Re: Prosím o kontrolu, file explorer mrzne
Napsal: 04 pro 2012 17:54
Jo, v nouzovém režimu to šlo. Jenom mi hned na začátku vyhodil ať vypnu Aviru, která byla vypnutá (a v nouzovém režimu mi zapnout ani nešla). Tak jsem pokračoval, tentokrát to proběhlo úspěšně.
ComboFix 12-12-02.01 - Administrator . 12. 2012 17:42:01.4.4 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1648 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan\Application Data\inst.exe
c:\documents and settings\Ivan\Application Data\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 16:47 . 2012-04-03 09:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 16:47 . 2012-02-13 13:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 15:11 . 2012-02-13 14:43 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-03 15:09 . 2012-02-13 14:43 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-03 15:09 . 2012-02-13 14:43 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-03 15:09 . 2012-02-13 14:43 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-10-02 18:04 . 2006-02-28 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\documents and settings\Ivan\Application Data\pcouffin.sys
2012-10-27 10:16 . 2012-10-27 10:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-06 4763008]
"Boxoft Tools"="c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-16 452016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-03 2415104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Ivan\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EasySetPackage.lnk - c:\program files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe [2012-2-13 159744]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-13 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-03 366440]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips SA52XX Device Manager.lnk
backup=c:\windows\pss\Philips SA52XX Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-01 03:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 04:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 17:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 23:14 17147528 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2012 17:18 685816]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [13.2.2012 14:51 127744]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.2.2012 15:32 36000]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [13.2.2012 15:43 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [13.2.2012 15:43 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [13.2.2012 15:43 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [13.2.2012 15:43 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12.8.2011 0:38 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14];c:\program files\CyberLink\PowerDVD9\000.fcl [1.3.2009 4:40 87536]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.2.2012 15:32 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2.12.2012 22:05 676936]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [13.2.2012 15:43 216072]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [26.5.2010 4:53 2139400]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1.2.2012 0:09 158856]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [13.2.2012 15:43 4463864]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.sys [13.2.2012 14:47 855808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2.12.2012 22:05 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.9.2012 22:22 47360]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.2.2012 14:42 1691480]
S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [13.2.2012 21:29 16384]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [13.2.2012 21:29 19456]
S3 vtcdrv;Philips SA52xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [29.5.2012 21:39 18560]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.12.50.2 217.12.48.2
TCP: Interfaces\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ydwysbl0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\LG Soft India\EasySetPackage\bin\HOOK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
c:\documents and settings\All Users\Application Data\Boxtools\Toolbox.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
.
**************************************************************************
.
Completion time: 2012-12-04 17:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-04 16:50
ComboFix2.txt 2012-12-03 21:15
.
Pre-Run: 86 101 196 800 bytes free
Post-Run: 14 adresárov, 86 037 385 216 voľných bajtov
.
- - End Of File - - A3C993C9ECF889A022914512E64D527B
ComboFix 12-12-02.01 - Administrator . 12. 2012 17:42:01.4.4 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1648 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivan\Application Data\inst.exe
c:\documents and settings\Ivan\Application Data\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-412668190-725345543-1004UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 16:47 . 2012-04-03 09:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 16:47 . 2012-02-13 13:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 15:11 . 2012-02-13 14:43 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-03 15:09 . 2012-02-13 14:43 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-03 15:09 . 2012-02-13 14:43 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-03 15:09 . 2012-02-13 14:43 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-10-02 18:04 . 2006-02-28 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-09-29 21:22 . 2012-09-29 21:22 47360 ----a-w- c:\documents and settings\Ivan\Application Data\pcouffin.sys
2012-10-27 10:16 . 2012-10-27 10:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-06 4763008]
"Boxoft Tools"="c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-16 452016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-03 2415104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Ivan\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EasySetPackage.lnk - c:\program files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe [2012-2-13 159744]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-2-13 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-03 366440]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips SA52XX Device Manager.lnk
backup=c:\windows\pss\Philips SA52XX Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-03-01 03:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 04:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 17:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 23:14 17147528 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.2.2012 17:18 685816]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [13.2.2012 14:51 127744]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.2.2012 15:32 36000]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [13.2.2012 15:43 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [13.2.2012 15:43 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [13.2.2012 15:43 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [13.2.2012 15:43 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12.8.2011 0:38 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14];c:\program files\CyberLink\PowerDVD9\000.fcl [1.3.2009 4:40 87536]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.2.2012 15:32 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2.12.2012 22:05 676936]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [13.2.2012 15:43 216072]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [26.5.2010 4:53 2139400]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1.2.2012 0:09 158856]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\OAsrv.exe [13.2.2012 15:43 4463864]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.sys [13.2.2012 14:47 855808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2.12.2012 22:05 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.9.2012 22:22 47360]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.2.2012 14:42 1691480]
S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [13.2.2012 21:29 16384]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [13.2.2012 21:29 19456]
S3 vtcdrv;Philips SA52xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [29.5.2012 21:39 18560]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.12.50.2 217.12.48.2
TCP: Interfaces\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ydwysbl0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\LG Soft India\EasySetPackage\bin\HOOK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
c:\documents and settings\All Users\Application Data\Boxtools\Toolbox.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Online Armor\OAhlp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
.
**************************************************************************
.
Completion time: 2012-12-04 17:51:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-04 16:50
ComboFix2.txt 2012-12-03 21:15
.
Pre-Run: 86 101 196 800 bytes free
Post-Run: 14 adresárov, 86 037 385 216 voľných bajtov
.
- - End Of File - - A3C993C9ECF889A022914512E64D527B
Ne vážně, děkuju moc, teď už se dostanu i k filmům bez problémů 
Skutečně jste mi pomohl, děkuju za pomoc a ochotu.