Dobrý deň. Posledné dva dni sa mi spomalil internet, možno tam neni vír ale pre istotu by som prosil skontolovať preventívne log. Dakujem
Logfile of random's system information tool 1.08 (written by random/random)
Run by owner at 2011-04-30 08:04:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 216 GB (45%) free of 477 GB
Total RAM: 2038 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:04:32, on 30.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\owner\Desktop\Neklikať\RSIT.exe
C:\Program Files\trend micro\owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\owner\Application Data\FlashGetBHO\GetUrl.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 5233 bytes
======Scheduled tasks folder======
C:\windows\tasks\SmartDefrag_Startup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-06-10 13758464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-17 153608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Disabled:FIFA 11"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Disabled:Battlefield: Bad Company™ 2"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Disabled:CyberLink PowerDVD"
"C:\windows\Network Diagnostic\xpnetdiag.exe"="C:\windows\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Disabled:Steam"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Disabled:Ubisoft Game Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Disabled:Tom Clancy's Splinter Cell Conviction Update"
"C:\Program Files\Atari\TDU2\UpLauncher.exe"="C:\Program Files\Atari\TDU2\UpLauncher.exe:*:Disabled:UpLauncher"
"C:\Program Files\Atari\TDU2\_UpLauncher.exe"="C:\Program Files\Atari\TDU2\_UpLauncher.exe:*:Disabled:UpLauncher"
"C:\Program Files\Atari\TDU2\TestDrive2.exe"="C:\Program Files\Atari\TDU2\TestDrive2.exe:*:Disabled:Test Drive Unlimited 2"
"C:\Program Files\Counter-Strike Xtreme V5\hl.exe"="C:\Program Files\Counter-Strike Xtreme V5\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Documents and Settings\owner\Desktop\Counter-Strike Condition Zero\czero.exe"="C:\Documents and Settings\owner\Desktop\Counter-Strike Condition Zero\czero.exe:*:Disabled:Condition Zero Launcher"
"C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe"="C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe:*:Disabled:SHIFT 2 UNLEASHED™"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Disabled:Crysis2"
"C:\Program Files\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe"="C:\Program Files\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe:*:Enabled:Bulletstorm"
"C:\Program Files\Winter Sports 2011\wintersports_stripped_dx9.exe"="C:\Program Files\Winter Sports 2011\wintersports_stripped_dx9.exe:*:Disabled:wintersports_stripped_dx9"
"C:\Program Files\Lost Planet 2\LP2DX9.exe"="C:\Program Files\Lost Planet 2\LP2DX9.exe:*:Enabled:Lost Planet 2 (DX9)"
"C:\Program Files\Lost Planet 2\LP2DX11.exe"="C:\Program Files\Lost Planet 2\LP2DX11.exe:*:Enabled:Lost Planet 2 (DX11)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-04-26 18:48:46 ----D---- C:\Program Files\Lost Planet 2
2011-04-17 19:22:39 ----D---- C:\Program Files\Tales Animator
2011-04-11 17:47:57 ----D---- C:\Program Files\Bohemia Interactive
2011-04-10 17:46:03 ----D---- C:\Documents and Settings\owner\Application Data\Winter Sports 2011
2011-04-10 08:43:12 ----D---- C:\Program Files\EA
2011-04-06 18:46:57 ----D---- C:\Program Files\Counter-Strike Xtreme V5
2011-04-06 17:29:19 ----D---- C:\Program Files\upnito.sk manager
2011-04-01 17:43:37 ----HD---- C:\windows\msdownld.tmp
======List of files/folders modified in the last 1 months======
2011-04-30 08:04:30 ----D---- C:\Program Files\trend micro
2011-04-30 08:04:21 ----D---- C:\windows\Prefetch
2011-04-30 07:56:36 ----D---- C:\windows\system32
2011-04-30 07:56:36 ----AC---- C:\windows\system32\PerfStringBackup.INI
2011-04-30 07:52:46 ----D---- C:\windows\Temp
2011-04-29 20:05:06 ----A---- C:\windows\SchedLgU.Txt
2011-04-28 19:01:45 ----D---- C:\Program Files\Valve
