VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

CONFLICKER/WIN32+64

https://forum.viry.cz:443/viewtopic.php?t=101754

Stránka 1 z 1

CONFLICKER/WIN32+64

Napsal: 07 čer 2010 18:42
od lebka75
prosím o pomoc, po zapnutí pc mi naskočí červená obrazovka s tím že mne napadl CONFLICKER/WIN32+64, jak se toho zbavit ??? dík za jakoukoliv pomoc

Re: CONFICKER/WIN32+64

Napsal: 07 čer 2010 18:58
od riffman
zdravim

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 19:24
od lebka75
ComboFix 10-06-07.01 - LEBKA75 07.06.2010 20:16:26.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1589 [GMT 2:00]
Spuštěný z: c:\documents and settings\LEBKA75\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-07 do 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 17:52 . 2010-06-07 17:52 -------- d-----w- c:\program files\ESET
2010-06-07 17:26 . 2010-06-07 17:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-29 14:04 . 2010-05-29 14:04 -------- d-----w- c:\program files\Virtools
2010-05-28 17:25 . 2010-05-28 17:25 -------- d-----w- c:\program files\PowerQuest
2010-05-16 09:00 . 2010-05-16 09:00 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-12 09:32 . 2010-05-12 09:32 -------- d-----w- c:\program files\OpenAL
2010-05-11 09:04 . 2010-05-11 09:04 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 19:07 . 2010-04-13 17:41 -------- d-----w- c:\program files\Driver Checker
2010-05-30 19:06 . 2010-04-13 18:09 -------- d-----w- c:\program files\CCleaner
2010-05-28 17:26 . 2010-04-12 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-24 19:12 . 2010-04-13 18:15 -------- d-----w- c:\program files\Spyware Terminator
2010-05-24 13:49 . 2010-04-13 18:02 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-16 12:20 . 2010-04-15 17:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-16 12:20 . 2010-04-15 17:19 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-16 12:20 . 2010-04-15 17:19 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-16 12:20 . 2010-04-15 18:34 1957672 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-12 09:32 . 2010-04-16 17:31 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-12 09:32 . 2010-04-16 17:31 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-12 07:35 . 2008-04-14 12:00 82598 ----a-w- c:\windows\system32\perfc005.dat
2010-05-12 07:35 . 2008-04-14 12:00 437260 ----a-w- c:\windows\system32\perfh005.dat
2010-05-11 09:04 . 2010-05-07 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-09 17:10 . 2010-04-13 17:51 -------- d-----w- c:\program files\DVDFab Platinum
2010-05-07 17:23 . 2010-05-07 17:23 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-06 20:59 . 2010-04-12 18:14 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-12 18:14 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-12 18:14 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-12 18:14 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-12 18:14 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-12 18:14 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-12 18:14 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-12 18:14 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-28 16:11 . 2010-04-28 16:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-28 16:04 . 2010-04-25 11:16 -------- d-----w- c:\program files\Microsoft Works
2010-04-25 11:15 . 2010-04-17 18:27 -------- d-----w- c:\program files\MSBuild
2010-04-25 11:13 . 2010-04-25 11:13 -------- d-----w- c:\program files\Microsoft.NET
2010-04-25 11:10 . 2010-04-25 11:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-21 09:50 . 2010-04-13 18:19 -------- d-----w- c:\program files\WinClamAVShield
2010-04-18 11:31 . 2010-04-18 11:31 -------- d-----w- c:\program files\Garmin
2010-04-18 11:06 . 2010-04-18 11:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-18 11:05 . 2010-04-18 11:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-18 11:05 . 2010-04-18 11:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-18 11:05 . 2010-04-18 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-18 10:20 . 2010-04-18 10:20 -------- d-----w- c:\program files\DIFX
2010-04-18 10:20 . 2010-04-18 10:20 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-18 10:20 . 2010-04-18 10:20 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-18 10:20 . 2010-04-18 10:19 -------- d-----w- c:\program files\Nokia
2010-04-18 10:20 . 2010-04-18 10:20 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-18 10:18 . 2010-04-18 10:18 -------- d-----w- c:\program files\Samsung
2010-04-18 09:46 . 2010-04-14 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 18:27 . 2010-04-17 18:27 -------- d-----w- c:\program files\Reference Assemblies
2010-04-17 17:17 . 2010-06-07 17:25 183310 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-04-17 17:17 . 2010-04-12 17:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-17 17:17 . 2010-04-12 17:10 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-04-17 17:16 . 2010-04-12 17:10 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-04-16 18:18 . 2010-04-16 18:18 -------- d-----w- c:\program files\Futuremark
2010-04-14 17:27 . 2010-04-14 17:27 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-14 17:27 . 2010-04-14 17:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-14 17:23 . 2010-04-14 17:23 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-14 16:47 . 2010-04-12 18:14 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 15:44 . 2010-04-14 15:44 -------- d-----w- c:\program files\MSXML 4.0
2010-04-13 18:32 . 2010-04-13 18:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 18:32 . 2010-04-13 18:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-13 18:32 . 2010-04-13 18:32 -------- d-----w- c:\program files\Java
2010-04-13 18:15 . 2010-04-13 18:15 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-13 18:11 . 2010-04-13 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 18:04 . 2010-04-13 18:04 -------- d-----w- c:\program files\Zoner
2010-04-13 18:02 . 2010-04-13 18:02 88 --sh--r- c:\windows\system32\1C464D94E6.sys
2010-04-13 18:01 . 2010-04-12 17:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-13 18:01 . 2010-04-13 18:01 -------- d-----w- c:\program files\Common Files\Corel
2010-04-13 18:01 . 2010-04-13 17:59 -------- d-----w- c:\program files\Corel
2010-04-13 17:52 . 2010-04-13 17:52 -------- d-----w- c:\program files\DVD Region+CSS Free
2010-04-13 17:52 . 2010-04-13 17:52 44096 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2010-04-13 17:19 . 2010-04-13 17:19 -------- d-----w- c:\program files\ATI
2010-04-13 17:07 . 2010-04-13 17:07 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-04-13 17:07 . 2010-04-13 17:07 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-04-13 17:02 . 2010-04-13 17:16 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-04-13 17:02 . 2010-04-13 17:16 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-04-13 16:57 . 2010-04-13 16:57 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-04-13 16:57 . 2010-04-13 16:57 39424 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-04-13 16:57 . 2010-04-13 16:57 40192 ----a-w- c:\windows\system32\drivers\vIdePort.sys
2010-04-13 16:57 . 2010-04-13 16:57 25600 ----a-w- c:\windows\system32\vIdeInst.dll
2010-04-13 16:57 . 2010-04-13 16:57 204800 ----a-w- c:\windows\system32\VProPage.dll
2010-04-13 16:57 . 2010-04-13 16:57 15232 ----a-w- c:\windows\system32\drivers\vIdeBus.sys
2010-04-13 16:13 . 2010-04-13 16:13 -------- d-----w- c:\program files\MWSnap
2010-04-13 16:11 . 2010-04-13 15:50 94268 ----a-w- c:\windows\HPHins03.dat
2010-04-13 16:09 . 2010-04-13 16:09 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-13 16:09 . 2010-04-13 15:54 -------- d-----w- c:\program files\HP
2010-04-13 16:06 . 2010-04-13 16:06 -------- d-----w- c:\program files\Common Files\HP
2010-04-13 15:16 . 2010-04-13 15:16 -------- d-----w- c:\program files\DVD Shrink
2010-04-13 15:10 . 2010-04-13 15:10 -------- d-----w- c:\program files\Elaborate Bytes
2010-04-13 13:40 . 2010-04-13 13:40 -------- d-----w- c:\program files\Ahead
2010-04-13 13:40 . 2010-04-13 13:40 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-13 13:34 . 2010-04-13 13:34 -------- d-----w- c:\program files\VideoLAN
2010-04-13 13:28 . 2010-04-13 13:28 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-12 18:14 . 2010-04-12 18:14 -------- d-----w- c:\program files\Alwil Software
2010-04-12 17:51 . 2010-04-12 17:51 0 ----a-w- c:\windows\nsreg.dat
2010-04-12 17:42 . 2010-04-12 17:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-12 17:41 . 2010-04-12 17:36 -------- d-----w- c:\program files\ATI Technologies
2010-04-12 17:40 . 2010-04-12 17:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-12 17:33 . 2010-04-12 17:33 -------- d-----w- c:\program files\VIA
2010-04-12 17:32 . 2010-04-12 17:32 -------- d-----w- c:\program files\Realtek Sound Manager
2010-04-12 17:32 . 2010-04-12 17:32 -------- d-----w- c:\program files\AvRack
2010-04-12 17:31 . 2010-04-12 17:31 -------- d-----w- c:\program files\Gigabyte
2010-04-12 17:11 . 2010-04-12 17:11 -------- d-----w- c:\program files\microsoft frontpage
2010-04-12 17:07 . 2010-04-12 17:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-29 22:46 . 2010-04-13 18:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-13 18:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-13 3037696]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-05 98304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-13 2176512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2002-12-02 14:17 73728 ----a-w- c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"d:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.4.2010 19:33 75904]
R0 vIdeBus;vIdeBus;c:\windows\system32\drivers\vIdeBus.sys [13.4.2010 18:57 15232]
R0 vIdePort;VIA IDE Controller PORT Driver;c:\windows\system32\drivers\vIdePort.sys [13.4.2010 18:57 40192]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.4.2010 20:14 164048]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.4.2010 20:15 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.4.2010 20:14 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.4.2010 19:23 717296]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-06 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Steam - d:\program files\Steam\Steam.exe
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
AddRemove-Samsung Mobile phone USB driver - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
AddRemove-SAMSUNG Mobile USB Modem - c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
AddRemove-SAMSUNG Mobile USB Modem 1.0 - c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 20:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-362288127-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:68,d2,99,56,7a,57,8f,32,bb,6c,8b,c4,9b,25,54,8a,ff,8d,39,ce,e4,
9d,89,f8,71,56,42,91,d6,f1,12,f2,71,82,19,56,67,59,24,56,1e,ac,f5,76,78,b6,\
"rkeysecu"=hex:c8,86,ac,0d,a0,33,46,94,48,c8,20,7f,5d,3e,da,39
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-07 20:21:08
ComboFix-quarantined-files.txt 2010-06-07 18:21

Před spuštěním: Volných bajtů: 25 068 535 808
Po spuštění: Volných bajtů: 25 106 898 944

- - End Of File - - 4624357B08DC0BEC94735754087EE692

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 19:36
od riffman
nemuzu si pomoci, ja zadneho Confickera nevidim

ta cervena hlaska - to je hlaska souvisejici s Esetem?

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 19:46
od lebka75
nepoužívám eset

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 19:51
od riffman
proboha, co kdybyste byl trosku komunikativnejsi a sdelil mi, ceho se ta cervena hlaska tyka... :???: :?:

stahnete OTL

po stazeni kliknete na tlacitko Prohledat, nechte to makat, az to dobehne, vysype to log, jeho obsah sem :)

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 20:05
od lebka75
tak log už to dělá a posílám obrázek toho co mi tam naskočilo

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 20:07
od lebka75
OTL logfile created on: 7.6.2010 20:55:10 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\LEBKA75\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,52 Gb Total Space | 23,41 Gb Free Space | 59,23% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 38,69 Gb Free Space | 53,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VSIROTEK-00A936
Current User Name: LEBKA75
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.07 20:54:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEBKA75\Plocha\OTL.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.13 20:15:52 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009.10.26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.06.07 20:54:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEBKA75\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.04.13 20:15:52 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2004.03.18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.04.14 19:23:17 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.13 20:15:52 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.04.13 19:07:41 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2010.04.13 18:57:15 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010.04.13 18:57:13 | 000,040,192 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vIdePort.sys -- (vIdePort)
DRV - [2010.04.13 18:57:13 | 000,015,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vIdeBus.sys -- (vIdeBus)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.06 07:59:12 | 004,069,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004.01.09 17:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.12.11 17:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.08.13 09:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.07.01 22:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.12 12:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003.03.14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.11.29 13:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002.11.28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.12 20:22:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.25 13:16:09 | 000,000,000 | ---D | M]

[2010.04.12 19:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEBKA75\Data aplikací\Mozilla\Extensions
[2010.06.07 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\extensions
[2010.04.18 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.04.14 19:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\extensions\DTToolbar@toolbarnet.com
[2010.04.14 19:27:19 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Data aplikací\Mozilla\Firefox\Profiles\k9h56ier.default\searchplugins\daemon-search.xml
[2010.06.07 20:33:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.12 19:11:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.07 20:54:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LEBKA75\Plocha\OTL.exe
[2010.06.07 20:15:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.07 20:15:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.07 20:15:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.07 20:15:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.07 20:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.07 20:12:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.07 19:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.06.07 19:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NOS
[2010.06.07 19:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.05.31 12:11:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LEBKA75\Recent
[2010.05.29 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEBKA75\Local Settings\Data aplikací\3DVIA
[2010.05.29 16:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools
[2010.05.28 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010.05.28 16:46:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LEBKA75\Data aplikací\SecuROM
[2010.05.16 14:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEBKA75\Local Settings\Data aplikací\GameSpy
[2010.05.16 14:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\TimeGate Studios
[2010.05.16 11:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Monolith Productions
[2010.05.16 11:00:07 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.05.12 11:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEBKA75\Dokumenty\Codemasters
[2010.05.12 11:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Codemasters
[2010.05.12 11:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010.05.11 11:04:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\AC54E5443E42443CA91DA00A6974C592.TMP
[2010.05.09 19:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LEBKA75\Data aplikací\VSO_HWE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.07 21:02:03 | 000,018,638 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Plocha\vir.jpg
[2010.06.07 20:54:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LEBKA75\Plocha\OTL.exe
[2010.06.07 20:21:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.07 20:19:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.07 20:14:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.07 20:14:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.07 20:14:19 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.06.07 20:13:28 | 003,792,896 | ---- | M] () -- C:\Documents and Settings\LEBKA75\ntuser.dat
[2010.06.07 20:13:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LEBKA75\ntuser.ini
[2010.06.07 20:02:52 | 003,704,251 | R--- | M] () -- C:\Documents and Settings\LEBKA75\Plocha\ComboFix.exe
[2010.06.07 19:52:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Plocha\esetsmartinstaller_csy.exe
[2010.06.07 18:00:23 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\LEBKA75\Local Settings\Data aplikací\IconCache.db
[2010.06.06 20:14:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010.06.04 23:28:51 | 000,000,601 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.04 23:06:30 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Plocha\Microsoft Office Word 2007.lnk
[2010.06.04 23:05:44 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Plocha\1.5.2010.XLS
[2010.05.30 16:39:04 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.29 21:08:33 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.29 20:50:06 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.24 15:49:05 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.05.17 15:40:55 | 000,068,016 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.17 15:39:09 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.16 18:04:09 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010.05.16 14:20:55 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.05.16 14:20:55 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\LEBKA75\Data aplikací\PnkBstrK.sys
[2010.05.16 14:20:37 | 001,957,672 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.05.16 12:56:45 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2010.05.16 11:00:07 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010.05.12 11:32:33 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.05.12 11:32:33 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010.05.12 09:35:27 | 000,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.12 09:35:26 | 000,437,260 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.12 09:35:26 | 000,082,598 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.12 09:35:26 | 000,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.12 09:35:22 | 001,045,986 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.09 18:57:33 | 000,000,118 | ---- | M] () -- C:\WINDOWS\DVDFabGold.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.07 21:02:03 | 000,018,638 | ---- | C] () -- C:\Documents and Settings\LEBKA75\Plocha\vir.jpg
[2010.06.07 20:15:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.07 20:15:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.07 20:15:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.07 20:15:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.07 20:15:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.07 20:02:48 | 003,704,251 | R--- | C] () -- C:\Documents and Settings\LEBKA75\Plocha\ComboFix.exe
[2010.06.07 19:52:03 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\LEBKA75\Plocha\esetsmartinstaller_csy.exe
[2010.06.06 10:32:52 | 003,792,896 | ---- | C] () -- C:\Documents and Settings\LEBKA75\ntuser.dat
[2010.06.04 23:05:44 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\LEBKA75\Plocha\1.5.2010.XLS
[2010.05.16 18:04:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010.05.09 18:57:26 | 000,000,118 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2010.04.18 11:47:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.04.16 19:25:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2010.04.15 19:19:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.04.13 20:40:48 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.04.13 20:15:52 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.13 20:02:50 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.04.13 20:02:50 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1C464D94E6.sys
[2010.04.13 19:53:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2010.04.13 19:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010.04.13 19:07:41 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.04.13 18:57:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\VProPage.dll
[2010.04.13 17:14:31 | 000,000,601 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.04.13 15:41:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.12 19:32:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010.04.12 19:32:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
< End of report >

