312]
S3 AODDriver;AODDriver;\??\c:\program files\GIGABYTE\ET6\i386\AODDriver.sys --> c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [24.6.2012 21:18 20032]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5.2.2011 15:02 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [11.2.2010 15:01 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5.2.2011 15:02 8456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18.8.2005 7168]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.12.2009 13:31 36608]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2011 13:04 136176]
S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\system32\drivers\lg3gbus.sys [12.4.2008 13:26 83080]
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\system32\drivers\lg3gmdfl.sys [12.4.2008 13:26 15112]
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\system32\drivers\lg3gmdm.sys [12.4.2008 13:26 108552]
S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lg3gmgmt.sys [12.4.2008 13:26 100360]
S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\lg3gnd5.sys [12.4.2008 13:26 23176]
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\system32\drivers\lg3gobex.sys [12.4.2008 13:26 98568]
S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\lg3gunic.sys [12.4.2008 13:26 98952]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8.10.2008 12:16 47360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [24.6.2012 21:26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [24.6.2012 21:26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [24.6.2012 21:26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [24.6.2012 21:26 114280]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 09:23]
.
2012-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-11 09:12]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:04]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:04]
.
2012-09-12 c:\windows\Tasks\User_Feed_Synchronization-{A81602BA-E1F3-411F-B5EB-6A752FD77DBF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-09-13 c:\windows\Tasks\User_Feed_Synchronization-{BAC2A0E8-C6F9-4FAC-92B1-DE34CE31843F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
d:\program files\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\UAService7.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2012-09-13 20:38:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-13 18:38
ComboFix2.txt 2012-09-12 18:52
.
Před spuštěním: 7 287 246 848
Po spuštění: 7 379 382 272
.
- - End Of File - - 10AAB1BF6E8550F0D9237D9A60E77418

Re: Pomalé PC asi virus

Napsal: 13 zář 2012 22:02
od vyosek
Jak se chova PC :???:

Re: Pomalé PC asi virus

Napsal: 14 zář 2012 08:51
od karelstepanik
Je to mnohem lepší, zatím nevyskočila žádná nechtěná stránka. Vypadá to, že je to v pořádku, ale pořád se mi zdá, ten počítač takový pomalejší než býval.

Re: Pomalé PC asi virus

Napsal: 14 zář 2012 09:31
od karelstepanik
Ještě mi teď vyskočila při prohlížení stránek jakoby instalační tabulka Microsof Office 2000 Premium. S tím, že funkce , kterou chci použít se nachází na disku CD-ROM nebo jiném výměnném disku, který není přístupný. A chce to po mě vložit disk Microsoft Office Premium 2000. Já přitom mám office 2007.
Tabulka vyskočila při běžném prohlížení internetových stránek. Už se mi to stalo vícekrát.
Všechny časy jsou v UTC+01:00
Stránka 2 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz