Re: Prosim pomoc- falesny antivirus
Napsal: 25 zář 2012 22:01
aha chyba je na strane eset.com/us/ pravě problem řeší 
VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
Prosim pomoc- falesny antivirus
Stránka 2 z 3
Re: Prosim pomoc- falesny antivirus
Napsal: 26 zář 2012 07:39
Ano, bohuzel ESET zatim je mimo, vydrzte prosim
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 05:13
Log Opened: 2012-09-27 @ 06:03:00
06:03:00 - -----------------
06:03:00 - | Begin Logging |
06:03:00 - -----------------
06:03:00 - Fix started on a WIN_XP X86 computer
06:03:00 - Prep in progress. Please Wait.
06:03:07 - Prep complete
06:03:07 - Repairing Services Now. Please wait...
06:03:09 - Services Repair Complete.
06:03:12 - Reboot Initiated
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 05:13
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/27/2012 05:12:06 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
* Alerter [Missing ImagePath]
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/27/2012 05:12:59 AM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/27/2012 05:12:06 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
* Alerter [Missing ImagePath]
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/27/2012 05:12:59 AM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 19:24
Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe
- Ulozte nejlepe na Plochu
- U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
- Kliknete na Scan
- Po dokonceni skenu se objevi log FSS.txt ten sem vlozte
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 21:25
Farbar Service Scanner Version: 19-09-2012
Ran by Dodo Group (administrator) on 27-09-2012 at 21:25:33
Running from "C:\Documents and Settings\Dodo Group\Plocha"
Systém Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-09-28 13:05] - [2008-04-14 07:51] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-09-28 13:05] - [2009-04-20 18:19] - 0045568 ____A (Microsoft Corporation) DFAA406BF19F4EE806A6F8D4342137F7
C:\WINDOWS\system32\ipnathlp.dll
[2009-09-28 13:05] - [2008-04-14 07:51] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E
C:\WINDOWS\system32\netman.dll
[2009-09-28 13:05] - [2008-04-14 07:51] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-09-28 13:05] - [2008-04-14 07:52] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\srsvc.dll
[2009-09-28 13:05] - [2008-04-14 07:52] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE
C:\WINDOWS\system32\Drivers\sr.sys
[2009-09-28 13:05] - [2008-04-14 07:11] - 0073344 ____A (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7
C:\WINDOWS\system32\wscsvc.dll
[2009-09-28 13:20] - [2008-04-14 07:52] - 0080896 ____N (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-09-28 13:05] - [2008-04-14 07:52] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6
C:\WINDOWS\system32\wuauserv.dll
[2009-09-28 13:05] - [2008-04-14 07:52] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308
C:\WINDOWS\system32\qmgr.dll
[2009-09-28 13:05] - [2008-04-14 07:51] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8
C:\WINDOWS\system32\es.dll
[2009-09-28 13:05] - [2008-07-07 21:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F
C:\WINDOWS\system32\cryptsvc.dll
[2009-09-28 13:05] - [2008-04-14 07:51] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF
C:\WINDOWS\system32\svchost.exe
[2009-09-28 13:05] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93
C:\WINDOWS\system32\rpcss.dll
[2009-09-28 13:05] - [2009-02-09 11:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF
C:\WINDOWS\system32\services.exe
[2009-09-28 13:05] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7
Extra List:
=======
AegisP(17) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(16)
0x1100000005000000010000000200000003000000040000000D000000060000000700000008000000090000000A0000000B0000000C0000000E0000000F0000001000000011000000
IpSec Tag value is correct.
**** End of log ****
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 21:26
Poprosim o log z DDS
- Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
- Spustte a kliknete na Start
- Po chvili vyskoci log, ten rad uvidim
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 21:41
to jsou věci ..vidím že není sranda se zbavit takové havěti 
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dodo Group at 21:40:24 on 2012-09-27
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2056 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dodo Group\Plocha\FSS.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\dodo group\data aplikací\complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{43339F70-5089-493B-8C85-40B717D80F68} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dodo group\data aplikací\mozilla\firefox\profiles\spd5csb3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638664&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - component: c:\documents and settings\dodo group\data aplikací\mozilla\firefox\profiles\spd5csb3.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-23 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-25 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-16 913752]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-11-23 110032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-11-23 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-23 83392]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-28 39424]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-9-28 69120]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-15 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2012-5-30 75040]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2009-9-28 16512]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-15 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-28 14336]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=NotePad.exe "%1" %*
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2012-09-26 02:04:44 -------- d-----w- c:\program files\Text2PDF v1.5
2012-09-25 13:35:41 98816 ----a-w- c:\windows\sed.exe
2012-09-25 13:35:41 256000 ----a-w- c:\windows\PEV.exe
2012-09-25 13:35:41 208896 ----a-w- c:\windows\MBR.exe
2012-09-22 17:39:16 -------- d-----w- c:\documents and settings\all users\data aplikací\McAfee Security Scan
2012-09-22 17:38:57 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-18 22:04:50 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-09-18 21:46:54 -------- d-----w- c:\documents and settings\all users\Data aplikacĂ
.
==================== Find3M ====================
.