2011-04-28 14:15:41 ----A---- C:\windows\NeroDigital.ini
2011-04-28 14:15:15 ----D---- C:\windows\system32\CatRoot2
2011-04-27 14:33:57 ----D---- C:\WINDOWS
2011-04-26 20:17:33 ----HD---- C:\windows\inf
2011-04-26 20:17:33 ----D---- C:\windows\system32\DirectX
2011-04-26 20:13:55 ----SHD---- C:\windows\Installer
2011-04-26 20:13:55 ----HD---- C:\Config.Msi
2011-04-26 19:24:08 ----D---- C:\Program Files\Codemasters
2011-04-26 19:18:34 ----D---- C:\Program Files
2011-04-20 09:49:28 ----D---- C:\Program Files\Mozilla Firefox
2011-04-18 17:08:42 ----D---- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2011-04-17 19:24:11 ----SD---- C:\Documents and Settings\owner\Application Data\Microsoft
2011-04-17 09:04:35 ----D---- C:\Program Files\Opera
2011-04-16 06:25:46 ----SD---- C:\windows\Tasks
2011-04-11 17:53:36 ----RSD---- C:\windows\assembly
2011-04-10 13:16:27 ----D---- C:\windows\system32\Restore
2011-04-10 08:40:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-04-08 08:27:04 ----D---- C:\Program Files\Electronic Arts
2011-04-07 08:39:07 ----D---- C:\Documents and Settings\All Users\Application Data\Solidshield
2011-04-05 17:56:45 ----A---- C:\windows\avisplitter.INI
2011-04-01 18:39:06 ----D---- C:\windows\system32\drivers
2011-04-01 14:20:53 ----D---- C:\Program Files\Atari
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 d347bus;d347bus; C:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\windows\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 SmartDefragDriver;SmartDefragDriver; C:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-02 218688]
R1 InCDPass;Nero InCDPass; C:\windows\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\windows\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2011-02-23 102232]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2011-01-15 281760]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2011-01-15 25888]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2009-09-11 66056]
R4 InCDfs;Nero InCD File System; C:\windows\system32\drivers\InCDFs.sys [2008-02-18 118952]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2009-09-11 14984]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-10 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
S1 InCDrec;Nero InCD File System Recognizer; C:\windows\system32\drivers\InCDRec.sys [2008-02-18 16040]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S4 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventívku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o preventívku
Log je tu, len pri tej kontrole som mal zapnutý aj externý hdd, chcel som aj ten skontrolovať.Ked som daval RSIT log tak tam hdd nebol zapnutý.Vadí to ?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verzia databázy: 6482
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
1.5.2011 12:13:15
mbam-log-2011-05-01 (12-13-08).txt
Typ kontroly: Úplná kontrola (C:\|I:\|)
Objektov kontrolovaných: 307807
Uplynutý čas: 55 min, 11 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
c:\system volume information\_restore{2975d84d-227a-4a14-bc74-5cff8dd2ae0e}\RP156\A0067265.dll (Adware.Agent) -> No action taken.
i:\Softvare\actualspy.exe (Application.ActualSpy) -> No action taken.
i:\Softvare\gocasino.exe (PUP.Casino) -> No action taken.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verzia databázy: 6482
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
1.5.2011 12:13:15
mbam-log-2011-05-01 (12-13-08).txt
Typ kontroly: Úplná kontrola (C:\|I:\|)
Objektov kontrolovaných: 307807
Uplynutý čas: 55 min, 11 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 3
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
c:\system volume information\_restore{2975d84d-227a-4a14-bc74-5cff8dd2ae0e}\RP156\A0067265.dll (Adware.Agent) -> No action taken.
i:\Softvare\actualspy.exe (Application.ActualSpy) -> No action taken.
i:\Softvare\gocasino.exe (PUP.Casino) -> No action taken.
Re: Prosím o preventívku
Nevadí, to co Mbam našel nech smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o preventívku
Chcelo to odomna potvrdit niečo ohladom tej consoly dal som ano, a vyhodilo Boot Partition cannot be enumerated correctly. Neviem síce či to má niečo z tím ale pre istotu to napíšem, vždy pri zapínaní pc mi napíše niečo že invalid booot C také niečo
Re: Prosím o preventívku
Všetko som popotvrdoval
ComboFix 11-05-01.04 - owner 02.05.2011 18:14:57.6.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1473 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\Local Settings\Application Data\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-01 07:53 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 07:53 . 2011-05-01 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 07:53 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 06:14 . 2011-04-30 06:21 -------- d-----r- C:\HRY
2011-04-26 16:48 . 2011-04-26 18:13 -------- d-----w- c:\program files\Lost Planet 2
2011-04-17 17:22 . 2011-04-17 17:22 -------- d-----w- c:\program files\Tales Animator
2011-04-11 16:55 . 2011-04-11 16:56 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\ArmA 2
2011-04-11 15:47 . 2011-04-11 15:47 -------- d-----w- c:\program files\Bohemia Interactive
2011-04-10 15:46 . 2011-04-17 10:22 -------- d-----w- c:\documents and settings\owner\Application Data\Winter Sports 2011
2011-04-10 06:43 . 2011-04-10 06:43 -------- d-----w- c:\program files\EA
2011-04-09 08:08 . 2011-04-09 08:08 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\3DMGAME
2011-04-06 16:46 . 2011-04-19 16:26 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-04-06 15:29 . 2011-04-06 15:29 -------- d-----w- c:\program files\upnito.sk manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 16:40 . 2011-03-25 16:40 49152 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2011-03-02 15:49 . 2011-03-02 15:49 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-01 15:51 . 2010-06-10 14:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-23 16:04 . 2011-03-23 15:43 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-23 15:54 . 2011-03-23 15:43 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-02-23 15:04 . 2010-12-05 17:01 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-12-05 17:01 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-24 15:00 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-12-05 17:02 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-12-05 17:01 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-12-05 17:01 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-12-05 17:01 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-12-05 17:02 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-12-05 17:01 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-12-05 17:02 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 13:06 . 2010-06-17 11:44 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 11:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 13:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-09-17 04:14 153608 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"=
"c:\\Program Files\\Atari\\TDU2\\TestDrive2.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\EA\\Bulletstorm\\Binaries\\Win32\\ShippingPC-StormGame.exe"=
"c:\\Program Files\\Lost Planet 2\\LP2DX9.exe"=
"c:\\Program Files\\Lost Planet 2\\LP2DX11.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9.6.2010 21:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9.6.2010 21:29 5248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [23.3.2011 17:43 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2010 11:21 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2011 17:00 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.12.2010 19:02 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.3.2011 17:49 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.12.2010 19:02 19544]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30.6.2008 20:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-23 17:19]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\57mg1748.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.ffpimp.com
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?site=Bing&pid=87&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 18:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B3CD5C3-4E09-89B3-E236-305DCE356F6C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:eb,73,53,dd,aa,ca,45,19,5d,01,41,3e,6f,f8,17,ba,d8,05,04,f9,da,83,0a,
e4,36,82,94,00,84,89,36,ad,78,e4,6f,81,57,76,24,04,61,5a,a1,a4,2c,77,e4,41,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,dd,a8,a5,c9,25,49,58,5f,e4,1a,e1,2a,dc,ca,f1,83,55,d9,64,28,
03,70,cf,4d,a6,56,b2,34,9b,34,ca,08,e0,20,5c,4b,0d,c1,ef,57,e4,0d,d4,45,0f,\
"rkeysecu"=hex:d3,7f,62,2e,dc,4e,74,bc,29,c9,24,8d,54,ac,8d,60
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1244)
c:\windows\system32\msi.dll
c:\program files\Windows Media Player\wmpband.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02 18:22:49
ComboFix-quarantined-files.txt 2011-05-02 16:22
ComboFix2.txt 2011-02-06 15:24
.
Pre-Run: 225 186 607 104 bytes free
Post-Run: 225 174 654 976 bytes free
.
- - End Of File - - 0FC74E0BDF90412F810B3D14D8CD2574
ComboFix 11-05-01.04 - owner 02.05.2011 18:14:57.6.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1473 [GMT 2:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\Local Settings\Application Data\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-01 07:53 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 07:53 . 2011-05-01 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 07:53 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 06:14 . 2011-04-30 06:21 -------- d-----r- C:\HRY
2011-04-26 16:48 . 2011-04-26 18:13 -------- d-----w- c:\program files\Lost Planet 2
2011-04-17 17:22 . 2011-04-17 17:22 -------- d-----w- c:\program files\Tales Animator
2011-04-11 16:55 . 2011-04-11 16:56 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\ArmA 2
2011-04-11 15:47 . 2011-04-11 15:47 -------- d-----w- c:\program files\Bohemia Interactive
2011-04-10 15:46 . 2011-04-17 10:22 -------- d-----w- c:\documents and settings\owner\Application Data\Winter Sports 2011
2011-04-10 06:43 . 2011-04-10 06:43 -------- d-----w- c:\program files\EA
2011-04-09 08:08 . 2011-04-09 08:08 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\3DMGAME
2011-04-06 16:46 . 2011-04-19 16:26 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-04-06 15:29 . 2011-04-06 15:29 -------- d-----w- c:\program files\upnito.sk manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 16:40 . 2011-03-25 16:40 49152 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2011-03-02 15:49 . 2011-03-02 15:49 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-01 15:51 . 2010-06-10 14:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-23 16:04 . 2011-03-23 15:43 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-23 15:54 . 2011-03-23 15:43 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-02-23 15:04 . 2010-12-05 17:01 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-12-05 17:01 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-24 15:00 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-12-05 17:02 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-12-05 17:01 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-12-05 17:01 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-12-05 17:01 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-12-05 17:02 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-12-05 17:01 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-12-05 17:02 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 13:06 . 2010-06-17 11:44 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 11:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 13:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-09-17 04:14 153608 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"=
"c:\\Program Files\\Atari\\TDU2\\TestDrive2.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Program Files\\EA\\Bulletstorm\\Binaries\\Win32\\ShippingPC-StormGame.exe"=
"c:\\Program Files\\Lost Planet 2\\LP2DX9.exe"=
"c:\\Program Files\\Lost Planet 2\\LP2DX11.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9.6.2010 21:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9.6.2010 21:29 5248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [23.3.2011 17:43 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2010 11:21 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2011 17:00 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.12.2010 19:02 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.3.2011 17:49 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.12.2010 19:02 19544]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30.6.2008 20:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-23 17:19]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\57mg1748.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.ffpimp.com
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?site=Bing&pid=87&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 18:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B3CD5C3-4E09-89B3-E236-305DCE356F6C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:eb,73,53,dd,aa,ca,45,19,5d,01,41,3e,6f,f8,17,ba,d8,05,04,f9,da,83,0a,
e4,36,82,94,00,84,89,36,ad,78,e4,6f,81,57,76,24,04,61,5a,a1,a4,2c,77,e4,41,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,dd,a8,a5,c9,25,49,58,5f,e4,1a,e1,2a,dc,ca,f1,83,55,d9,64,28,
03,70,cf,4d,a6,56,b2,34,9b,34,ca,08,e0,20,5c,4b,0d,c1,ef,57,e4,0d,d4,45,0f,\
"rkeysecu"=hex:d3,7f,62,2e,dc,4e,74,bc,29,c9,24,8d,54,ac,8d,60
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1244)
c:\windows\system32\msi.dll
c:\program files\Windows Media Player\wmpband.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02 18:22:49
ComboFix-quarantined-files.txt 2011-05-02 16:22
ComboFix2.txt 2011-02-06 15:24
.
Pre-Run: 225 186 607 104 bytes free
Post-Run: 225 174 654 976 bytes free
.
- - End Of File - - 0FC74E0BDF90412F810B3D14D8CD2574
Re: Prosím o preventívku
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Prosím o preventívku
Vyzerá biť v poriadku, ešte by som sa chcel spítať OTC a TFC som raz používal na pokyn nejakého radcu, môžem to už vymazať alebo sa mi to ešte zíde ? A ešte pri zapínaní pc mi nabehne niečo že invalid boot C a ešte asi 4 slová ale rýchlo to zmizne a spúšta windovs.Ako sa toho zbavím? Alebo to nevadí velmi ?
Re: Prosím o preventívku
Píšem z druhého pc lebo ten môj nejde. Spravil som to podla toho návodu, do boot.ini som prilepil
[Boot loader]
timeout = 30
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS
[Operating systems]
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Microsoft Windows XP Professional" / fastdetect
a teraz pri zapínaní nabehne :
Please select the operating system to start:
(0) disk (0) rdisk (0) partition (1) \ WINDOWS =
Windows (default)
Use the up and down arrow keys to move the highlight to your choice
Press ENTER to choose.
Seconds until highlighted choice will be started automatically : 27
For troubleshooting and advanced startupoptions for Windows, press F8
Ked potvrdim windows default raštartuje sa, ked dám to (0) disk..... tiež sa reštartuje a ked počkám kím uplinú tie sekundy napíše
Windows could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk.Check boot path and disk hardware.
Please check the Windows documentation about hardware disk configuration and your hardware reference manuals for additional information.
[Boot loader]
timeout = 30
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS
[Operating systems]
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Microsoft Windows XP Professional" / fastdetect
a teraz pri zapínaní nabehne :
Please select the operating system to start:
(0) disk (0) rdisk (0) partition (1) \ WINDOWS =
Windows (default)
Use the up and down arrow keys to move the highlight to your choice
Press ENTER to choose.
Seconds until highlighted choice will be started automatically : 27
For troubleshooting and advanced startupoptions for Windows, press F8
Ked potvrdim windows default raštartuje sa, ked dám to (0) disk..... tiež sa reštartuje a ked počkám kím uplinú tie sekundy napíše
Windows could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk.Check boot path and disk hardware.
Please check the Windows documentation about hardware disk configuration and your hardware reference manuals for additional information.
Re: Prosím o preventívku
Zajtra sa do toho pustím ale ešte jedna otázka, mám nainštalovaný xp profesional ale cd sním nemám doma to mi inštaloval strýko, ale mám doma cd z xp home edition. Pôjde to aj z tím? A ešte prosím Vás trošku podrobnejšie ak by sa dal opísať tento bod : V BIOSu si zařídím aby se systém zavedl (boot) z CD
ako to spravím ?
ako to spravím ?
Re: Prosím o preventívku
Na tohle musíš mít XP Profi.
V Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :
* DEL
* F2
* F1
* F10
záleží na PC, ale vždy je to na monitoru napsáno,
otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.
Na první místo nastav CD-ROM,
na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.
Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,
pak ještě stisknutím Save and Exit se dostaneš z Biosu.
Vlož instalační CD do mechaniky, nech nabootovat, stiskem klávesy R vyber Konzolu pro zotavení.
Vyskočí na tebe černé okno kde za C:\WINDOWS zadáš příkaz FIXMBR
Dále zadáš příkaz EXIT tím dojde k restartu PC.
V Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :
* DEL
* F2
* F1
* F10
záleží na PC, ale vždy je to na monitoru napsáno,
otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.
Na první místo nastav CD-ROM,
na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.
Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,
pak ještě stisknutím Save and Exit se dostaneš z Biosu.
Vlož instalační CD do mechaniky, nech nabootovat, stiskem klávesy R vyber Konzolu pro zotavení.
Vyskočí na tebe černé okno kde za C:\WINDOWS zadáš příkaz FIXMBR
Dále zadáš příkaz EXIT tím dojde k restartu PC.
Re: Prosím o preventívku
V bode 5 nastal problém
File NTFS.sys caused an unexpected error (4096) at line 5091 in D:\xpsprtm\base\boot\setup\setup.c.
Press any key to continue
Stalčím niečo a napíše :
Setup failed. Press any key to restart your computer
Lenže to som spôsobil asi ja.
Bol som už v bode 11 :
V příkazovém řádku zadám příkaz FIXMBR a na následující potvrzovací otázku odpovím A
Otázku som si neodfotil ale stlačil som A, nič sa nedialo ešte raz mi vyhodilo tú otázku, nech som tam dal hocijaké písmeno stále len odznova tú istú otázku.Stlačil som gombík na bedni, pc sa vypol a potom začalo ypisovať pri bode 5 File NTFS.sys....
File NTFS.sys caused an unexpected error (4096) at line 5091 in D:\xpsprtm\base\boot\setup\setup.c.
Press any key to continue
Stalčím niečo a napíše :
Setup failed. Press any key to restart your computer
Lenže to som spôsobil asi ja.
Bol som už v bode 11 :
V příkazovém řádku zadám příkaz FIXMBR a na následující potvrzovací otázku odpovím A
Otázku som si neodfotil ale stlačil som A, nič sa nedialo ešte raz mi vyhodilo tú otázku, nech som tam dal hocijaké písmeno stále len odznova tú istú otázku.Stlačil som gombík na bedni, pc sa vypol a potom začalo ypisovať pri bode 5 File NTFS.sys....
Re: Prosím o preventívku
Je tu několik možností proč to nejde :
1 - v BIOSu není tvoje hlavní mechanika nastavena na první místo
2 - poškozené (poškrábané) instalační CD s Windows
3 - poškozený systém
první a druhou možnost zkontroluj ty
třetí pokud první dvě budou v pohodě napravíš takhle :
vlož instalační CD do mechaniky, nech nabootovat,
chvíli počkej zobrazí se první obrazovka kde klávesou Enter potvrdíš spuštění instalace Windows,
v další obrazovce klávesou F8 potvrdíš licenční ujednání,
v další obrazovce pak klávesou R zvol Opravit stávající instalaci Windows
podrobný postup ZDE
1 - v BIOSu není tvoje hlavní mechanika nastavena na první místo
2 - poškozené (poškrábané) instalační CD s Windows
3 - poškozený systém
první a druhou možnost zkontroluj ty
třetí pokud první dvě budou v pohodě napravíš takhle :
vlož instalační CD do mechaniky, nech nabootovat,
chvíli počkej zobrazí se první obrazovka kde klávesou Enter potvrdíš spuštění instalace Windows,
v další obrazovce klávesou F8 potvrdíš licenční ujednání,
v další obrazovce pak klávesou R zvol Opravit stávající instalaci Windows
podrobný postup ZDE
Přispějete na provoz fóra?