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 20:07
od lebka75
OTL Extras logfile created on: 7.6.2010 20:55:10 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\LEBKA75\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,52 Gb Total Space | 23,41 Gb Free Space | 59,23% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 38,69 Gb Free Space | 53,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VSIROTEK-00A936
Current User Name: LEBKA75
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
"D:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe" = D:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"D:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = D:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Codemasters\GRID\GRID.exe" = D:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters)
"D:\Program Files\Sierra\FEAR\FEAR.exe" = D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09A3F76B-448B-9FBB-69E6-B24F7EE8453F}" = CCC Help Finnish
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A3E7731-DB4C-3CAD-93AE-C0E12876C088}" = CCC Help Chinese Standard
"{1E249838-D27F-4C11-8C62-0D1CACCFC7EB}" = Disney-Pixar VALL-I
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29DBCCE0-FD6C-8D6F-95CB-0A3177724F95}" = Catalyst Control Center Localization All
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F4E58C8-F164-1A77-4520-33D375E6760B}" = CCC Help Turkish
"{33047FEC-7726-8E9A-5761-4C24E40DE0A7}" = CCC Help Thai
"{33EF5A64-2C13-0178-9FD3-2931441FD022}" = CCC Help Norwegian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399240F4-2840-22F2-5A93-DD7C5EF82B3F}" = Catalyst Control Center Core Implementation
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E0D4FC1-AF9E-BB44-2E17-872B462646FF}" = ATI Catalyst Install Manager
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{44734967-0D28-FF09-532C-A0B5E2A99329}" = Catalyst Control Center Graphics Previews Common
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5A0A99-ACDA-0745-CCF7-6C6C7D4932EE}" = CCC Help Danish
"{4E77689F-1A5E-0BB7-863C-5B060687260F}" = CCC Help Korean
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4F50C25D-9236-42EE-86A4-F0BC39A543AE}" = TOPO Czech 3 PRO
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5744B058-40F2-E507-30A4-25454AAC3163}" = Catalyst Control Center Graphics Light
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66D6418E-466C-4567-B4E8-2CB29F5566DE}" = Adresy CR v1
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D01427-57EC-4179-815C-18ED0D461107}" = ATI AVIVO Codecs
"{7BE0F9ED-FA70-A163-BC08-BCB78998F1FD}" = CCC Help French
"{7D07969E-8D68-6B97-1047-C14CA878D22E}" = ccc-utility
"{7EEB3B87-546E-332C-A0D1-FCEFAB8BA846}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8513138B-B1AD-C7F0-27CE-265743E0A372}" = CCC Help Polish
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91C297F9-4DE8-55E5-A59C-944A46E448FD}" = ccc-core-static
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{96534AFD-A6EE-57BE-596D-0ADBE1730EDB}" = CCC Help Japanese
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E6894B0-51DE-424E-BCDE-2ABADC5651A1}" = PS7400
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F95D1FB-7B6A-6375-3B16-89CBD41E3303}" = CCC Help Greek
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AAAE1BE4-32AA-B7B2-CA44-76B83C72EA3A}" = CCC Help Italian
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series (csy)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AE0C5DC1-F15C-06E0-D000-A6E362C75FC7}" = CCC Help English
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B6C41637-A48E-AFD4-3686-A69407ED8F61}" = ccc-core-preinstall
"{BC816308-4334-CB7B-4AD6-59E2828617AE}" = Catalyst Control Center Graphics Full Existing
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF36A0F8-F0A2-2D0B-8F4C-5F3B1E53792F}" = CCC Help Chinese Traditional
"{BFE09DB8-746C-59B2-56C5-98D79EF1A121}" = CCC Help German
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C562EEB0-1DAF-ECC0-5ECD-BC2864303BF5}" = CCC Help Hungarian
"{C6DA9A9A-00FE-8F55-6DFC-75DFDF747B2C}" = CCC Help Dutch
"{C72BEFB7-6EAE-AFCD-0EF9-3684B8DA82A8}" = CCC Help Czech
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE360CC9-A690-1AC9-20DB-064D48329969}" = CCC Help Spanish
"{D0403C9C-0640-4C4B-89B5-57E2A0B36D1D}" = Atlas Czech 8NT
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4B1CBFD-84BB-57D7-16C1-4108D90A5F20}" = CCC Help Swedish
"{D5EFDB59-B5A2-E235-D66A-B87951943F81}" = Catalyst Control Center HydraVision Full
"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
"{E451B37E-5813-A6AD-1C95-E13C7F793FD2}" = CCC Help Russian
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EFFEB379-D611-003B-265A-F91F73BEA044}" = CCC Help Portuguese
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Checker_is1" = Driver Checker v2.7.3
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.4.0
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 2.9.5.5
"Enable S3 for USB Device" = Enable S3 for USB Device
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Spyware Terminator_is1" = Spyware Terminator
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZonerPhotoStudio11_CZ_is1" = Zoner Photo Studio 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.6.2010 6:03:45 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:11:28 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:12:36 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:12:55 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:13:22 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:18:48 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:19:58 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:21:30 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:21:47 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace shift.exe, verze 1.0.1.0, chybující modul shift.exe,
verze 1.0.1.0, adresa chyby 0x0098cdf7.