2012-09-25 15:02:17 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 15:02:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:17 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22:37 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38:19 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:56 385024 ------w- c:\windows\system32\html.iec
2012-02-24 15:37:26 887600 ----a-w- c:\program files\common files\AutoCompletePro.exe
.
============= FINISH: 21:41:27,65 ===============
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dodo Group at 21:40:24 on 2012-09-27
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.2056 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dodo Group\Plocha\FSS.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/?clid=6826
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\dodo group\data aplikací\complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{43339F70-5089-493B-8C85-40B717D80F68} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dodo group\data aplikací\mozilla\firefox\profiles\spd5csb3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638664&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - component: c:\documents and settings\dodo group\data aplikací\mozilla\firefox\profiles\spd5csb3.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-23 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-25 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-16 913752]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-11-23 110032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-11-23 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-23 83392]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-28 39424]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-9-28 69120]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-15 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2012-5-30 75040]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2009-9-28 16512]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-15 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-28 14336]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=NotePad.exe "%1" %*
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2012-09-26 02:04:44 -------- d-----w- c:\program files\Text2PDF v1.5
2012-09-25 13:35:41 98816 ----a-w- c:\windows\sed.exe
2012-09-25 13:35:41 256000 ----a-w- c:\windows\PEV.exe
2012-09-25 13:35:41 208896 ----a-w- c:\windows\MBR.exe
2012-09-22 17:39:16 -------- d-----w- c:\documents and settings\all users\data aplikací\McAfee Security Scan
2012-09-22 17:38:57 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-18 22:04:50 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-09-18 21:46:54 -------- d-----w- c:\documents and settings\all users\Data aplikacĂ
.
==================== Find3M ====================
.
2012-09-25 15:02:17 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 15:02:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:17 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22:37 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38:19 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:56 385024 ------w- c:\windows\system32\html.iec
2012-02-24 15:37:26 887600 ----a-w- c:\program files\common files\AutoCompletePro.exe
.
============= FINISH: 21:41:27,65 ===============
Re: Prosim pomoc- falesny antivirus
Napsal: 27 zář 2012 21:54
Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files\iobit DDS:: uRun: [Advanced SystemCare 5] mRun: [QuickTime Task] mRun: [Adobe ARM] mRun: [SunJavaUpdateSched] uStart Page = hxxp://www.seznam.cz/?clid=6826 Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"=- "5985:TCP"=- File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91e9c0dd0e54.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\switchShakeIcon.job c:\windows\Tasks\wavepadShakeIcon.job c:\windows\Tasks\WGASetup.job Firefox:: FF - ProfilePath - c:\documents and settings\Dodo Group\Data aplikací\Mozilla\Firefox\Profiles\spd5csb3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =616163&p= FF - prefs.js: browser.search.selectedEngine - Blekko FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraciRe: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 13:50
jéhe to jsou mi věci 
China je všude
ComboFix 12-09-24.03 - Dodo Group 28.09.2012 13:30:51.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.1993 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dodo Group\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dodo Group\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91e9c0dd0e54.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\switchShakeIcon.job"
"c:\windows\Tasks\wavepadShakeIcon.job"
"c:\windows\Tasks\WGASetup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iobit
c:\program files\iobit\Advanced SystemCare 5\ASCv5ExtMenu.tmp
c:\program files\iobit\Advanced SystemCare 5\checkinfo.txt
c:\program files\iobit\Advanced SystemCare 5\License.dat
c:\program files\iobit\Advanced SystemCare 5\Main.ini
c:\program files\iobit\Advanced SystemCare 5\rtl120.bpl
c:\program files\iobit\Advanced SystemCare 5\sh.dat
c:\program files\iobit\Advanced SystemCare 5\Uninstall.log
c:\program files\iobit\Advanced SystemCare 5\Update.dat
c:\program files\iobit\Advanced SystemCare 5\Update\LastCheck.Ini
c:\program files\iobit\Advanced SystemCare 5\Update\Update.Ini
c:\program files\iobit\Advanced SystemCare 5\vcl120.bpl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-26 02:04 . 2012-09-26 02:04 -------- d-----w- c:\program files\Text2PDF v1.5
2012-09-23 23:23 . 2012-09-23 23:24 -------- d-----w- C:\rsit
2012-09-23 21:58 . 2012-09-23 21:58 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-09-22 17:39 . 2012-09-22 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2012-09-22 17:38 . 2012-09-23 21:57 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-18 22:04 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-09-18 21:46 . 2012-09-18 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 15:02 . 2012-04-07 15:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-25 15:02 . 2011-06-02 02:59 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2009-09-28 12:05 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-09-28 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2009-09-28 12:05 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2009-09-28 12:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2009-09-28 12:05 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2009-09-28 12:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2009-09-28 12:20 385024 ------w- c:\windows\system32\html.iec
2012-02-24 15:37 . 2012-04-16 13:16 887600 ----a-w- c:\program files\Common Files\AutoCompletePro.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-5-30 1650688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Hry\\Soldat\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Hry\\heroes 3\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.9.2009 14:59 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23.11.2011 18:44 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.12.2011 6:48 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [23.11.2011 18:44 86224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3.11.2011 15:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3.11.2011 15:44 497280]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.9.2009 13:44 39424]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.1.2012 14:16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 12:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7.4.2012 16:03 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.1.2012 14:16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [3.9.2010 7:45 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [15.1.2010 13:18 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91e9c0dd0e54.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 13:16]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 13:16]
.
