občas se mi zasekne počítač a celkově se zpomalil. Přikládám log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2011-02-16 16:57:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (56%) free of 50 GB
Total RAM: 3582 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:28, on 16.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Uživatel\Dokumenty\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ovanet.cz/files/activex/AxisCamControl.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 14282 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-02-11 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-21 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\Program Files\NetSoftware\IEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-21 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-21 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05 988480]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-02-11 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-03 16841216]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"=C:\WINDOWS\system32\MSTMON_N.EXE [2004-11-25 151552]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-21 136600]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"PMBVolumeWatcher"=C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [2010-03-24 599328]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"KodakShareButtonApp"=C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2011-01-18 107008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2008-08-24 4067328]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-03 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\MSTMON_N.EXE"="C:\WINDOWS\system32\MSTMON_N.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\PixArt\PAC207\Monitor.exe"="C:\WINDOWS\PixArt\PAC207\Monitor.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 3 months======
2011-02-16 16:46:25 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\PriceGong
2011-02-16 16:41:25 ----A---- C:\ComboFix.txt
2011-02-11 23:06:00 ----A---- C:\WINDOWS\WTRDCTM.INI
2011-02-11 23:03:28 ----D---- C:\TRANSLAT
2011-02-11 23:01:41 ----D---- C:\Program Files\office Convert Pdf to Word for Doc Free
2011-02-09 22:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-09 22:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-09 22:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-09 22:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-09 22:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-09 22:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-09 22:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-06 12:21:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-03 10:39:59 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenuEX
2011-02-03 00:12:40 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2011-02-02 18:53:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
2011-02-02 18:53:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
2011-02-02 18:53:27 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Canon
2011-02-02 18:47:44 ----A---- C:\WINDOWS\system32\CNQ2414U.dll
2011-02-02 18:47:44 ----A---- C:\WINDOWS\system32\CNQ2414L.dll
2011-02-02 18:47:44 ----A---- C:\WINDOWS\system32\CNQ2414I.dll
2011-02-02 18:47:44 ----A---- C:\WINDOWS\system32\CNQ2414C.dll
2011-02-02 18:47:44 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2011-02-02 18:42:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2011-02-02 18:40:56 ----D---- C:\Program Files\Common Files\CANON
2011-02-02 18:40:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJWSpt
2011-02-02 18:39:21 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2011-02-02 18:39:19 ----A---- C:\WINDOWS\system32\CNQ2414Y.dll
2011-02-02 18:39:16 ----A---- C:\WINDOWS\system32\CNQ2414O.dll
2011-02-02 18:39:13 ----HD---- C:\Program Files\CanonBJ
2011-02-02 18:38:08 ----D---- C:\Program Files\Canon
2011-01-13 21:23:15 ----D---- C:\Program Files\ConduitEngine
2011-01-13 21:23:12 ----D---- C:\Program Files\uTorrentBar
2011-01-12 11:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-11 18:08:49 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\CAD-KAS
2011-01-11 18:08:39 ----A---- C:\WINDOWS\cadkasdeinst01e.exe
2011-01-08 15:17:08 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Nitro PDF
2011-01-08 15:14:59 ----A---- C:\WINDOWS\system32\nitrolocalui.dll
2011-01-08 15:14:59 ----A---- C:\WINDOWS\system32\nitrolocalmon.dll
2011-01-08 15:14:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
2011-01-08 15:12:45 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Downloaded Installations
2011-01-08 14:53:09 ----D---- C:\Output Files
2011-01-08 14:52:26 ----D---- C:\Program Files\office Convert Pdf to Excel for xls Free
2010-12-25 14:09:04 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Sony Corporation
2010-12-25 14:00:52 ----D---- C:\Program Files\Sony
2010-12-25 14:00:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Corporation
2010-12-24 23:01:56 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Kodak
2010-12-24 23:01:31 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skinux
2010-12-24 22:56:41 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ArcSoft
2010-12-24 22:56:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-12-24 22:55:50 ----D---- C:\Program Files\Common Files\ArcSoft
2010-12-24 22:55:50 ----D---- C:\Program Files\ArcSoft