Error - 4.6.2010 17:43:11 | Computer Name = VSIROTEK-00A936 | Source = Application Error | ID = 1000
Description = Chybující aplikace grid.exe, verze 1.0.0.0, chybující modul grid.exe,
verze 1.0.0.0, adresa chyby 0x0046d559.

[ System Events ]
Error - 7.6.2010 12:35:53 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7.6.2010 12:36:44 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 7.6.2010 12:38:17 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7.6.2010 12:40:01 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 7.6.2010 13:11:32 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7.6.2010 13:13:08 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7.6.2010 13:25:06 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7.6.2010 13:25:14 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7.6.2010 13:26:07 | Computer Name = VSIROTEK-00A936 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7.6.2010 13:38:45 | Computer Name = VSIROTEK-00A936 | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.


< End of report >

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 20:15
od riffman
stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem :)

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 20:20
od lebka75
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-07 21:20:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\kgpdqfow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA636DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA636D8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA636DA24]
Code \??\C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Re: CONFLICKER/WIN32+64

Napsal: 07 čer 2010 21:52
od lebka75
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 22:53:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\kgpdqfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA6360C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA6360B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA63610EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA6361014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA636070C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA6360C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA636064C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA63606B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA6360D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA63611B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA6360CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA6360E70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA636DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA636D8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA636DA24]
Code \??\C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAA63610
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP A636DA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP A636D8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP A6369536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP A636AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP A636DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB2A2B000, 0x22ABE7, 0xE8000020]
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB270C510]
? C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !
? C:\DOCUME~1\LEBKA75\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\WINDOWS\explorer.exe[3868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[760] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0x97 0x39 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0xE1 0x5A 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0x8F 0x72 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0x97 0x39 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x28 0xE1 0x5A 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2B 0x8F 0x72 0x4E ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LEBKA75\Local Settings\temp\NODA5A9.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Re: CONFLICKER/WIN32+64

Napsal: 08 čer 2010 08:55
od riffman
v mem podpisu najdete odkaz SUPERAntispyware ; stahnete, nainstalujte jej a provedte kompletni sken dle navodu v odkazu

vysledky sem

Re: CONFLICKER/WIN32+64

Napsal: 08 čer 2010 16:39
od lebka75
tak sken proveden, výsledek NENALEZENA ŽÁDNÁ HROZBA, tak nevím kde se mi to v compu vzalo a jestli to tím obnovením systému v nouzovém režimu úplně zmizelo. Zatím vypadá vše v pořádku. Moc děkuji za váš čas a ochotu :worship:

Re: CONFLICKER/WIN32+64

Napsal: 08 čer 2010 19:08
od riffman
nemate zac :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz