Dobry vecer potřebovala bzch pomoc odsrtanit vir z pocitace.Po pár radách z vašeho servru přikládám výpis z RSIT.
Předem dik za pomoc
Logfile of random's system information tool 1.08 (written by random/random)
Run by bashkim at 2010-07-28 23:50:41
WIN_VISTA Service Pack 2
System drive C: has 161 GB (70%) free of 231 GB
Total RAM: 2046 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:45, on 28.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\bashkim\Downloads\RSIT.exe
C:\Program Files\trend micro\bashkim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10702 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{98A4EB86-9BC5-4C8D-9424-FDF284AEF3F8}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-28 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-24 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"CognizanceTS"=c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-28 202256]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-10-03 13826664]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-07-28 23:50:42 ----D---- C:\Program Files\trend micro
2010-07-28 23:50:41 ----D---- C:\rsit
2010-07-28 23:47:10 ----AD---- C:\Windows\rundll16.exe
2010-07-28 23:47:10 ----AD---- C:\Windows\logo1_.exe
2010-07-28 21:46:16 ----AD---- C:\Windows\VDLL.DLL
2010-07-28 21:46:16 ----AD---- C:\Windows\system32\runouce.exe
2010-07-28 21:46:16 ----AD---- C:\Windows\RUNDL132.EXE
2010-07-28 21:46:16 ----AD---- C:\Windows\logo_1.exe
2010-07-28 21:43:21 ----A---- C:\Windows\system32\msvcr80.dll
2010-07-28 21:43:20 ----A---- C:\Windows\system32\msvcp80.dll
2010-07-28 21:43:19 ----A---- C:\Windows\system32\eEmpty.exe
2010-07-28 21:43:14 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-28 21:43:11 ----D---- C:\ProgramData\MicroWorld
2010-07-28 20:52:55 ----SHD---- C:\$RECYCLE.BIN
2010-07-28 20:52:53 ----D---- C:\Windows\temp
2010-07-28 20:52:52 ----A---- C:\ComboFix.txt
2010-07-28 20:39:26 ----D---- C:\ComboFix
2010-07-28 20:39:01 ----A---- C:\Windows\SWXCACLS.exe
2010-07-28 20:19:36 ----A---- C:\Windows\zip.exe
2010-07-28 20:19:36 ----A---- C:\Windows\SWSC.exe
2010-07-28 20:19:36 ----A---- C:\Windows\SWREG.exe
2010-07-28 20:19:36 ----A---- C:\Windows\sed.exe
2010-07-28 20:19:36 ----A---- C:\Windows\PEV.exe
2010-07-28 20:19:36 ----A---- C:\Windows\NIRCMD.exe.mwt
2010-07-28 20:19:36 ----A---- C:\Windows\MBR.exe
2010-07-28 20:19:36 ----A---- C:\Windows\grep.exe
2010-07-28 20:19:26 ----D---- C:\Windows\ERDNT
2010-07-28 20:18:17 ----D---- C:\Qoobox
2010-07-27 22:46:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-27 22:46:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-27 21:31:31 ----D---- C:\Users\bashkim\AppData\Roaming\Malwarebytes
2010-07-27 21:31:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-27 21:31:20 ----D---- C:\ProgramData\Malwarebytes
2010-07-27 21:31:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-27 21:31:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-27 18:13:58 ----D---- C:\ProgramData\Panda Software
2010-07-27 01:04:40 ----D---- C:\ProgramData\Backup
2010-07-27 00:17:01 ----D---- C:\Program Files\DVDVideoSoftTB
2010-07-27 00:16:59 ----D---- C:\Users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-27 00:16:42 ----D---- C:\Program Files\DVDVideoSoft
2010-07-26 22:06:35 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 22:25:27 ----D---- C:\Users\bashkim\AppData\Roaming\Tific
2010-07-24 20:17:48 ----D---- C:\Windows\system32\N360_BACKUP
2010-07-24 14:01:18 ----D---- C:\ProgramData\Norton
2010-07-24 14:01:08 ----D---- C:\ProgramData\NortonInstaller
2010-07-24 13:32:23 ----D---- C:\Users\bashkim\AppData\Roaming\Download Manager
2010-07-08 16:13:04 ----D---- C:\Program Files\ScreensCorner
2010-07-05 03:22:09 ----D---- C:\Users\bashkim\AppData\Roaming\ARGELA
2010-07-05 01:20:32 ----D---- C:\Users\bashkim\AppData\Roaming\Globe7
2010-07-04 19:47:34 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-04 19:45:54 ----D---- C:\Program Files\Microsoft Application Virtualization Client
2010-07-04 19:32:12 ----D---- C:\Users\bashkim\AppData\Roaming\TP
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2010-07-04 16:48:09 ----A---- C:\Windows\system32\BtwRSupport.dll
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-MX
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-AR
2010-07-03 00:59:50 ----D---- C:\Program Files\Alwil Software
2010-07-02 02:35:11 ----D---- C:\Windows\system32\WindowsPowerShell
2010-07-02 02:33:48 ----A---- C:\Windows\system32\winrsmgr.dll
2010-07-02 02:33:33 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-07-02 02:33:33 ----A---- C:\Windows\system32\winrshost.exe
2010-07-02 02:33:33 ----A---- C:\Windows\system32\winrs.exe
2010-07-02 02:33:32 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-07-02 02:33:32 ----A---- C:\Windows\system32\winrssrv.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\WsmRes.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wevtfwd.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecutil.exe
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecsvc.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecapi.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-07-02 02:33:21 ----A---- C:\Windows\system32\winrm.vbs
2010-07-02 02:33:17 ----A---- C:\Windows\system32\WsmAuto.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-07-02 02:33:16 ----A---- C:\Windows\system32\winrscmd.dll
2010-07-02 02:33:15 ----A---- C:\Windows\system32\WsmSvc.dll
2010-07-02 01:49:41 ----A---- C:\Windows\system32\javaws.exe
2010-07-02 01:49:41 ----A---- C:\Windows\system32\javaw.exe
2010-07-02 01:49:41 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-02 01:49:40 ----A---- C:\Windows\system32\java.exe
2010-07-02 01:30:49 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-02 01:30:49 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-02 01:30:49 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-02 01:30:49 ----A---- C:\Windows\system32\mscoree.dll
2010-07-02 01:30:48 ----A---- C:\Windows\system32\dfshim.dll
2010-07-02 00:43:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-07-02 00:43:31 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-07-01 21:20:28 ----D---- C:\Users\bashkim\AppData\Roaming\Uniblue
2010-07-01 21:05:54 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
======List of files/folders modified in the last 1 months======
2010-07-28 23:50:42 ----D---- C:\Program Files
2010-07-28 23:47:10 ----D---- C:\Windows
2010-07-28 23:32:40 ----D---- C:\Windows\tracing
2010-07-28 23:31:27 ----D---- C:\Windows\SMINST
2010-07-28 21:46:16 ----D---- C:\Windows\System32
2010-07-28 21:43:14 ----D---- C:\Program Files\Common Files
2010-07-28 21:43:11 ----D---- C:\ProgramData
2010-07-28 20:52:00 ----D---- C:\Windows\Tasks
2010-07-28 20:49:25 ----A---- C:\Windows\system.ini
2010-07-28 20:45:42 ----D---- C:\Windows\system32\drivers
2010-07-28 20:45:42 ----D---- C:\Windows\AppPatch
2010-07-28 20:19:28 ----D---- C:\Windows\Prefetch
2010-07-28 00:48:35 ----SHD---- C:\System Volume Information
2010-07-28 00:47:41 ----D---- C:\Windows\system32\catroot2
2010-07-27 22:39:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-27 22:39:09 ----D---- C:\Windows\system32\drivers\etc
2010-07-27 22:36:27 ----SHD---- C:\Windows\Installer
2010-07-27 22:35:14 ----D---- C:\Windows\system32\catroot
2010-07-27 22:35:13 ----D---- C:\Windows\inf
2010-07-27 01:54:36 ----D---- C:\Program Files\Winamp
2010-07-27 01:16:39 ----A---- C:\Windows\win.ini
2010-07-27 00:16:56 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-07-26 22:06:44 ----D---- C:\Users\bashkim\AppData\Roaming\Mozilla
2010-07-26 15:32:32 ----D---- C:\Windows\system32\Tasks
2010-07-26 15:30:58 ----D---- C:\ProgramData\Yahoo!
2010-07-26 15:30:58 ----D---- C:\Program Files\Yahoo!
2010-07-26 08:22:17 ----D---- C:\Windows\system32\config
2010-07-26 08:22:07 ----D---- C:\Windows\system32\spool
2010-07-26 08:22:07 ----D---- C:\Windows\system32\Msdtc
2010-07-26 08:22:05 ----D---- C:\Windows\registration
2010-07-26 08:18:05 ----D---- C:\Windows\system32\LogFiles
2010-07-26 01:15:56 ----D---- C:\Users\bashkim\AppData\Roaming\Hewlett-Packard
2010-07-26 00:59:51 ----D---- C:\Windows\rescache
2010-07-26 00:43:46 ----D---- C:\Windows\winsxs
2010-07-26 00:41:01 ----D---- C:\Windows\system32\drivers\en-US
2010-07-26 00:39:40 ----D---- C:\Windows\system32\wbem
2010-07-25 23:38:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-25 23:38:01 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-25 16:11:11 ----D---- C:\SwSetup
2010-07-24 23:44:30 ----SD---- C:\ProgramData\Microsoft
2010-07-23 00:40:30 ----D---- C:\ProgramData\LightScribe
2010-07-21 09:54:14 ----D---- C:\Windows\Minidump
2010-07-21 09:54:14 ----D---- C:\Windows\Debug
2010-07-18 18:21:48 ----D---- C:\Program Files\Microsoft Office
2010-07-18 18:21:48 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-16 19:08:01 ----D---- C:\DVDVideoSoft
2010-07-15 00:09:19 ----D---- C:\Program Files\Windows Mail
2010-07-13 14:45:42 ----D---- C:\Users\bashkim\AppData\Roaming\vlc
2010-07-04 19:46:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-04 16:47:40 ----D---- C:\Windows\system32\zh-TW
2010-07-04 16:47:40 ----D---- C:\Windows\system32\zh-CN
2010-07-04 16:47:40 ----D---- C:\Windows\system32\sv-SE
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ru-RU
2010-07-04 16:47:40 ----D---- C:\Windows\system32\pt-BR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\pl-PL
2010-07-04 16:47:40 ----D---- C:\Windows\system32\nl-NL
2010-07-04 16:47:40 ----D---- C:\Windows\system32\nb-NO
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ko-KR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ja-JP
2010-07-04 16:47:40 ----D---- C:\Windows\system32\it-IT
2010-07-04 16:47:40 ----D---- C:\Windows\system32\fr-FR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-ES
2010-07-04 16:47:39 ----D---- C:\Windows\system32\fi-FI
2010-07-04 16:47:39 ----D---- C:\Windows\system32\en-US
2010-07-04 16:47:39 ----D---- C:\Windows\system32\de-DE
2010-07-04 16:47:39 ----D---- C:\Windows\system32\da-DK
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-07-02 03:55:08 ----D---- C:\Windows\Microsoft.NET
2010-07-02 03:55:04 ----RSD---- C:\Windows\assembly
2010-07-02 03:19:12 ----D---- C:\ProgramData\NVIDIA
2010-07-02 02:35:15 ----D---- C:\Windows\PolicyDefinitions
2010-07-02 02:27:09 ----D---- C:\Users\bashkim\AppData\Roaming\Skype
2010-07-02 01:49:35 ----D---- C:\Program Files\Java
2010-07-02 01:34:05 ----D---- C:\Windows\ehome
2010-07-02 00:25:09 ----D---- C:\Users\bashkim\AppData\Roaming\HpUpdate
2010-07-02 00:16:15 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-02 00:16:02 ----D---- C:\Program Files\Windows Live SkyDrive
2010-07-02 00:16:00 ----D---- C:\Program Files\CCleaner
2010-07-01 15:01:42 ----D---- C:\Windows\Logs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2008-12-08 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\Windows\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2008-12-08 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2008-12-08 104960]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir v pocitaci malware.Win 32
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
Základním nedostatkem je provést sken ComboFix před RSITem. Tím bezpečně zničíte všechny stopy a navíc za určitých okolností riskujete pád systému. Dejte log z ComboFix, je uložen v C:\combofix.txt .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
Dekuji za pomoc a prikladam log
ComboFix 10-07-27.05 - bashkim 28.07.2010 20:41:07.2.2 - x86
Spuštěný z: c:\users\bashkim\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 18:49 . 2010-07-28 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 20:46 . 2010-07-27 21:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-27 20:46 . 2010-07-27 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\users\bashkim\AppData\Roaming\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\programdata\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 16:13 . 2010-07-27 16:13 -------- d-----w- c:\programdata\Panda Software
2010-07-26 23:04 . 2010-07-26 23:04 -------- d-----w- c:\programdata\Backup
2010-07-26 22:17 . 2010-07-26 22:17 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-25 20:38 . 2010-07-26 10:42 -------- d-----w- c:\users\bashkim\AppData\Local\CrashDumps
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Roaming\Tific
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Local\Symantec
2010-07-24 18:17 . 2010-07-24 18:17 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-07-24 12:01 . 2010-07-25 21:40 -------- d-----w- c:\programdata\Norton
2010-07-24 12:01 . 2010-07-24 12:01 -------- d-----w- c:\programdata\NortonInstaller
2010-07-24 11:32 . 2010-07-24 11:32 -------- d-----w- c:\users\bashkim\AppData\Roaming\Download Manager
2010-07-22 23:33 . 2010-07-22 23:33 -------- d-----w- c:\users\bashkim\AppData\Local\MigWiz
2010-07-08 14:13 . 2010-07-08 14:13 -------- d-----w- c:\program files\ScreensCorner
2010-07-05 01:22 . 2010-07-05 01:22 -------- d-----w- c:\users\bashkim\AppData\Roaming\ARGELA
2010-07-04 23:20 . 2010-07-04 23:20 -------- d-----w- c:\users\bashkim\AppData\Roaming\Globe7
2010-07-04 17:45 . 2010-07-04 17:47 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-07-04 17:32 . 2010-07-04 17:48 -------- d-----w- c:\users\bashkim\AppData\Roaming\TP
2010-07-04 14:48 . 2007-12-12 11:12 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-07-04 14:48 . 2007-12-12 11:12 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-07-04 14:48 . 2007-12-12 11:12 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-07-04 14:48 . 2007-12-12 11:12 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-MX
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-AR
2010-07-02 22:59 . 2010-07-02 22:59 -------- d-----w- c:\program files\Alwil Software
2010-07-01 23:49 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 23:30 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-01 23:30 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-01 23:30 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-01 23:30 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-01 23:30 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-01 22:43 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-01 22:43 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-07-01 19:20 . 2010-07-05 00:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\Uniblue
2010-07-01 19:06 . 2010-07-01 19:06 -------- d-----w- c:\users\bashkim\AppData\Local\Microsoft Corporation
2010-07-01 19:05 . 2010-07-01 19:16 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-01 13:00 . 2010-07-01 13:00 -------- d-----w- c:\users\bashkim\Office Genuine Advantage
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\bashkim\AppData\Local\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:31 . 2009-10-04 15:41 32061 ----a-w- c:\programdata\nvModes.dat
2010-07-27 23:07 . 2008-01-30 08:12 14908 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 20:39 . 2007-08-19 00:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 23:54 . 2010-05-28 20:45 -------- d-----w- c:\program files\Winamp
2010-07-26 22:16 . 2010-02-02 18:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-26 13:30 . 2009-07-01 13:04 -------- d-----w- c:\programdata\Yahoo!
2010-07-26 13:30 . 2008-02-02 14:55 -------- d-----w- c:\program files\Yahoo!
2010-07-25 23:15 . 2008-01-29 18:36 -------- d-----w- c:\users\bashkim\AppData\Roaming\Hewlett-Packard
2010-07-25 21:38 . 2007-08-19 00:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-22 22:40 . 2009-05-24 20:14 -------- d-----w- c:\programdata\LightScribe
2010-07-21 08:12 . 2008-02-27 09:47 7808 ----a-w- c:\users\bashkim\AppData\Local\d3d9caps.dat
2010-07-21 08:10 . 2008-01-29 18:50 86328 ----a-w- c:\users\bashkim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 12:45 . 2010-05-28 21:24 -------- d-----w- c:\users\bashkim\AppData\Roaming\vlc
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-02 01:19 . 2009-10-04 15:48 -------- d-----w- c:\programdata\NVIDIA
2010-07-02 00:27 . 2010-06-01 13:40 -------- d-----w- c:\users\bashkim\AppData\Roaming\Skype
2010-07-01 23:49 . 2007-08-19 01:41 -------- d-----w- c:\program files\Java
2010-07-01 22:25 . 2009-09-09 21:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\HpUpdate
2010-07-01 22:16 . 2009-06-30 14:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 22:16 . 2008-10-20 18:59 -------- d-----w- c:\program files\CCleaner
2010-06-27 16:32 . 2009-10-22 15:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-16 19:43 . 2010-06-16 19:11 -------- d-----w- c:\programdata\TuneUp Software
2010-06-16 19:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-16 19:12 . 2010-06-16 19:12 -------- d-----w- c:\users\bashkim\AppData\Roaming\TuneUp Software
2010-06-16 19:06 . 2008-01-30 00:56 -------- d-----w- c:\programdata\Skype
2010-06-16 08:39 . 2010-06-16 08:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-07 14:02 . 2008-12-28 23:01 -------- d-----w- c:\users\bashkim\AppData\Roaming\skypePM
2010-06-05 08:33 . 2008-10-20 19:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 21:09 . 2010-06-04 21:02 -------- d-----w- c:\users\bashkim\AppData\Roaming\FreeBurner
2010-06-04 21:02 . 2010-06-04 21:02 -------- d-----w- c:\program files\Free Easy Burner
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\programdata\Nero
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\program files\Common Files\Nero
2010-06-04 20:23 . 2010-06-04 20:23 -------- d-----w- c:\users\bashkim\AppData\Roaming\Nero
2010-06-01 19:21 . 2009-10-08 16:15 -------- d-----w- c:\users\bashkim\AppData\Roaming\dvdcss
2010-06-01 13:46 . 2010-01-31 23:27 -------- d-----w- c:\program files\Google
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 21:16 . 2010-05-28 21:16 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 21:16 . 2010-05-28 21:16 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 21:16 . 2010-05-28 21:16 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:01 . 2010-05-27 23:47 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-27 23:41 . 2010-05-27 23:47 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 17:06 . 2010-06-10 17:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 13:24 . 2010-07-04 14:27 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-21 12:14 . 2009-10-03 16:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 22:24 . 2010-05-19 22:24 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-04 05:59 . 2010-06-10 17:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 17:51 2037248 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,71,d0,0e,a5,2d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-195142114-3670078642-1254213944-1000]
"EnableNotificationsRef"=dword:00000004
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{98A4EB86-9BC5-4C8D-9424-FDF284AEF3F8}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-hpqSRMon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 20:49
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\APSHook.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\System32\APSHook.dll
.
Celkový čas: 2010-07-28 20:52:51
ComboFix-quarantined-files.txt 2010-07-28 18:52
Před spuštěním: 157 589 274 624 bytes free
Po spuštění: 157 521 571 840 bytes free
- - End Of File - - 58DFCECB64FE524A4EFC87D0ED2E9675
ComboFix 10-07-27.05 - bashkim 28.07.2010 20:41:07.2.2 - x86
Spuštěný z: c:\users\bashkim\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 18:49 . 2010-07-28 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 20:46 . 2010-07-27 21:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-27 20:46 . 2010-07-27 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\users\bashkim\AppData\Roaming\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\programdata\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 16:13 . 2010-07-27 16:13 -------- d-----w- c:\programdata\Panda Software
2010-07-26 23:04 . 2010-07-26 23:04 -------- d-----w- c:\programdata\Backup
2010-07-26 22:17 . 2010-07-26 22:17 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-25 20:38 . 2010-07-26 10:42 -------- d-----w- c:\users\bashkim\AppData\Local\CrashDumps
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Roaming\Tific
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Local\Symantec
2010-07-24 18:17 . 2010-07-24 18:17 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-07-24 12:01 . 2010-07-25 21:40 -------- d-----w- c:\programdata\Norton
2010-07-24 12:01 . 2010-07-24 12:01 -------- d-----w- c:\programdata\NortonInstaller
2010-07-24 11:32 . 2010-07-24 11:32 -------- d-----w- c:\users\bashkim\AppData\Roaming\Download Manager
2010-07-22 23:33 . 2010-07-22 23:33 -------- d-----w- c:\users\bashkim\AppData\Local\MigWiz
2010-07-08 14:13 . 2010-07-08 14:13 -------- d-----w- c:\program files\ScreensCorner
2010-07-05 01:22 . 2010-07-05 01:22 -------- d-----w- c:\users\bashkim\AppData\Roaming\ARGELA
2010-07-04 23:20 . 2010-07-04 23:20 -------- d-----w- c:\users\bashkim\AppData\Roaming\Globe7
2010-07-04 17:45 . 2010-07-04 17:47 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-07-04 17:32 . 2010-07-04 17:48 -------- d-----w- c:\users\bashkim\AppData\Roaming\TP
2010-07-04 14:48 . 2007-12-12 11:12 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-07-04 14:48 . 2007-12-12 11:12 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-07-04 14:48 . 2007-12-12 11:12 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-07-04 14:48 . 2007-12-12 11:12 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-MX
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-AR
2010-07-02 22:59 . 2010-07-02 22:59 -------- d-----w- c:\program files\Alwil Software
2010-07-01 23:49 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 23:30 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-01 23:30 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-01 23:30 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-01 23:30 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-01 23:30 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-01 22:43 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-01 22:43 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-07-01 19:20 . 2010-07-05 00:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\Uniblue
2010-07-01 19:06 . 2010-07-01 19:06 -------- d-----w- c:\users\bashkim\AppData\Local\Microsoft Corporation
2010-07-01 19:05 . 2010-07-01 19:16 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-01 13:00 . 2010-07-01 13:00 -------- d-----w- c:\users\bashkim\Office Genuine Advantage
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\bashkim\AppData\Local\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:31 . 2009-10-04 15:41 32061 ----a-w- c:\programdata\nvModes.dat
2010-07-27 23:07 . 2008-01-30 08:12 14908 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 20:39 . 2007-08-19 00:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 23:54 . 2010-05-28 20:45 -------- d-----w- c:\program files\Winamp
2010-07-26 22:16 . 2010-02-02 18:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-26 13:30 . 2009-07-01 13:04 -------- d-----w- c:\programdata\Yahoo!
2010-07-26 13:30 . 2008-02-02 14:55 -------- d-----w- c:\program files\Yahoo!
2010-07-25 23:15 . 2008-01-29 18:36 -------- d-----w- c:\users\bashkim\AppData\Roaming\Hewlett-Packard
2010-07-25 21:38 . 2007-08-19 00:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-22 22:40 . 2009-05-24 20:14 -------- d-----w- c:\programdata\LightScribe
2010-07-21 08:12 . 2008-02-27 09:47 7808 ----a-w- c:\users\bashkim\AppData\Local\d3d9caps.dat
2010-07-21 08:10 . 2008-01-29 18:50 86328 ----a-w- c:\users\bashkim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 12:45 . 2010-05-28 21:24 -------- d-----w- c:\users\bashkim\AppData\Roaming\vlc
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-02 01:19 . 2009-10-04 15:48 -------- d-----w- c:\programdata\NVIDIA
2010-07-02 00:27 . 2010-06-01 13:40 -------- d-----w- c:\users\bashkim\AppData\Roaming\Skype
2010-07-01 23:49 . 2007-08-19 01:41 -------- d-----w- c:\program files\Java
2010-07-01 22:25 . 2009-09-09 21:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\HpUpdate
2010-07-01 22:16 . 2009-06-30 14:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 22:16 . 2008-10-20 18:59 -------- d-----w- c:\program files\CCleaner
2010-06-27 16:32 . 2009-10-22 15:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-16 19:43 . 2010-06-16 19:11 -------- d-----w- c:\programdata\TuneUp Software
2010-06-16 19:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-16 19:12 . 2010-06-16 19:12 -------- d-----w- c:\users\bashkim\AppData\Roaming\TuneUp Software
2010-06-16 19:06 . 2008-01-30 00:56 -------- d-----w- c:\programdata\Skype
2010-06-16 08:39 . 2010-06-16 08:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-07 14:02 . 2008-12-28 23:01 -------- d-----w- c:\users\bashkim\AppData\Roaming\skypePM
2010-06-05 08:33 . 2008-10-20 19:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 21:09 . 2010-06-04 21:02 -------- d-----w- c:\users\bashkim\AppData\Roaming\FreeBurner
2010-06-04 21:02 . 2010-06-04 21:02 -------- d-----w- c:\program files\Free Easy Burner
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\programdata\Nero
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\program files\Common Files\Nero
2010-06-04 20:23 . 2010-06-04 20:23 -------- d-----w- c:\users\bashkim\AppData\Roaming\Nero
2010-06-01 19:21 . 2009-10-08 16:15 -------- d-----w- c:\users\bashkim\AppData\Roaming\dvdcss
2010-06-01 13:46 . 2010-01-31 23:27 -------- d-----w- c:\program files\Google
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 21:16 . 2010-05-28 21:16 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 21:16 . 2010-05-28 21:16 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 21:16 . 2010-05-28 21:16 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:01 . 2010-05-27 23:47 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-27 23:41 . 2010-05-27 23:47 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 17:06 . 2010-06-10 17:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 13:24 . 2010-07-04 14:27 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-21 12:14 . 2009-10-03 16:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 22:24 . 2010-05-19 22:24 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-04 05:59 . 2010-06-10 17:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 17:51 2037248 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,71,d0,0e,a5,2d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-195142114-3670078642-1254213944-1000]
"EnableNotificationsRef"=dword:00000004
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{98A4EB86-9BC5-4C8D-9424-FDF284AEF3F8}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-hpqSRMon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 20:49
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\APSHook.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\System32\APSHook.dll
.
Celkový čas: 2010-07-28 20:52:51
ComboFix-quarantined-files.txt 2010-07-28 18:52
Před spuštěním: 157 589 274 624 bytes free
Po spuštění: 157 521 571 840 bytes free
- - End Of File - - 58DFCECB64FE524A4EFC87D0ED2E9675
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
Ani log CF neprozrazuje, o jaký virus se jedná. Ve kterém souboru ho antivir našel?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
C:\Windows\NIRCMD.exe.mwt infected by "Malware.Win32 (ES)" Virus! Action Taken: No Action Taken.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
To je příkazový řádek. Měl by to být legitimní soubor. Otestujte online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
Tak tady je vysledek..aspon doufam
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.07.28.04 2010.07.28 -
AntiVir 8.2.4.26 2010.07.28 -
Antiy-AVL 2.0.3.7 2010.07.28 -
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.28 -
CAT-QuickHeal 11.00 2010.07.28 -
ClamAV 0.96.0.3-git 2010.07.28 -
Comodo 5566 2010.07.28 -
DrWeb 5.0.2.03300 2010.07.28 -
Emsisoft 5.0.0.34 2010.07.28 -
eSafe 7.0.17.0 2010.07.27 -
eTrust-Vet 36.1.7743 2010.07.27 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.28 -
Fortinet 4.1.143.0 2010.07.28 -
GData 21 2010.07.28 -
Ikarus T3.1.1.84.0 2010.07.28 -
Jiangmin 13.0.900 2010.07.28 Trojan/Agent.dwsp
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.28 -
McAfee-GW-Edition 2010.1 2010.07.28 -
Microsoft 1.6004 2010.07.28 -
NOD32 5319 2010.07.28 -
Norman 6.05.11 2010.07.28 -
nProtect 2010-07-28.02 2010.07.28 -
Panda 10.0.2.7 2010.07.27 -
PCTools 7.0.3.5 2010.07.28 -
Prevx 3.0 2010.07.28 -
Rising 22.58.02.04 2010.07.28 -
Sophos 4.55.0 2010.07.28 NirCmd
Sunbelt 6653 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.28 -
Symantec 20101.1.1.7 2010.07.28 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.28 -
VBA32 3.12.12.6 2010.07.27 Trojan.Win32.Agent2.cpop
ViRobot 2010.7.23.3956 2010.07.28 Trojan.Win32.Agent.33280.BY
VirusBuster 5.0.27.0 2010.07.28 -
Rozšiřující informace
File size: 31232 bytes
MD5 : ae72e8619cb31d84da25e2435e55003c
SHA1 : 2ed893a9aa82da248b5f4344819fcf6ad2d28240
SHA256: eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12AF0
timedatestamp.....: 0x49EC5532 (Mon Apr 20 12:57:54 2009)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xB000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xC000 0x7000 0x6E00 7.88 61ac5157516e5e2e687d300707ddf5df
.rsrc 0x13000 0x1000 0x800 3.30 c926c07c18604758648052e6fadc348c
( 8 imports )
> advapi32.dll: RegCloseKey
> gdi32.dll: BitBlt
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> msvcrt.dll: exit
> ole32.dll: CoInitialize
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> winmm.dll: mixerOpen
( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 435e55003c
ssdeep: 768:8HfV0Q+ubR8EM/hIY/5UPkLVScwoUT+hhe88Znxbtk2:I+FCRFMyYVVScFUTYw86nRtJ
sigcheck: publisher....: NirSoft
copyright....: Copyright (c) 2003 - 2009 Nir Sofer
product......: NirCmd
description..: NirCmd
original name: NirCmd.exe
internal name: NirCmd
file version.: 2.35
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 0091A6F065
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/pa ... 435e55003c
RDS : NSRL Reference Data Set
-
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.07.28.04 2010.07.28 -
AntiVir 8.2.4.26 2010.07.28 -
Antiy-AVL 2.0.3.7 2010.07.28 -
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.28 -
CAT-QuickHeal 11.00 2010.07.28 -
ClamAV 0.96.0.3-git 2010.07.28 -
Comodo 5566 2010.07.28 -
DrWeb 5.0.2.03300 2010.07.28 -
Emsisoft 5.0.0.34 2010.07.28 -
eSafe 7.0.17.0 2010.07.27 -
eTrust-Vet 36.1.7743 2010.07.27 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.28 -
Fortinet 4.1.143.0 2010.07.28 -
GData 21 2010.07.28 -
Ikarus T3.1.1.84.0 2010.07.28 -
Jiangmin 13.0.900 2010.07.28 Trojan/Agent.dwsp
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.28 -
McAfee-GW-Edition 2010.1 2010.07.28 -
Microsoft 1.6004 2010.07.28 -
NOD32 5319 2010.07.28 -
Norman 6.05.11 2010.07.28 -
nProtect 2010-07-28.02 2010.07.28 -
Panda 10.0.2.7 2010.07.27 -
PCTools 7.0.3.5 2010.07.28 -
Prevx 3.0 2010.07.28 -
Rising 22.58.02.04 2010.07.28 -
Sophos 4.55.0 2010.07.28 NirCmd
Sunbelt 6653 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.28 -
Symantec 20101.1.1.7 2010.07.28 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.28 -
VBA32 3.12.12.6 2010.07.27 Trojan.Win32.Agent2.cpop
ViRobot 2010.7.23.3956 2010.07.28 Trojan.Win32.Agent.33280.BY
VirusBuster 5.0.27.0 2010.07.28 -
Rozšiřující informace
File size: 31232 bytes
MD5 : ae72e8619cb31d84da25e2435e55003c
SHA1 : 2ed893a9aa82da248b5f4344819fcf6ad2d28240
SHA256: eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12AF0
timedatestamp.....: 0x49EC5532 (Mon Apr 20 12:57:54 2009)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xB000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xC000 0x7000 0x6E00 7.88 61ac5157516e5e2e687d300707ddf5df
.rsrc 0x13000 0x1000 0x800 3.30 c926c07c18604758648052e6fadc348c
( 8 imports )
> advapi32.dll: RegCloseKey
> gdi32.dll: BitBlt
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> msvcrt.dll: exit
> ole32.dll: CoInitialize
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> winmm.dll: mixerOpen
( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 435e55003c
ssdeep: 768:8HfV0Q+ubR8EM/hIY/5UPkLVScwoUT+hhe88Znxbtk2:I+FCRFMyYVVScFUTYw86nRtJ
sigcheck: publisher....: NirSoft
copyright....: Copyright (c) 2003 - 2009 Nir Sofer
product......: NirCmd
description..: NirCmd
original name: NirCmd.exe
internal name: NirCmd
file version.: 2.35
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 0091A6F065
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/pa ... 435e55003c
RDS : NSRL Reference Data Set
-
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
OK. Všwechny světové antiviry mlčí, ozývají se jen ty druhořadé. Myslím, že soubor je v pořádku.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
Ok děkuji,ale nevim co dal..windows security porad hlasi malware a stale sviti cervene..
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
vysledek:
Autoscan: completed 4 minutes ago (events: 2, objects: 587826, time: 02:50:23)
29.7.2010 20:38:25 Task started
29.7.2010 23:28:48 Task completed
Autoscan: completed 4 minutes ago (events: 2, objects: 587826, time: 02:50:23)
29.7.2010 20:38:25 Task started
29.7.2010 23:28:48 Task completed
Re: Vir v pocitaci malware.Win 32
už fakt nevim počítač stále hlasí vir...červený erb na windows
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
Ve kterém souboru je malware umístěn?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir v pocitaci malware.Win 32
asi jsem uplně mimo,ale nemuzu najit v jakým je adresari
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir v pocitaci malware.Win 32
Nikde jsem nic nenašel. Pokud se někde něco skrývá, musím vědět o co jde a znát cestu k souboru. Jedině tehdy ho mohu odstranit.valca píše:asi jsem uplně mimo,ale nemuzu najit v jakým je adresari
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?