2012-02-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-30 15:53]
.
2012-02-09 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-30 15:53]
.
2012-07-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-12-26 21:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Dodo Group\Data aplikací\Mozilla\Firefox\Profiles\spd5csb3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-28 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1484)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2012-09-28 13:46:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-28 12:46
ComboFix2.txt 2012-09-25 13:49
.
Před spuštěním: Volných bajtů: 37 845 958 656
Po spuštění: Volných bajtů: 38 218 018 816
.
- - End Of File - - 97FB0B3D717B6A119BA0D700D8043543
China je všude ComboFix 12-09-24.03 - Dodo Group 28.09.2012 13:30:51.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3001.1993 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dodo Group\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dodo Group\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91e9c0dd0e54.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\switchShakeIcon.job"
"c:\windows\Tasks\wavepadShakeIcon.job"
"c:\windows\Tasks\WGASetup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iobit
c:\program files\iobit\Advanced SystemCare 5\ASCv5ExtMenu.tmp
c:\program files\iobit\Advanced SystemCare 5\checkinfo.txt
c:\program files\iobit\Advanced SystemCare 5\License.dat
c:\program files\iobit\Advanced SystemCare 5\Main.ini
c:\program files\iobit\Advanced SystemCare 5\rtl120.bpl
c:\program files\iobit\Advanced SystemCare 5\sh.dat
c:\program files\iobit\Advanced SystemCare 5\Uninstall.log
c:\program files\iobit\Advanced SystemCare 5\Update.dat
c:\program files\iobit\Advanced SystemCare 5\Update\LastCheck.Ini
c:\program files\iobit\Advanced SystemCare 5\Update\Update.Ini
c:\program files\iobit\Advanced SystemCare 5\vcl120.bpl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-26 02:04 . 2012-09-26 02:04 -------- d-----w- c:\program files\Text2PDF v1.5
2012-09-23 23:23 . 2012-09-23 23:24 -------- d-----w- C:\rsit
2012-09-23 21:58 . 2012-09-23 21:58 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-09-22 17:39 . 2012-09-22 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2012-09-22 17:38 . 2012-09-23 21:57 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-18 22:04 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-09-18 21:46 . 2012-09-18 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 15:02 . 2012-04-07 15:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-25 15:02 . 2011-06-02 02:59 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2009-09-28 12:05 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-09-28 12:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2009-09-28 12:05 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2009-09-28 12:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2009-09-28 12:05 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2009-09-28 12:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2009-09-28 12:20 385024 ------w- c:\windows\system32\html.iec
2012-02-24 15:37 . 2012-04-16 13:16 887600 ----a-w- c:\program files\Common Files\AutoCompletePro.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-5-30 1650688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Hry\\Soldat\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Hry\\heroes 3\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.9.2009 14:59 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23.11.2011 18:44 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25.12.2011 6:48 239168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 10:15 66632]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [23.11.2011 18:44 86224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [3.11.2011 15:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [3.11.2011 15:44 497280]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.9.2009 13:44 39424]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.1.2012 14:16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 12:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7.4.2012 16:03 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.1.2012 14:16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [3.9.2010 7:45 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [15.1.2010 13:18 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 10:15 12872]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91e9c0dd0e54.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 13:16]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 13:16]
.
2012-02-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-30 15:53]
.
2012-02-09 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-30 15:53]
.
2012-07-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-12-26 21:18]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Dodo Group\Data aplikací\Mozilla\Firefox\Profiles\spd5csb3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: GamePlayLabs Plugin: plugin@gameplaylabs.com - %profile%\extensions\plugin@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-28 13:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1484)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2012-09-28 13:46:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-28 12:46
ComboFix2.txt 2012-09-25 13:49
.
Před spuštěním: Volných bajtů: 37 845 958 656
Po spuštění: Volných bajtů: 38 218 018 816
.
- - End Of File - - 97FB0B3D717B6A119BA0D700D8043543
Re: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 17:05
Jak se chova nas pacient 
Re: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 19:56
Pacient se jeví zdráv
Děkuji Vám mnohokrát za Vaše výborné služby !
Děkuji Vám mnohokrát za Vaše výborné služby !
Re: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 20:22
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse Re: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 20:49
Ooops 
po pročištění OTC a naslednem restartu mi neni schopen PC načíst můj profil - hlásí poškození . dá se to nějak vrátit z5 ?
po pročištění OTC a naslednem restartu mi neni schopen PC načíst můj profil - hlásí poškození . dá se to nějak vrátit z5 ?Re: Prosim pomoc- falesny antivirus
Napsal: 28 zář 2012 20:51
Zkuste jeste jeden restart, ale toto by OTC nemel delat - jen maze zalohy pouzitych utilit a utility samotne - do nastaveni profilu nejak nezasahuje