Problém s PC- stránky s flash playerem (výjezd z ComboFixu)
Napsal: 05 čer 2011 12:38
Zdravím,
poslední dobou cca (3 týdny) se mi objevuje po zatuhnutí flash playeru
modrá obrazovka. Děje se tomu tak v chromu, firefoxu i internet exploreru. Nahrál jsem si poslední verzi ovladačů pro nvidii, poslední verzi jawy i flash playeru, ale problém přetrvává.
Vytížení procesoru skočí na 100%, s PC nejde nic udělat, následně skočí na vteřinu modrá obrazovka a PC se restartne.
Posílám dnešní výjezd z ComboFixu:
ComboFix 11-06-05.01 - Mirek mladší 05.06.2011 12:28:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2595 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek mladší\Dokumenty\Download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mirek mladší\WINDOWS
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-05 do 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-04 09:06 . 2011-06-04 09:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-01 18:06 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-01 18:06 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-29 13:47 . 2011-05-29 13:47 -------- d-----w- c:\program files\Sun
2011-05-29 13:47 . 2011-05-29 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-29 13:45 . 2011-05-29 13:46 -------- d-----w- c:\program files\Java
2011-05-22 15:07 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-22 15:07 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-05-22 15:07 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-05-22 15:07 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-05-22 15:07 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-05-22 15:07 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-14 17:19 . 2011-05-14 17:19 -------- d-----w- c:\documents and settings\Mirek mladší\Data aplikací\EMCO
2011-05-14 11:55 . 2011-06-01 17:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 11:40 . 2011-05-14 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-05-14 11:40 . 2011-05-14 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-05-10 15:47 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-10 15:47 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 15:47 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 15:47 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 15:47 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 15:47 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 15:47 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 15:47 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 15:47 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 15:47 . 2011-05-10 15:47 -------- d-----w- c:\program files\AVAST Software
2011-05-07 11:03 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-07 11:03 . 2011-05-07 11:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:46 . 2011-03-23 19:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 07:11 . 2010-06-12 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-06-12 06:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 07:26 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2011-04-07 20:16 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2011-04-07 20:16 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-04-07 20:16 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:25 . 2010-07-22 15:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2010-07-22 15:38 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2010-07-22 15:38 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-07-22 15:38 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-07-22 15:37 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2010-07-22 15:37 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2010-07-22 15:37 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2009-02-19 18:56 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-25 07:25 . 2009-02-19 18:56 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-10 15:31 . 2007-09-09 05:27 16587 ----a-w- c:\windows\system32\drivers\InetLock.sys
2011-04-08 05:14 . 2011-05-05 18:04 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-05 18:04 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-17 23:24 . 2009-06-13 10:07 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-17 23:24 . 2010-01-23 08:59 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-17 23:24 . 2010-01-23 08:59 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-04-14 16:38 . 2011-05-14 10:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Startup Guard"="c:\program files\Zabezpečení\StartupGuard\SG.EXE" [2004-08-23 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"ZoneAlarm Client"="c:\program files\Zabezpečení\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"QuickTime Task"="c:\program files\Audio a video\QuickTime\qttask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\Audio a video\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Internet a programy\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\VoipBlast\\VoipBlast.exe"=
"c:\\Hry\\PES 2011\\pes2011.exe"=
"c:\\Program Files\\Internet a programy\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Audio a video\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2009 23:44 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2009 23:44 5248]
R0 fsh;fsh;c:\windows\system32\drivers\fsh.sys [23.5.2010 6:05 39744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.6.2010 20:22 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [22.3.2010 20:27 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 17:47 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 17:47 307928]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/05 11:34];c:\program files\Audio a video\PowerDVD 10\PowerDVD10\NavFilter\000.fcl [28.6.2010 22:50 87536]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [22.3.2010 20:27 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 17:47 19544]
R2 BCWipeSvc;BCWipe service;c:\program files\Diagnostika a údržba\BCWipe\BCWipeSvc.exe [23.5.2010 6:05 95544]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [14.5.2011 13:40 2214504]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [22.3.2010 20:27 160288]
S1 tvtool;tvtool;c:\program files\Audio a video\TVTool\TVTOOL.SYS [3.4.1996 20:33 5248]
S2 gupdate1c99a896891aac6;Google Update Service (gupdate1c99a896891aac6);c:\program files\Google\Update\GoogleUpdate.exe [31.7.2010 13:56 136176]
S2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [9.9.2007 7:27 16587]
S2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet a programy\Internet Lock 5.1\ILSvc.exe [9.9.2007 7:27 106496]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.3.2010 22:24 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.7.2010 13:56 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.12.2010 11:05 1753048]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 16:49 14336]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [6.6.2010 15:18 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [6.6.2010 15:18 19408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [7.3.2009 15:20 23600]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [23.5.2010 6:05 92096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{6175E49C-E6AB-4A21-806D-D4B865AD79B4}: NameServer = 10.11.255.254,0.0.0.0
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.40/TSWeb.cab
FF - ProfilePath - c:\documents and settings\Mirek mladší\Data aplikací\Mozilla\Firefox\Profiles\5mekgo92.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-Adobe Acrobat Reader 3.0 - c:\acrobat3\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\Audio a video\PowerDVD 10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail\mirkazda@seznam.cz]
"MessageCount"=dword:00000100
"TimeStamp"=hex:34,35,f5,e8,17,94,c9,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~3\\Office12\\OUTLOOK.EXE /profile Outlook"
.
Celkový čas: 2011-06-05 12:50:41
ComboFix-quarantined-files.txt 2011-06-05 10:50
ComboFix2.txt 2009-07-21 11:27
.
Před spuštěním: Volných bajtů: 34 739 445 760
Po spuštění: Volných bajtů: 34 731 847 680
.
- - End Of File - - D5446B80D0CDAD5CDC615119CAD1010E
Může mi prosím někdo pomoci ? Nově se mi vytvořily složky na C: po skenu, a sice Config.msi + MSOCache + Qoobox. Co mám smazat ??
poslední dobou cca (3 týdny) se mi objevuje po zatuhnutí flash playeru
modrá obrazovka. Děje se tomu tak v chromu, firefoxu i internet exploreru. Nahrál jsem si poslední verzi ovladačů pro nvidii, poslední verzi jawy i flash playeru, ale problém přetrvává.
Vytížení procesoru skočí na 100%, s PC nejde nic udělat, následně skočí na vteřinu modrá obrazovka a PC se restartne.
Posílám dnešní výjezd z ComboFixu:
ComboFix 11-06-05.01 - Mirek mladší 05.06.2011 12:28:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2595 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek mladší\Dokumenty\Download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mirek mladší\WINDOWS
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-05 do 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-04 09:06 . 2011-06-04 09:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-06-01 18:06 . 2011-05-25 07:25 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-01 18:06 . 2011-05-25 07:25 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-29 13:47 . 2011-05-29 13:47 -------- d-----w- c:\program files\Sun
2011-05-29 13:47 . 2011-05-29 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-29 13:45 . 2011-05-29 13:46 -------- d-----w- c:\program files\Java
2011-05-22 15:07 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-22 15:07 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-05-22 15:07 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-05-22 15:07 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-05-22 15:07 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-05-22 15:07 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-14 17:19 . 2011-05-14 17:19 -------- d-----w- c:\documents and settings\Mirek mladší\Data aplikací\EMCO
2011-05-14 11:55 . 2011-06-01 17:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 11:40 . 2011-05-14 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-05-14 11:40 . 2011-05-14 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-05-10 15:47 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-10 15:47 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 15:47 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 15:47 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 15:47 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 15:47 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 15:47 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 15:47 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 15:47 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 15:47 . 2011-05-10 15:47 -------- d-----w- c:\program files\AVAST Software
2011-05-07 11:03 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-07 11:03 . 2011-05-07 11:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:46 . 2011-03-23 19:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 07:11 . 2010-06-12 06:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-06-12 06:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 07:26 . 2011-04-07 20:16 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-05-25 07:26 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-05-25 07:26 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-05-25 07:26 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-05-25 07:26 . 2011-04-07 20:16 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-05-25 07:26 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-05-25 07:26 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-05-25 07:26 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-05-25 07:26 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-05-25 07:26 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-05-25 07:26 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-05-25 07:26 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-05-25 07:26 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-05-25 07:26 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-05-25 07:26 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-05-25 07:26 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-05-25 07:26 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:26 . 2011-04-07 20:16 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:26 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 07:26 . 2011-04-07 20:16 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:25 . 2010-07-22 15:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2010-07-22 15:38 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 07:25 . 2010-07-22 15:38 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2010-07-22 15:38 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2010-07-22 15:37 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2010-07-22 15:37 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2010-07-22 15:37 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 07:25 . 2009-02-19 18:56 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-25 07:25 . 2009-02-19 18:56 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-10 15:31 . 2007-09-09 05:27 16587 ----a-w- c:\windows\system32\drivers\InetLock.sys
2011-04-08 05:14 . 2011-05-05 18:04 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-05 18:04 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-17 23:24 . 2009-06-13 10:07 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-17 23:24 . 2010-01-23 08:59 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-17 23:24 . 2010-01-23 08:59 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-04-14 16:38 . 2011-05-14 10:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Startup Guard"="c:\program files\Zabezpečení\StartupGuard\SG.EXE" [2004-08-23 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"ZoneAlarm Client"="c:\program files\Zabezpečení\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"QuickTime Task"="c:\program files\Audio a video\QuickTime\qttask.exe" [2010-11-29 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\Audio a video\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Internet a programy\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\VoipBlast\\VoipBlast.exe"=
"c:\\Hry\\PES 2011\\pes2011.exe"=
"c:\\Program Files\\Internet a programy\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Audio a video\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20.2.2009 23:44 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20.2.2009 23:44 5248]
R0 fsh;fsh;c:\windows\system32\drivers\fsh.sys [23.5.2010 6:05 39744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.6.2010 20:22 64288]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [22.3.2010 20:27 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2011 17:47 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2011 17:47 307928]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/05 11:34];c:\program files\Audio a video\PowerDVD 10\PowerDVD10\NavFilter\000.fcl [28.6.2010 22:50 87536]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [22.3.2010 20:27 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2011 17:47 19544]
R2 BCWipeSvc;BCWipe service;c:\program files\Diagnostika a údržba\BCWipe\BCWipeSvc.exe [23.5.2010 6:05 95544]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [14.5.2011 13:40 2214504]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [22.3.2010 20:27 160288]
S1 tvtool;tvtool;c:\program files\Audio a video\TVTool\TVTOOL.SYS [3.4.1996 20:33 5248]
S2 gupdate1c99a896891aac6;Google Update Service (gupdate1c99a896891aac6);c:\program files\Google\Update\GoogleUpdate.exe [31.7.2010 13:56 136176]
S2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [9.9.2007 7:27 16587]
S2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet a programy\Internet Lock 5.1\ILSvc.exe [9.9.2007 7:27 106496]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [13.3.2010 22:24 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.7.2010 13:56 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.12.2010 11:05 1753048]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 16:49 14336]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [6.6.2010 15:18 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [6.6.2010 15:18 19408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [7.3.2009 15:20 23600]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [23.5.2010 6:05 92096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-31 11:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{6175E49C-E6AB-4A21-806D-D4B865AD79B4}: NameServer = 10.11.255.254,0.0.0.0
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.40/TSWeb.cab
FF - ProfilePath - c:\documents and settings\Mirek mladší\Data aplikací\Mozilla\Firefox\Profiles\5mekgo92.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-Adobe Acrobat Reader 3.0 - c:\acrobat3\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\Audio a video\PowerDVD 10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-484763869-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\UnreadMail\mirkazda@seznam.cz]
"MessageCount"=dword:00000100
"TimeStamp"=hex:34,35,f5,e8,17,94,c9,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~3\\Office12\\OUTLOOK.EXE /profile Outlook"
.
Celkový čas: 2011-06-05 12:50:41
ComboFix-quarantined-files.txt 2011-06-05 10:50
ComboFix2.txt 2009-07-21 11:27
.
Před spuštěním: Volných bajtů: 34 739 445 760
Po spuštění: Volných bajtů: 34 731 847 680
.
- - End Of File - - D5446B80D0CDAD5CDC615119CAD1010E
Může mi prosím někdo pomoci ? Nově se mi vytvořily složky na C: po skenu, a sice Config.msi + MSOCache + Qoobox. Co mám smazat ??