2010-12-24 22:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-12-24 22:53:13 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2010-12-24 22:53:13 ----N---- C:\WINDOWS\system32\imapi2.dll
2010-12-24 22:29:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kodak
2010-12-24 22:15:18 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-12-24 22:15:18 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-12-24 22:15:16 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-12-24 22:14:18 ----D---- C:\Program Files\Kodak
2010-12-24 22:14:18 ----D---- C:\Program Files\Common Files\Kodak
2010-12-24 22:13:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\{49FC035F-4D1B-4459-B8B7-1EF5D11C6BAC}
2010-12-23 21:25:24 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Aunsoft
2010-12-23 19:39:29 ----D---- C:\Program Files\Swf2Avi
2010-12-23 18:25:57 ----D---- C:\Program Files\Freemake
2010-12-23 17:02:29 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\CPS Labs
2010-12-23 16:07:02 ----A---- C:\Documents and Settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-23 16:07:02 ----A---- C:\Documents and Settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 14:35:11 ----A---- C:\WINDOWS\IsUninst.exe
2010-12-16 18:59:13 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FreeBurner
2010-12-15 19:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-15 19:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-15 19:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-15 19:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-15 19:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-15 19:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-15 19:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-14 18:23:15 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Search Settings
2010-12-14 17:46:02 ----D---- C:\Program Files\Application Updater
2010-12-14 17:44:48 ----A---- C:\WINDOWS\system32\GIF89.DLL
2010-12-14 17:44:43 ----A---- C:\WINDOWS\system32\WMAFile.dll
2010-12-14 17:44:43 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2010-12-14 17:44:43 ----A---- C:\WINDOWS\system32\AudFile.dll
2010-12-14 17:44:40 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2010-12-14 17:44:40 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2010-12-14 17:44:40 ----A---- C:\WINDOWS\system32\inetfr.DLL
2010-12-14 17:44:39 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2010-12-14 17:44:36 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2010-12-14 17:44:36 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2010-12-14 17:44:35 ----D---- C:\Program Files\Free Easy Burner
2010-12-14 17:44:35 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-12-14 17:44:35 ----A---- C:\WINDOWS\system32\lame_enc.dll
2010-12-11 12:30:58 ----D---- C:\Program Files\Common Files\Skype
2010-12-07 17:34:34 ----D---- C:\Program Files\Common Files\DESIGNER
2010-12-07 17:17:00 ----D---- C:\Program Files\Microsoft Works
2010-12-07 17:16:10 ----D---- C:\Program Files\Microsoft Visual Studio
2010-12-07 17:15:18 ----D---- C:\Program Files\Microsoft.NET
2010-12-07 17:09:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-12-07 17:07:01 ----RD---- C:\MSOCache
2010-11-23 22:48:37 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-11-23 19:49:08 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-11-23 19:49:05 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-11-23 19:48:39 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
2010-11-23 19:48:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-11-19 13:52:43 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Happy Foto
2010-11-19 13:52:39 ----D---- C:\Program Files\HappyFoto
======List of files/folders modified in the last 3 months======
2011-02-16 16:57:23 ----D---- C:\Program Files\trend micro
2011-02-16 16:41:33 ----D---- C:\WINDOWS\temp
2011-02-16 16:41:27 ----D---- C:\Qoobox
2011-02-16 16:41:25 ----D---- C:\WINDOWS\Prefetch
2011-02-16 16:39:55 ----AD---- C:\WINDOWS
2011-02-16 16:39:55 ----A---- C:\WINDOWS\system.ini
2011-02-16 16:39:49 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-16 16:38:18 ----D---- C:\WINDOWS\system32\drivers
2011-02-16 16:38:18 ----D---- C:\WINDOWS\system32
2011-02-16 16:38:18 ----D---- C:\WINDOWS\AppPatch
2011-02-16 16:38:15 ----D---- C:\Program Files\Common Files
2011-02-16 16:33:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-16 16:33:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-16 16:30:36 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2011-02-16 16:07:48 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2011-02-15 14:10:06 ----A---- C:\WINDOWS\MSTMON_N.INI
2011-02-14 22:16:49 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\LangSoft
2011-02-11 23:04:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2011-02-11 23:01:41 ----RD---- C:\Program Files
2011-02-11 20:35:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-09 22:25:40 ----HD---- C:\WINDOWS\inf
2011-02-09 22:25:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-09 22:25:35 ----A---- C:\WINDOWS\imsins.BAK
2011-02-09 22:23:38 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-09 22:23:19 ----D---- C:\Program Files\Internet Explorer
2011-02-09 22:23:03 ----D---- C:\WINDOWS\ie8updates
2011-02-09 22:22:55 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-09 22:22:50 ----SHD---- C:\WINDOWS\Installer
2011-02-09 22:22:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-02-09 20:36:17 ----D---- C:\WINDOWS\system32\config
2011-02-06 14:35:04 ----D---- C:\Program Files\Google
2011-02-02 18:47:45 ----D---- C:\WINDOWS\Media
2011-02-02 18:47:44 ----D---- C:\WINDOWS\twain_32
2011-01-29 23:18:12 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Google
2011-01-29 23:13:42 ----SD---- C:\WINDOWS\Tasks
2011-01-28 14:57:23 ----D---- C:\Program Files\Mozilla Firefox
2011-01-26 23:31:26 ----A---- C:\WINDOWS\AviSplitter.INI
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll
2011-01-10 21:42:42 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
2011-01-07 15:09:02 ----A---- C:\WINDOWS\system32\atmfd.dll
2011-01-07 11:32:59 ----D---- C:\Program Files\ICQ7.0
2011-01-04 12:03:33 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-27 10:59:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-25 14:03:56 ----D---- C:\WINDOWS\system32\DirectX
2010-12-25 14:00:52 ----D---- C:\WINDOWS\WinSxS
2010-12-24 22:55:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-24 22:55:33 ----D---- C:\WINDOWS\Help
2010-12-24 22:54:44 ----RSD---- C:\WINDOWS\assembly
2010-12-23 18:46:06 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-23 18:35:59 ----D---- C:\WINDOWS\system32\cs-cz
2010-12-23 18:35:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-23 14:35:47 ----D---- C:\Program Files\Adobe
2010-12-23 14:06:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-23 14:05:24 ----D---- C:\Program Files\Common Files\Adobe
2010-12-22 13:34:22 ----A---- C:\WINDOWS\system32\kerberos.dll
2010-12-21 00:52:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-12-21 00:52:36 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\occache.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mstime.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\licmgr10.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-12-21 00:52:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-12-21 00:52:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-12-20 18:25:50 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-12-20 13:55:37 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-12-20 11:52:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-12-15 19:39:10 ----D---- C:\Program Files\Outlook Express
2010-12-14 17:47:54 ----D---- C:\Program Files\CDBurnerXP
2010-12-11 12:31:39 ----RD---- C:\Program Files\Skype
2010-12-11 12:30:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-09 16:15:19 ----A---- C:\WINDOWS\system32\ntdll.dll
2010-12-09 16:14:06 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-12-09 16:14:05 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2010-12-09 15:30:13 ----A---- C:\WINDOWS\system32\csrsrv.dll
2010-12-08 22:59:26 ----RSD---- C:\WINDOWS\Fonts
2010-12-08 22:59:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-08 17:54:50 ----D---- C:\Program Files\Common Files\System
2010-12-08 17:54:35 ----D---- C:\WINDOWS\SHELLNEW
2010-12-08 17:54:29 ----SD---- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
2010-12-08 17:54:20 ----A---- C:\WINDOWS\win.ini
2010-12-08 17:52:20 ----D---- C:\WINDOWS\pchealth
2010-12-08 17:24:03 ----A---- C:\WINDOWS\ODBC.INI
2010-12-08 17:22:28 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-12-08 17:21:09 ----D---- C:\WINDOWS\system
2010-12-07 17:16:28 ----D---- C:\Program Files\Microsoft Office
2010-12-06 23:24:18 ----D---- C:\Program Files\Common Files\Nero
2010-12-06 23:24:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-11-18 19:15:47 ----A---- C:\WINDOWS\system32\isign32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-23 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.SYS []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-04 3331584]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 catchme;catchme; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PAC207;e-Messenger 112; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-03 581632]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-21 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2010-10-20 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-19 348344]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-03 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problémy s pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problémy s pc
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kadubcovav
- Návštěvník
- Příspěvky: 48
- Registrován: 16 úno 2011 16:53
Re: Problémy s pc
ComboFix 11-02-16.01 - Uživatel 16.02.2011 20:10:00.83.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2974 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
AV: avast! antivirus 4.8.1227 [VPS 110216-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 15:46 . 2011-02-16 18:53 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\PriceGong
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 20:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-16 20:15:45
ComboFix-quarantined-files.txt 2011-02-16 19:15
ComboFix2.txt 2011-02-16 15:41
ComboFix3.txt 2011-02-14 16:27
ComboFix4.txt 2011-02-14 16:23
ComboFix5.txt 2011-02-16 19:09
Před spuštěním: Volných bajtů: 29 384 237 056
Po spuštění: Volných bajtů: 29 365 837 824
- - End Of File - - 9B26698E643AC655E0C621257B136C54
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2974 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
AV: avast! antivirus 4.8.1227 [VPS 110216-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 15:46 . 2011-02-16 18:53 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\PriceGong
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 20:14
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-16 20:15:45
ComboFix-quarantined-files.txt 2011-02-16 19:15
ComboFix2.txt 2011-02-16 15:41
ComboFix3.txt 2011-02-14 16:27
ComboFix4.txt 2011-02-14 16:23
ComboFix5.txt 2011-02-16 19:09
Před spuštěním: Volných bajtů: 29 384 237 056
Po spuštění: Volných bajtů: 29 365 837 824
- - End Of File - - 9B26698E643AC655E0C621257B136C54
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problémy s pc
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kadubcovav
- Návštěvník
- Příspěvky: 48
- Registrován: 16 úno 2011 16:53
Re: Problémy s pc
výsledný log:
ComboFix 11-02-16.01 - Uživatel 16.02.2011 20:49:35.84.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2943 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1227 [VPS 110216-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\Dealio
c:\documents and settings\Uživatel\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Uživatel\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Search Settings
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Application Updater
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Common Files\Spigot
2011-02-16 15:46 . 2011-02-16 19:16 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\PriceGong
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2011-02-16 19:20 . 2011-02-16 19:20 53248 c:\windows\Installer\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}\ARPPRODUCTICON.exe
+ 2011-02-16 19:20 . 2011-02-16 19:20 1016832 c:\windows\Installer\d4197c.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - APPLICATION_UPDATER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 20:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-16 20:53:11
ComboFix-quarantined-files.txt 2011-02-16 19:53
ComboFix2.txt 2011-02-16 19:15
ComboFix3.txt 2011-02-16 15:41
ComboFix4.txt 2011-02-14 16:27
ComboFix5.txt 2011-02-16 19:49
Před spuštěním: Volných bajtů: 29 376 110 592
Po spuštění: Volných bajtů: 29 358 465 024
- - End Of File - - B855CEF9898978A6F190B2658E4B5520
ComboFix 11-02-16.01 - Uživatel 16.02.2011 20:49:35.84.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2943 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1227 [VPS 110216-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\Dealio
c:\documents and settings\Uživatel\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Uživatel\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Search Settings
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Application Updater
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Common Files\Spigot
2011-02-16 15:46 . 2011-02-16 19:16 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\PriceGong
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2011-02-16 19:20 . 2011-02-16 19:20 53248 c:\windows\Installer\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}\ARPPRODUCTICON.exe
+ 2011-02-16 19:20 . 2011-02-16 19:20 1016832 c:\windows\Installer\d4197c.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - APPLICATION_UPDATER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 20:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-16 20:53:11
ComboFix-quarantined-files.txt 2011-02-16 19:53
ComboFix2.txt 2011-02-16 19:15
ComboFix3.txt 2011-02-16 15:41
ComboFix4.txt 2011-02-14 16:27
ComboFix5.txt 2011-02-16 19:49
Před spuštěním: Volných bajtů: 29 376 110 592
Po spuštění: Volných bajtů: 29 358 465 024
- - End Of File - - B855CEF9898978A6F190B2658E4B5520
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problémy s pc
Ještě jednou spusťte CF tímtoi skriptem:
Folder::
c:\program files\Common Files\Spigot
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kadubcovav
- Návštěvník
- Příspěvky: 48
- Registrován: 16 úno 2011 16:53
Re: Problémy s pc
ComboFix 11-02-16.01 - Uživatel 17.02.2011 0:10.85.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2971 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1227 [VPS 110216-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\PriceGong
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Search Settings
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Application Updater
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2011-02-16 19:20 . 2011-02-16 19:20 53248 c:\windows\Installer\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}\ARPPRODUCTICON.exe
+ 2011-02-16 19:20 . 2011-02-16 19:20 1016832 c:\windows\Installer\d4197c.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - APPLICATION_UPDATER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 00:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-17 00:13:43
ComboFix-quarantined-files.txt 2011-02-16 23:13
ComboFix2.txt 2011-02-16 19:53
ComboFix3.txt 2011-02-16 19:15
ComboFix4.txt 2011-02-16 15:41
ComboFix5.txt 2011-02-16 23:09
Před spuštěním: Volných bajtů: 29 480 939 520
Po spuštění: Volných bajtů: 29 464 334 336
- - End Of File - - 47AE636CFE123CB687FE8BD7069DDDF3
A co mám dělat s těmi položkami v ostatních výmazech? Už počítač skenuji druhý den a při každém skenu mi to píše, že je maže, ale potom se to objeví znovu.
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2971 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Dokumenty\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1227 [VPS 110216-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Uživatel\Data aplikací\PriceGong
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Uživatel\Data aplikací\PriceGong\Data\z.xml
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-16 do 2011-02-16 )))))))))))))))))))))))))))))))
.
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Search Settings
2011-02-16 19:20 . 2011-02-16 19:20 -------- d-----w- c:\program files\Application Updater
2011-02-11 22:03 . 2011-02-11 22:05 -------- d-----w- C:\TRANSLAT
2011-02-11 22:01 . 2011-02-11 22:10 -------- d-----w- c:\program files\office Convert Pdf to Word for Doc Free
2011-02-06 11:21 . 2011-02-06 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
2011-02-02 17:53 . 2011-02-02 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJ
2011-02-02 17:53 . 2011-02-04 09:51 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Canon
2011-02-02 17:47 . 2010-03-29 16:33 438272 ----a-w- c:\windows\system32\CNQ2414L.dll
2011-02-02 17:47 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNQ2414C.dll
2011-02-02 17:47 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNQ2414I.dll
2011-02-02 17:47 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNQ2414U.dll
2011-02-02 17:47 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-02-02 17:40 . 2011-02-02 17:40 -------- d-----w- c:\program files\Common Files\CANON
2011-02-02 17:39 . 2011-02-02 17:39 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-02-02 17:39 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ2414Y.dll
2011-02-02 17:39 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ2414O.dll
2011-02-02 17:38 . 2011-02-02 17:40 -------- d-----w- c:\program files\Canon
2011-01-29 22:18 . 2011-01-29 22:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-29 22:13 . 2011-01-29 22:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-19 20:50 . 2011-01-19 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\uTorrentBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 13:26 . 2011-01-11 17:08 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 17:07 . 2010-12-23 15:07 66 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_0.tmp
2010-12-23 17:06 . 2010-12-23 15:07 5236 ----a-w- c:\documents and settings\Uživatel\Data aplikací\isfree3_1.tmp
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-23 18:49 . 2010-11-23 18:49 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-19 12:55 . 2010-11-19 12:47 451477 ----a-w- c:\documents and settings\Uživatel\Data aplikací\mdbu.bin
.
((((((((((((((((((((((((((((( SnapShot_2011-02-13_23.28.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 15:29 . 2011-02-16 15:29 16384 c:\windows\temp\Perflib_Perfdata_658.dat
+ 2011-02-16 15:28 . 2011-02-16 15:28 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2011-02-16 19:20 . 2011-02-16 19:20 53248 c:\windows\Installer\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}\ARPPRODUCTICON.exe
+ 2011-02-16 19:20 . 2011-02-16 19:20 1016832 c:\windows\Installer\d4197c.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-01-18 107008]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\WINDOWS\\system32\\MSTMON_N.EXE"=
"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2010 19:49 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.9.2010 17:02 78416]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2010 17:02 20560]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.10.2010 17:41 67904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 3:18 360224]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [10.2.2009 18:22 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.1.2011 23:13 136176]
S3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [10.2.2009 18:16 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - APPLICATION_UPDATER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 22:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\4char9ha.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 00:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-17 00:13:43
ComboFix-quarantined-files.txt 2011-02-16 23:13
ComboFix2.txt 2011-02-16 19:53
ComboFix3.txt 2011-02-16 19:15
ComboFix4.txt 2011-02-16 15:41
ComboFix5.txt 2011-02-16 23:09
Před spuštěním: Volných bajtů: 29 480 939 520
Po spuštění: Volných bajtů: 29 464 334 336
- - End Of File - - 47AE636CFE123CB687FE8BD7069DDDF3
A co mám dělat s těmi položkami v ostatních výmazech? Už počítač skenuji druhý den a při každém skenu mi to píše, že je maže, ale potom se to objeví znovu.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problémy s pc
Smazáno. PriceGong by měl jít normálně odinstalovat přes přidat/ubrat programy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problémy s pc
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?