Zdravim, dostal se mi do rukou k vycisteni notebook s winXP Media Center Edition.
Ve vsech prohlizecich (IE8, Mozilla, Chrome) se webove stranky zobrazuji neuplne a nekorektne (napr. bez grafiky apod.)Taktez popisy zastupcu programu na plose se zobrazuji v rameccich v zakladni barve pracovni plochy.
V PC nebyl nainstalovan zadny antivir, takze prozatim otestovano online skenerem od ESETu, nalezeny nize uvedene infiltrace a nouzove nainstalovan Microsoft Security Ess.
C:\Program Files\Error Repair Professional\ErrorRepairProfessional.exe varianta infiltrace Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\Program Files\Error Repair Professional\autostart.exe Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\Program Files\NetSoftware\IEHelper.dll varianta infiltrace Win32/Trackware.Gemius aplikace vylé?en smazáním (po nejbli??ím restartu) - ulo?en do karantény
C:\System Volume Information\_restore{25C2B2C6-CA02-4029-B683-A4B88CCE71B2}\RP1314\A0373076.exe varianta infiltrace Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\System Volume Information\_restore{25C2B2C6-CA02-4029-B683-A4B88CCE71B2}\RP1314\A0373077.exe Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\System Volume Information\_restore{25C2B2C6-CA02-4029-B683-A4B88CCE71B2}\RP1314\A0373078.dll varianta infiltrace Win32/Trackware.Gemius aplikace vylé?en smazáním - ulo?en do karantény
C:\System Volume Information\_restore{25C2B2C6-CA02-4029-B683-A4B88CCE71B2}\RP1307\A0368371.exe Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\System Volume Information\_restore{25C2B2C6-CA02-4029-B683-A4B88CCE71B2}\RP1307\A0368372.exe varianta infiltrace Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\Qoobox\Quarantine\C\Program Files\Error Repair Professional\autostart.exe.vir Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
C:\Qoobox\Quarantine\C\Program Files\Error Repair Professional\ErrorRepairProfessional.exe.vir varianta infiltrace Win32/Adware.ErrorRepairPro aplikace vylé?en smazáním - ulo?en do karantény
po skenu jsem pouzil CCleaner a RegCleaner k odstraneni zbytku. Zakazano Obnoveni systemu na vsech jednotkach.
Log s RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by PAVEL at 2012-04-08 17:37:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (24%) free of 54 GB
Total RAM: 446 MB (19% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:54, on 8.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\PAVEL\Local Settings\Temporary Internet Files\Content.IE5\SNI2TPUC\RSIT[1].exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\trend micro\PAVEL.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S95.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Eurotran XP - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra 'Tools' menuitem: Eurotran XP... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Eurotran XP\etnxp.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.seznam.cz
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
--
End of file - 10364 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default
prefs.js - "browser.startup.homepage" - ""
prefs.js - "extensions.enabledItems" - "gemgecko@gemius.com:2.1, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Program Files\Mozilla Firefox\components\
browserdirprovider.dll
brwsrcmp.dll
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsURLFormatter.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
FeedConverter.js
FeedProcessor.js
FeedWriter.js
NetworkGeolocationProvider.js
WebContentConverter.js
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
avg_igeared.xml
crawlersrch.xml
C:\Documents and Settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\extensions\
{249d74a3-bd19-4657-b6ce-e62f480a20de}
{20a82645-c095-46ed-80e3-08825760534b}(2)
C:\Documents and Settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\searchplugins\
MyStart Search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-01-03 64928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-12 342128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-12 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Rádio - C:\WINDOWS\system32\MSDXM.OCX [2000-03-20 844560]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-12 342128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-09-22 139264]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-09-22 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-20 68856]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-07 488728]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 19550344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=kduzu.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE"="C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE:*:Enabled:CLI Application (Command Line Interface)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Microsoft Office\Office14\onenote.exe"="C:\Program Files\Microsoft Office\Office14\onenote.exe:*:Enabled:Microsoft OneNote"
"C:\Program Files\Activision\SHReK the THiRD Demo\SHReK the THiRD.exe"="C:\Program Files\Activision\SHReK the THiRD Demo\SHReK the THiRD.exe:*:Enabled:SHReK the THiRD(TM) Demo"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-04-08 17:37:41 ----D---- C:\Program Files\trend micro
2012-04-08 17:37:40 ----D---- C:\rsit
2012-04-08 17:36:39 ----D---- C:\WINDOWS\LastGood
2012-04-08 17:36:18 ----D---- C:\Program Files\Microsoft Security Client
2012-04-08 15:58:30 ----D---- C:\Program Files\ESET
2012-04-08 15:18:31 ----D---- C:\ATI
2012-04-08 14:53:42 ----A---- C:\WINDOWS\imsins.BAK
2012-04-08 14:10:07 ----A---- C:\WINDOWS\system32\sho15C.tmp
2012-04-08 13:47:18 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-04-08 13:41:20 ----A---- C:\WINDOWS\system32\shortcut_ex.dat
2012-04-08 13:38:19 ----D---- C:\Program Files\RegCleaner
2012-04-08 12:00:56 ----D---- C:\Documents and Settings\PAVEL\Application Data\PriceGong
2012-04-08 12:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2012-04-08 12:00:20 ----D---- C:\Config.Msi
2012-04-08 12:00:01 ----SHD---- C:\Recycled
2012-04-08 12:00:01 ----D---- C:\Program Files\Error Repair Professional
2012-04-08 11:40:01 ----D---- C:\WINDOWS\ie8updates
2012-04-08 11:36:14 ----HD---- C:\WINDOWS\ie8
2012-04-08 11:25:58 ----D---- C:\Recycled(2)
2012-04-08 11:09:31 ----A---- C:\ComboFix.txt
2012-04-08 10:51:59 ----A---- C:\Boot.bak
2012-04-08 10:51:54 ----D---- C:\cmdcons
2012-04-08 10:50:07 ----D---- C:\WINDOWS\ERDNT
2012-04-08 10:36:47 ----A---- C:\WINDOWS\system32\sho7E.tmp
2012-04-07 11:11:13 ----A---- C:\WINDOWS\system32\sho4.tmp
2012-04-05 19:56:59 ----A---- C:\WINDOWS\system32\sho7C.tmp
2012-04-03 15:49:44 ----A---- C:\WINDOWS\system32\sho7A.tmp
2012-04-03 14:03:55 ----A---- C:\WINDOWS\system32\sho79.tmp
2012-04-02 17:56:50 ----A---- C:\WINDOWS\system32\sho78.tmp
2012-03-28 20:48:18 ----A---- C:\WINDOWS\system32\sho3.tmp
2012-03-28 09:21:42 ----SHD---- C:\FOUND.011
2012-03-27 11:51:18 ----SHD---- C:\FOUND.010
2012-03-26 07:46:25 ----A---- C:\WINDOWS\system32\sho77.tmp
2012-03-24 11:57:55 ----A---- C:\WINDOWS\system32\sho76.tmp
2012-03-23 21:39:10 ----A---- C:\WINDOWS\system32\sho75.tmp
2012-03-23 18:06:37 ----A---- C:\WINDOWS\system32\sho73.tmp
2012-03-21 19:59:13 ----A---- C:\WINDOWS\system32\sho72.tmp
2012-03-20 18:51:21 ----A---- C:\WINDOWS\system32\sho71.tmp
2012-03-20 11:26:32 ----A---- C:\WINDOWS\system32\sho70.tmp
2012-03-19 20:16:36 ----A---- C:\WINDOWS\system32\sho6F.tmp
2012-03-17 20:14:09 ----A---- C:\WINDOWS\system32\shoC.tmp
2012-03-17 12:25:46 ----A---- C:\WINDOWS\system32\sho6B.tmp
2012-03-15 11:12:51 ----HD---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-15 11:05:50 ----HD---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-15 11:05:41 ----HD---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-14 11:02:50 ----A---- C:\WINDOWS\system32\sho69.tmp
2012-03-12 17:02:32 ----A---- C:\WINDOWS\system32\sho68.tmp
2012-03-10 19:12:41 ----A---- C:\WINDOWS\system32\sho63.tmp
2012-03-10 14:28:31 ----A---- C:\WINDOWS\system32\shoD.tmp
2012-03-09 23:09:20 ----A---- C:\WINDOWS\system32\sho62.tmp
2012-03-09 21:52:03 ----A---- C:\WINDOWS\system32\sho19.tmp
2012-03-09 19:41:13 ----A---- C:\WINDOWS\system32\sho18.tmp
======List of files/folders modified in the last 1 month======
2012-04-08 17:33:00 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2012-04-08 17:31:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-08 16:00:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-08 15:44:02 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-08 14:34:10 ----A---- C:\WINDOWS\wincmd.ini
2012-04-08 11:06:58 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-10 13952]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 SI3112;ATI-4379 Serial ATA Controller; C:\WINDOWS\system32\DRIVERS\SI3112.sys [2008-08-20 74280]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2008-08-20 19240]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-03-05 271360]
R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-03-05 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-05-12 806272]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-12 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-12 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-28 6144]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-12 727808]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 genmcmn;Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Sftfs;Sftfs; C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys [2010-09-14 581480]
S3 Sftplay;Sftplay; C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys [2010-09-14 209640]
S3 Sftredir;Sftredir; C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys [2010-09-14 20584]
S3 Sftvol;Sftvol; C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys [2010-09-14 18280]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ezGOSvc;Easybits GO Services for Windows; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-21 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Diky predem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
rozhozene zobrazovani webovych stranek
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: rozhozene zobrazovani webovych stranek
Také zdravím!
Poprosím o log ComboFix.
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: rozhozene zobrazovani webovych stranek
tak zde log Combofix:
ComboFix 12-04-07.03 - PAVEL 08.04.2012 18:24:34.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.155 [GMT 2:00]
Spuštěný z: c:\documents and settings\PAVEL\vy˙ŔtovßnÝ 2010\Sta×enÚ soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PAVEL\Application Data\PriceGong
c:\documents and settings\PAVEL\WINDOWS
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\unins000.exe
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\feaafeeabf8_s.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 15:46 . 2012-04-08 15:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\offreg.dll
2012-04-08 15:46 . 2012-04-08 15:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\MpKslf5ffbbb4.sys
2012-04-08 15:39 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\mpengine.dll
2012-04-08 15:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- c:\program files\trend micro
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- C:\rsit
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\windows\LastGood
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-08 13:58 . 2012-04-08 13:58 -------- d-----w- c:\program files\ESET
2012-04-08 13:39 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-08 13:39 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-04-08 13:39 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-08 13:27 . 2012-04-08 13:27 -------- d-sh--w- c:\documents and settings\PAVEL\IECompatCache
2012-04-08 13:24 . 2012-04-08 13:24 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-08 13:18 . 2012-04-08 13:18 -------- d-----w- C:\ATI
2012-04-08 12:10 . 2012-04-08 12:10 0 ----a-w- c:\windows\system32\sho15C.tmp
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-04-08 11:38 . 2012-04-08 11:38 -------- d-----w- c:\program files\RegCleaner
2012-04-08 10:08 . 2012-04-08 10:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-08 09:51 . 2012-04-08 09:51 -------- d-sh--w- c:\documents and settings\PAVEL\PrivacIE
2012-04-08 09:50 . 2012-04-08 09:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-04-08 09:44 . 2012-04-08 09:44 -------- d-sh--w- c:\documents and settings\PAVEL\IETldCache
2012-04-08 09:36 . 2012-04-08 09:36 -------- d--h--w- c:\windows\ie8
2012-04-08 09:25 . 2012-04-08 09:26 -------- d-----w- C:\Recycled(2)
2012-04-08 08:36 . 2012-04-08 08:36 0 ----a-w- c:\windows\system32\sho7E.tmp
2012-04-07 09:11 . 2012-04-07 09:11 0 ----a-w- c:\windows\system32\sho4.tmp
2012-04-05 17:56 . 2012-04-05 17:57 0 ----a-w- c:\windows\system32\sho7C.tmp
2012-04-03 13:49 . 2012-04-03 13:49 0 ----a-w- c:\windows\system32\sho7A.tmp
2012-04-03 12:03 . 2012-04-03 12:03 0 ----a-w- c:\windows\system32\sho79.tmp
2012-04-02 15:56 . 2012-04-02 15:56 0 ----a-w- c:\windows\system32\sho78.tmp
2012-03-28 18:48 . 2012-03-28 18:48 0 ----a-w- c:\windows\system32\sho3.tmp
2012-03-28 07:21 . 2012-03-28 07:21 -------- d-----w- C:\FOUND.011
2012-03-27 09:51 . 2012-03-27 09:51 -------- d-----w- C:\FOUND.010
2012-03-26 05:46 . 2012-03-26 05:46 0 ----a-w- c:\windows\system32\sho77.tmp
2012-03-24 09:57 . 2012-03-24 09:57 0 ----a-w- c:\windows\system32\sho76.tmp
2012-03-23 19:39 . 2012-03-23 19:39 0 ----a-w- c:\windows\system32\sho75.tmp
2012-03-23 16:06 . 2012-03-23 16:06 0 ----a-w- c:\windows\system32\sho73.tmp
2012-03-21 17:59 . 2012-03-21 17:59 0 ----a-w- c:\windows\system32\sho72.tmp
2012-03-20 16:51 . 2012-03-20 16:51 0 ----a-w- c:\windows\system32\sho71.tmp
2012-03-20 09:26 . 2012-03-20 09:26 0 ----a-w- c:\windows\system32\sho70.tmp
2012-03-19 18:16 . 2012-03-19 18:16 0 ----a-w- c:\windows\system32\sho6F.tmp
2012-03-17 18:14 . 2012-03-17 18:14 0 ----a-w- c:\windows\system32\shoC.tmp
2012-03-17 10:25 . 2012-03-17 10:25 0 ----a-w- c:\windows\system32\sho6B.tmp
2012-03-14 09:02 . 2012-03-14 09:02 0 ----a-w- c:\windows\system32\sho69.tmp
2012-03-12 15:02 . 2012-03-12 15:02 0 ----a-w- c:\windows\system32\sho68.tmp
2012-03-10 17:12 . 2012-03-10 17:12 0 ----a-w- c:\windows\system32\sho63.tmp
2012-03-10 12:28 . 2012-03-10 12:28 0 ----a-w- c:\windows\system32\shoD.tmp
2012-03-09 21:09 . 2012-03-09 21:09 0 ----a-w- c:\windows\system32\sho62.tmp
2012-03-09 19:52 . 2012-03-09 19:52 0 ----a-w- c:\windows\system32\sho19.tmp
2012-03-09 17:41 . 2012-03-09 17:41 0 ----a-w- c:\windows\system32\sho18.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 12:50 . 2011-11-24 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 20:02 . 2012-03-08 20:02 0 ----a-w- c:\windows\system32\sho60.tmp
2012-03-07 10:19 . 2012-03-07 10:19 0 ----a-w- c:\windows\system32\sho5F.tmp
2012-03-06 19:18 . 2012-03-06 19:17 0 ----a-w- c:\windows\system32\sho5E.tmp
2012-03-06 14:59 . 2012-03-06 14:59 0 ----a-w- c:\windows\system32\sho2.tmp
2012-03-06 13:50 . 2012-03-06 13:50 0 ----a-w- c:\windows\system32\sho61.tmp
2012-03-05 17:03 . 2012-03-05 17:03 0 ----a-w- c:\windows\system32\sho9.tmp
2012-03-05 16:45 . 2012-03-05 16:45 0 ----a-w- c:\windows\system32\sho5D.tmp
2012-03-05 09:25 . 2012-03-05 09:24 0 ----a-w- c:\windows\system32\sho5C.tmp
2012-03-02 16:12 . 2012-03-02 16:12 0 ----a-w- c:\windows\system32\sho17.tmp
2012-02-24 16:08 . 2012-02-24 16:08 0 ----a-w- c:\windows\system32\sho56.tmp
2012-02-23 20:30 . 2012-02-23 20:30 0 ----a-w- c:\windows\system32\sho57.tmp
2012-02-22 18:08 . 2012-02-22 18:08 0 ----a-w- c:\windows\system32\sho55.tmp
2012-02-21 13:36 . 2012-02-21 13:36 0 ----a-w- c:\windows\system32\sho54.tmp
2012-02-19 16:05 . 2012-02-19 16:05 0 ----a-w- c:\windows\system32\sho16.tmp
2012-02-16 12:32 . 2012-02-16 12:32 0 ----a-w- c:\windows\system32\sho4F.tmp
2012-02-13 19:50 . 2012-02-13 19:50 0 ----a-w- c:\windows\system32\sho4E.tmp
2012-02-04 17:24 . 2012-02-04 17:24 0 ----a-w- c:\windows\system32\sho4D.tmp
2012-02-03 18:42 . 2012-02-03 18:42 0 ----a-w- c:\windows\system32\sho15.tmp
2012-02-03 09:22 . 2004-08-10 18:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 03:05 . 2012-02-03 03:05 0 ----a-w- c:\windows\system32\sho4C.tmp
2012-02-01 21:48 . 2012-02-01 21:48 0 ----a-w- c:\windows\system32\sho4A.tmp
2012-02-01 07:51 . 2012-02-01 07:51 0 ----a-w- c:\windows\system32\sho53.tmp
2012-01-29 21:42 . 2012-01-29 21:42 0 ----a-w- c:\windows\system32\sho34.tmp
2012-01-28 19:47 . 2012-01-28 19:47 0 ----a-w- c:\windows\system32\sho32.tmp
2012-01-28 17:32 . 2012-01-28 17:32 0 ----a-w- c:\windows\system32\sho12.tmp
2012-01-26 20:29 . 2012-01-26 20:29 0 ----a-w- c:\windows\system32\sho7.tmp
2012-01-26 16:15 . 2012-01-26 16:15 0 ----a-w- c:\windows\system32\sho31.tmp
2012-01-26 11:05 . 2012-01-26 11:05 0 ----a-w- c:\windows\system32\sho2F.tmp
2012-01-24 13:29 . 2012-01-24 13:29 0 ----a-w- c:\windows\system32\sho33.tmp
2012-01-23 08:20 . 2012-01-23 08:20 0 ----a-w- c:\windows\system32\sho43.tmp
2012-01-20 07:01 . 2012-01-20 07:01 0 ----a-w- c:\windows\system32\sho42.tmp
2012-01-19 19:06 . 2012-01-19 19:06 0 ----a-w- c:\windows\system32\sho89.tmp
2012-01-12 18:07 . 2012-01-12 18:07 0 ----a-w- c:\windows\system32\sho41.tmp
2012-01-11 19:34 . 2012-01-11 19:34 0 ----a-w- c:\windows\system32\shoC1.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-20 68856]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\onenote.exe"=
"c:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKslf5ffbbb4;MpKslf5ffbbb4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\MpKslf5ffbbb4.sys [8.4.2012 17:46 29904]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [10.8.2004 20:00 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4.1.2012 14:22 821664]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2.12.2009 22:23 581480]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2.12.2009 22:23 209640]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2.12.2009 22:23 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2.12.2009 22:23 18280]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSLF5FFBBB4
*NewlyCreated* - MSMPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Trusted Zone: seznam.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 18:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-04-08 18:35:11
ComboFix-quarantined-files.txt 2012-04-08 16:35
ComboFix2.txt 2012-04-08 09:09
.
Před spuštěním: 13 503 430 656 bytes free
Po spuštění: 13 567 819 776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 869732F4C649E4DEF2140D76C69201B4
ComboFix 12-04-07.03 - PAVEL 08.04.2012 18:24:34.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.155 [GMT 2:00]
Spuštěný z: c:\documents and settings\PAVEL\vy˙ŔtovßnÝ 2010\Sta×enÚ soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PAVEL\Application Data\PriceGong
c:\documents and settings\PAVEL\WINDOWS
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\unins000.exe
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\feaafeeabf8_s.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 15:46 . 2012-04-08 15:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\offreg.dll
2012-04-08 15:46 . 2012-04-08 15:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\MpKslf5ffbbb4.sys
2012-04-08 15:39 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\mpengine.dll
2012-04-08 15:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- c:\program files\trend micro
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- C:\rsit
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\windows\LastGood
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-08 13:58 . 2012-04-08 13:58 -------- d-----w- c:\program files\ESET
2012-04-08 13:39 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-08 13:39 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-04-08 13:39 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-08 13:27 . 2012-04-08 13:27 -------- d-sh--w- c:\documents and settings\PAVEL\IECompatCache
2012-04-08 13:24 . 2012-04-08 13:24 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-08 13:18 . 2012-04-08 13:18 -------- d-----w- C:\ATI
2012-04-08 12:10 . 2012-04-08 12:10 0 ----a-w- c:\windows\system32\sho15C.tmp
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-04-08 11:38 . 2012-04-08 11:38 -------- d-----w- c:\program files\RegCleaner
2012-04-08 10:08 . 2012-04-08 10:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-08 09:51 . 2012-04-08 09:51 -------- d-sh--w- c:\documents and settings\PAVEL\PrivacIE
2012-04-08 09:50 . 2012-04-08 09:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-04-08 09:44 . 2012-04-08 09:44 -------- d-sh--w- c:\documents and settings\PAVEL\IETldCache
2012-04-08 09:36 . 2012-04-08 09:36 -------- d--h--w- c:\windows\ie8
2012-04-08 09:25 . 2012-04-08 09:26 -------- d-----w- C:\Recycled(2)
2012-04-08 08:36 . 2012-04-08 08:36 0 ----a-w- c:\windows\system32\sho7E.tmp
2012-04-07 09:11 . 2012-04-07 09:11 0 ----a-w- c:\windows\system32\sho4.tmp
2012-04-05 17:56 . 2012-04-05 17:57 0 ----a-w- c:\windows\system32\sho7C.tmp
2012-04-03 13:49 . 2012-04-03 13:49 0 ----a-w- c:\windows\system32\sho7A.tmp
2012-04-03 12:03 . 2012-04-03 12:03 0 ----a-w- c:\windows\system32\sho79.tmp
2012-04-02 15:56 . 2012-04-02 15:56 0 ----a-w- c:\windows\system32\sho78.tmp
2012-03-28 18:48 . 2012-03-28 18:48 0 ----a-w- c:\windows\system32\sho3.tmp
2012-03-28 07:21 . 2012-03-28 07:21 -------- d-----w- C:\FOUND.011
2012-03-27 09:51 . 2012-03-27 09:51 -------- d-----w- C:\FOUND.010
2012-03-26 05:46 . 2012-03-26 05:46 0 ----a-w- c:\windows\system32\sho77.tmp
2012-03-24 09:57 . 2012-03-24 09:57 0 ----a-w- c:\windows\system32\sho76.tmp
2012-03-23 19:39 . 2012-03-23 19:39 0 ----a-w- c:\windows\system32\sho75.tmp
2012-03-23 16:06 . 2012-03-23 16:06 0 ----a-w- c:\windows\system32\sho73.tmp
2012-03-21 17:59 . 2012-03-21 17:59 0 ----a-w- c:\windows\system32\sho72.tmp
2012-03-20 16:51 . 2012-03-20 16:51 0 ----a-w- c:\windows\system32\sho71.tmp
2012-03-20 09:26 . 2012-03-20 09:26 0 ----a-w- c:\windows\system32\sho70.tmp
2012-03-19 18:16 . 2012-03-19 18:16 0 ----a-w- c:\windows\system32\sho6F.tmp
2012-03-17 18:14 . 2012-03-17 18:14 0 ----a-w- c:\windows\system32\shoC.tmp
2012-03-17 10:25 . 2012-03-17 10:25 0 ----a-w- c:\windows\system32\sho6B.tmp
2012-03-14 09:02 . 2012-03-14 09:02 0 ----a-w- c:\windows\system32\sho69.tmp
2012-03-12 15:02 . 2012-03-12 15:02 0 ----a-w- c:\windows\system32\sho68.tmp
2012-03-10 17:12 . 2012-03-10 17:12 0 ----a-w- c:\windows\system32\sho63.tmp
2012-03-10 12:28 . 2012-03-10 12:28 0 ----a-w- c:\windows\system32\shoD.tmp
2012-03-09 21:09 . 2012-03-09 21:09 0 ----a-w- c:\windows\system32\sho62.tmp
2012-03-09 19:52 . 2012-03-09 19:52 0 ----a-w- c:\windows\system32\sho19.tmp
2012-03-09 17:41 . 2012-03-09 17:41 0 ----a-w- c:\windows\system32\sho18.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 12:50 . 2011-11-24 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 20:02 . 2012-03-08 20:02 0 ----a-w- c:\windows\system32\sho60.tmp
2012-03-07 10:19 . 2012-03-07 10:19 0 ----a-w- c:\windows\system32\sho5F.tmp
2012-03-06 19:18 . 2012-03-06 19:17 0 ----a-w- c:\windows\system32\sho5E.tmp
2012-03-06 14:59 . 2012-03-06 14:59 0 ----a-w- c:\windows\system32\sho2.tmp
2012-03-06 13:50 . 2012-03-06 13:50 0 ----a-w- c:\windows\system32\sho61.tmp
2012-03-05 17:03 . 2012-03-05 17:03 0 ----a-w- c:\windows\system32\sho9.tmp
2012-03-05 16:45 . 2012-03-05 16:45 0 ----a-w- c:\windows\system32\sho5D.tmp
2012-03-05 09:25 . 2012-03-05 09:24 0 ----a-w- c:\windows\system32\sho5C.tmp
2012-03-02 16:12 . 2012-03-02 16:12 0 ----a-w- c:\windows\system32\sho17.tmp
2012-02-24 16:08 . 2012-02-24 16:08 0 ----a-w- c:\windows\system32\sho56.tmp
2012-02-23 20:30 . 2012-02-23 20:30 0 ----a-w- c:\windows\system32\sho57.tmp
2012-02-22 18:08 . 2012-02-22 18:08 0 ----a-w- c:\windows\system32\sho55.tmp
2012-02-21 13:36 . 2012-02-21 13:36 0 ----a-w- c:\windows\system32\sho54.tmp
2012-02-19 16:05 . 2012-02-19 16:05 0 ----a-w- c:\windows\system32\sho16.tmp
2012-02-16 12:32 . 2012-02-16 12:32 0 ----a-w- c:\windows\system32\sho4F.tmp
2012-02-13 19:50 . 2012-02-13 19:50 0 ----a-w- c:\windows\system32\sho4E.tmp
2012-02-04 17:24 . 2012-02-04 17:24 0 ----a-w- c:\windows\system32\sho4D.tmp
2012-02-03 18:42 . 2012-02-03 18:42 0 ----a-w- c:\windows\system32\sho15.tmp
2012-02-03 09:22 . 2004-08-10 18:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 03:05 . 2012-02-03 03:05 0 ----a-w- c:\windows\system32\sho4C.tmp
2012-02-01 21:48 . 2012-02-01 21:48 0 ----a-w- c:\windows\system32\sho4A.tmp
2012-02-01 07:51 . 2012-02-01 07:51 0 ----a-w- c:\windows\system32\sho53.tmp
2012-01-29 21:42 . 2012-01-29 21:42 0 ----a-w- c:\windows\system32\sho34.tmp
2012-01-28 19:47 . 2012-01-28 19:47 0 ----a-w- c:\windows\system32\sho32.tmp
2012-01-28 17:32 . 2012-01-28 17:32 0 ----a-w- c:\windows\system32\sho12.tmp
2012-01-26 20:29 . 2012-01-26 20:29 0 ----a-w- c:\windows\system32\sho7.tmp
2012-01-26 16:15 . 2012-01-26 16:15 0 ----a-w- c:\windows\system32\sho31.tmp
2012-01-26 11:05 . 2012-01-26 11:05 0 ----a-w- c:\windows\system32\sho2F.tmp
2012-01-24 13:29 . 2012-01-24 13:29 0 ----a-w- c:\windows\system32\sho33.tmp
2012-01-23 08:20 . 2012-01-23 08:20 0 ----a-w- c:\windows\system32\sho43.tmp
2012-01-20 07:01 . 2012-01-20 07:01 0 ----a-w- c:\windows\system32\sho42.tmp
2012-01-19 19:06 . 2012-01-19 19:06 0 ----a-w- c:\windows\system32\sho89.tmp
2012-01-12 18:07 . 2012-01-12 18:07 0 ----a-w- c:\windows\system32\sho41.tmp
2012-01-11 19:34 . 2012-01-11 19:34 0 ----a-w- c:\windows\system32\shoC1.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2010-10-07 187672]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\listicka.dll" [2010-10-07 1961240]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-20 68856]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\onenote.exe"=
"c:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKslf5ffbbb4;MpKslf5ffbbb4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72312FF-E9C0-40C3-9010-599EF3A3A74B}\MpKslf5ffbbb4.sys [8.4.2012 17:46 29904]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [10.8.2004 20:00 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4.1.2012 14:22 821664]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2.12.2009 22:23 581480]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2.12.2009 22:23 209640]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2.12.2009 22:23 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2.12.2009 22:23 18280]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSLF5FFBBB4
*NewlyCreated* - MSMPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Trusted Zone: seznam.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 18:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-04-08 18:35:11
ComboFix-quarantined-files.txt 2012-04-08 16:35
ComboFix2.txt 2012-04-08 09:09
.
Před spuštěním: 13 503 430 656 bytes free
Po spuštění: 13 567 819 776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 869732F4C649E4DEF2140D76C69201B4
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: rozhozene zobrazovani webovych stranek
Ještě dočistíme. Přesuňte comobofix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu lako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spusí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\Seznam.cz\toolbar
c:\program files\Google\GoogleToolbarNotifier
File::
c:\program files\Seznam.cz\listicka.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"=-
[-HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: rozhozene zobrazovani webovych stranek
tak script spusten, log nize.
jeste jeden poznatek, pri zalozeni noveho uzivatelskeho uctu v PC je po prihlaseni pres tento ucet vse v poradku, funguji jak webove stranky, tak nastaveni plochy a programu windows (napr. Media Player, ktery v tom puvodnim uzivatelskem uctu je take graficky rozhozen) Napada me, ze nejjednodussi bude puvodni uzivatelsky ucet zrusit a prihlasovat se pres novy
ComboFix 12-04-07.03 - PAVEL 08.04.2012 20:31:46.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.151 [GMT 2:00]
Spuštěný z: c:\documents and settings\PAVEL\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PAVEL\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\program files\Seznam.cz\listicka.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\GoogleToolbarNotifier\swg-3.1.807.1746\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
c:\program files\Seznam.cz\toolbar
c:\program files\Seznam.cz\toolbar\toolbar.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 18:17 . 2012-04-08 18:17 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\MpKsl78d49ebe.sys
2012-04-08 18:03 . 2012-04-08 18:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\offreg.dll
2012-04-08 18:03 . 2012-04-08 18:03 -------- d-----w- c:\documents and settings\admin
2012-04-08 16:37 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\mpengine.dll
2012-04-08 15:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- c:\program files\trend micro
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- C:\rsit
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-08 13:58 . 2012-04-08 13:58 -------- d-----w- c:\program files\ESET
2012-04-08 13:39 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-08 13:39 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-04-08 13:39 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-08 13:27 . 2012-04-08 13:27 -------- d-sh--w- c:\documents and settings\PAVEL\IECompatCache
2012-04-08 13:24 . 2012-04-08 13:24 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-08 13:18 . 2012-04-08 13:18 -------- d-----w- C:\ATI
2012-04-08 12:10 . 2012-04-08 12:10 0 ----a-w- c:\windows\system32\sho15C.tmp
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-04-08 11:38 . 2012-04-08 11:38 -------- d-----w- c:\program files\RegCleaner
2012-04-08 10:08 . 2012-04-08 10:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-08 09:51 . 2012-04-08 09:51 -------- d-sh--w- c:\documents and settings\PAVEL\PrivacIE
2012-04-08 09:50 . 2012-04-08 09:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-04-08 09:44 . 2012-04-08 09:44 -------- d-sh--w- c:\documents and settings\PAVEL\IETldCache
2012-04-08 09:36 . 2012-04-08 09:36 -------- d--h--w- c:\windows\ie8
2012-04-08 08:36 . 2012-04-08 08:36 0 ----a-w- c:\windows\system32\sho7E.tmp
2012-04-07 09:11 . 2012-04-07 09:11 0 ----a-w- c:\windows\system32\sho4.tmp
2012-04-05 17:56 . 2012-04-05 17:57 0 ----a-w- c:\windows\system32\sho7C.tmp
2012-04-03 13:49 . 2012-04-03 13:49 0 ----a-w- c:\windows\system32\sho7A.tmp
2012-04-03 12:03 . 2012-04-03 12:03 0 ----a-w- c:\windows\system32\sho79.tmp
2012-04-02 15:56 . 2012-04-02 15:56 0 ----a-w- c:\windows\system32\sho78.tmp
2012-03-28 18:48 . 2012-03-28 18:48 0 ----a-w- c:\windows\system32\sho3.tmp
2012-03-26 05:46 . 2012-03-26 05:46 0 ----a-w- c:\windows\system32\sho77.tmp
2012-03-24 09:57 . 2012-03-24 09:57 0 ----a-w- c:\windows\system32\sho76.tmp
2012-03-23 19:39 . 2012-03-23 19:39 0 ----a-w- c:\windows\system32\sho75.tmp
2012-03-23 16:06 . 2012-03-23 16:06 0 ----a-w- c:\windows\system32\sho73.tmp
2012-03-21 17:59 . 2012-03-21 17:59 0 ----a-w- c:\windows\system32\sho72.tmp
2012-03-20 16:51 . 2012-03-20 16:51 0 ----a-w- c:\windows\system32\sho71.tmp
2012-03-20 09:26 . 2012-03-20 09:26 0 ----a-w- c:\windows\system32\sho70.tmp
2012-03-19 18:16 . 2012-03-19 18:16 0 ----a-w- c:\windows\system32\sho6F.tmp
2012-03-17 18:14 . 2012-03-17 18:14 0 ----a-w- c:\windows\system32\shoC.tmp
2012-03-17 10:25 . 2012-03-17 10:25 0 ----a-w- c:\windows\system32\sho6B.tmp
2012-03-14 09:02 . 2012-03-14 09:02 0 ----a-w- c:\windows\system32\sho69.tmp
2012-03-12 15:02 . 2012-03-12 15:02 0 ----a-w- c:\windows\system32\sho68.tmp
2012-03-10 17:12 . 2012-03-10 17:12 0 ----a-w- c:\windows\system32\sho63.tmp
2012-03-10 12:28 . 2012-03-10 12:28 0 ----a-w- c:\windows\system32\shoD.tmp
2012-03-09 21:09 . 2012-03-09 21:09 0 ----a-w- c:\windows\system32\sho62.tmp
2012-03-09 19:52 . 2012-03-09 19:52 0 ----a-w- c:\windows\system32\sho19.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 12:50 . 2011-11-24 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 17:41 . 2012-03-09 17:41 0 ----a-w- c:\windows\system32\sho18.tmp
2012-03-08 20:02 . 2012-03-08 20:02 0 ----a-w- c:\windows\system32\sho60.tmp
2012-03-07 10:19 . 2012-03-07 10:19 0 ----a-w- c:\windows\system32\sho5F.tmp
2012-03-06 19:18 . 2012-03-06 19:17 0 ----a-w- c:\windows\system32\sho5E.tmp
2012-03-06 14:59 . 2012-03-06 14:59 0 ----a-w- c:\windows\system32\sho2.tmp
2012-03-06 13:50 . 2012-03-06 13:50 0 ----a-w- c:\windows\system32\sho61.tmp
2012-03-05 17:03 . 2012-03-05 17:03 0 ----a-w- c:\windows\system32\sho9.tmp
2012-03-05 16:45 . 2012-03-05 16:45 0 ----a-w- c:\windows\system32\sho5D.tmp
2012-03-05 09:25 . 2012-03-05 09:24 0 ----a-w- c:\windows\system32\sho5C.tmp
2012-03-02 16:12 . 2012-03-02 16:12 0 ----a-w- c:\windows\system32\sho17.tmp
2012-02-24 16:08 . 2012-02-24 16:08 0 ----a-w- c:\windows\system32\sho56.tmp
2012-02-23 20:30 . 2012-02-23 20:30 0 ----a-w- c:\windows\system32\sho57.tmp
2012-02-22 18:08 . 2012-02-22 18:08 0 ----a-w- c:\windows\system32\sho55.tmp
2012-02-21 13:36 . 2012-02-21 13:36 0 ----a-w- c:\windows\system32\sho54.tmp
2012-02-19 16:05 . 2012-02-19 16:05 0 ----a-w- c:\windows\system32\sho16.tmp
2012-02-16 12:32 . 2012-02-16 12:32 0 ----a-w- c:\windows\system32\sho4F.tmp
2012-02-13 19:50 . 2012-02-13 19:50 0 ----a-w- c:\windows\system32\sho4E.tmp
2012-02-04 17:24 . 2012-02-04 17:24 0 ----a-w- c:\windows\system32\sho4D.tmp
2012-02-03 18:42 . 2012-02-03 18:42 0 ----a-w- c:\windows\system32\sho15.tmp
2012-02-03 09:22 . 2004-08-10 18:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 03:05 . 2012-02-03 03:05 0 ----a-w- c:\windows\system32\sho4C.tmp
2012-02-01 21:48 . 2012-02-01 21:48 0 ----a-w- c:\windows\system32\sho4A.tmp
2012-02-01 07:51 . 2012-02-01 07:51 0 ----a-w- c:\windows\system32\sho53.tmp
2012-01-29 21:42 . 2012-01-29 21:42 0 ----a-w- c:\windows\system32\sho34.tmp
2012-01-28 19:47 . 2012-01-28 19:47 0 ----a-w- c:\windows\system32\sho32.tmp
2012-01-28 17:32 . 2012-01-28 17:32 0 ----a-w- c:\windows\system32\sho12.tmp
2012-01-26 20:29 . 2012-01-26 20:29 0 ----a-w- c:\windows\system32\sho7.tmp
2012-01-26 16:15 . 2012-01-26 16:15 0 ----a-w- c:\windows\system32\sho31.tmp
2012-01-26 11:05 . 2012-01-26 11:05 0 ----a-w- c:\windows\system32\sho2F.tmp
2012-01-24 13:29 . 2012-01-24 13:29 0 ----a-w- c:\windows\system32\sho33.tmp
2012-01-23 08:20 . 2012-01-23 08:20 0 ----a-w- c:\windows\system32\sho43.tmp
2012-01-20 07:01 . 2012-01-20 07:01 0 ----a-w- c:\windows\system32\sho42.tmp
2012-01-19 19:06 . 2012-01-19 19:06 0 ----a-w- c:\windows\system32\sho89.tmp
2012-01-12 18:07 . 2012-01-12 18:07 0 ----a-w- c:\windows\system32\sho41.tmp
2012-01-11 19:34 . 2012-01-11 19:34 0 ----a-w- c:\windows\system32\shoC1.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_16.32.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 18:17 . 2012-04-08 18:17 16384 c:\windows\Temp\Perflib_Perfdata_d80.dat
+ 2012-04-08 18:42 . 2012-04-08 18:42 16384 c:\windows\Temp\Perflib_Perfdata_d64.dat
+ 2012-04-08 18:41 . 2012-04-08 18:41 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\onenote.exe"=
"c:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKsl78d49ebe;MpKsl78d49ebe;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\MpKsl78d49ebe.sys [8.4.2012 20:17 29904]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [10.8.2004 20:00 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4.1.2012 14:22 821664]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2.12.2009 22:23 581480]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2.12.2009 22:23 209640]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2.12.2009 22:23 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2.12.2009 22:23 18280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Trusted Zone: seznam.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 20:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\bgsvcgen.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 20:46:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 18:46
ComboFix2.txt 2012-04-08 16:35
ComboFix3.txt 2012-04-08 09:09
.
Před spuštěním: 13 516 570 624 bytes free
Po spuštění: Volných bajtů: 13 474 955 264
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AABF1F77CA9F1C47BCF552986A7FF3FD
jeste jeden poznatek, pri zalozeni noveho uzivatelskeho uctu v PC je po prihlaseni pres tento ucet vse v poradku, funguji jak webove stranky, tak nastaveni plochy a programu windows (napr. Media Player, ktery v tom puvodnim uzivatelskem uctu je take graficky rozhozen) Napada me, ze nejjednodussi bude puvodni uzivatelsky ucet zrusit a prihlasovat se pres novy
ComboFix 12-04-07.03 - PAVEL 08.04.2012 20:31:46.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.151 [GMT 2:00]
Spuštěný z: c:\documents and settings\PAVEL\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PAVEL\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\program files\Seznam.cz\listicka.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\GoogleToolbarNotifier\swg-3.1.807.1746\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
c:\program files\Seznam.cz\toolbar
c:\program files\Seznam.cz\toolbar\toolbar.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 18:17 . 2012-04-08 18:17 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\MpKsl78d49ebe.sys
2012-04-08 18:03 . 2012-04-08 18:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\offreg.dll
2012-04-08 18:03 . 2012-04-08 18:03 -------- d-----w- c:\documents and settings\admin
2012-04-08 16:37 . 2012-03-13 17:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\mpengine.dll
2012-04-08 15:38 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- c:\program files\trend micro
2012-04-08 15:37 . 2012-04-08 15:37 -------- d-----w- C:\rsit
2012-04-08 15:36 . 2012-04-08 15:36 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-08 13:58 . 2012-04-08 13:58 -------- d-----w- c:\program files\ESET
2012-04-08 13:39 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-08 13:39 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-04-08 13:39 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-08 13:27 . 2012-04-08 13:27 -------- d-sh--w- c:\documents and settings\PAVEL\IECompatCache
2012-04-08 13:24 . 2012-04-08 13:24 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-08 13:18 . 2012-04-08 13:18 -------- d-----w- C:\ATI
2012-04-08 12:10 . 2012-04-08 12:10 0 ----a-w- c:\windows\system32\sho15C.tmp
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-08 11:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-04-08 11:38 . 2012-04-08 11:38 -------- d-----w- c:\program files\RegCleaner
2012-04-08 10:08 . 2012-04-08 10:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-08 09:51 . 2012-04-08 09:51 -------- d-sh--w- c:\documents and settings\PAVEL\PrivacIE
2012-04-08 09:50 . 2012-04-08 09:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-04-08 09:44 . 2012-04-08 09:44 -------- d-sh--w- c:\documents and settings\PAVEL\IETldCache
2012-04-08 09:36 . 2012-04-08 09:36 -------- d--h--w- c:\windows\ie8
2012-04-08 08:36 . 2012-04-08 08:36 0 ----a-w- c:\windows\system32\sho7E.tmp
2012-04-07 09:11 . 2012-04-07 09:11 0 ----a-w- c:\windows\system32\sho4.tmp
2012-04-05 17:56 . 2012-04-05 17:57 0 ----a-w- c:\windows\system32\sho7C.tmp
2012-04-03 13:49 . 2012-04-03 13:49 0 ----a-w- c:\windows\system32\sho7A.tmp
2012-04-03 12:03 . 2012-04-03 12:03 0 ----a-w- c:\windows\system32\sho79.tmp
2012-04-02 15:56 . 2012-04-02 15:56 0 ----a-w- c:\windows\system32\sho78.tmp
2012-03-28 18:48 . 2012-03-28 18:48 0 ----a-w- c:\windows\system32\sho3.tmp
2012-03-26 05:46 . 2012-03-26 05:46 0 ----a-w- c:\windows\system32\sho77.tmp
2012-03-24 09:57 . 2012-03-24 09:57 0 ----a-w- c:\windows\system32\sho76.tmp
2012-03-23 19:39 . 2012-03-23 19:39 0 ----a-w- c:\windows\system32\sho75.tmp
2012-03-23 16:06 . 2012-03-23 16:06 0 ----a-w- c:\windows\system32\sho73.tmp
2012-03-21 17:59 . 2012-03-21 17:59 0 ----a-w- c:\windows\system32\sho72.tmp
2012-03-20 16:51 . 2012-03-20 16:51 0 ----a-w- c:\windows\system32\sho71.tmp
2012-03-20 09:26 . 2012-03-20 09:26 0 ----a-w- c:\windows\system32\sho70.tmp
2012-03-19 18:16 . 2012-03-19 18:16 0 ----a-w- c:\windows\system32\sho6F.tmp
2012-03-17 18:14 . 2012-03-17 18:14 0 ----a-w- c:\windows\system32\shoC.tmp
2012-03-17 10:25 . 2012-03-17 10:25 0 ----a-w- c:\windows\system32\sho6B.tmp
2012-03-14 09:02 . 2012-03-14 09:02 0 ----a-w- c:\windows\system32\sho69.tmp
2012-03-12 15:02 . 2012-03-12 15:02 0 ----a-w- c:\windows\system32\sho68.tmp
2012-03-10 17:12 . 2012-03-10 17:12 0 ----a-w- c:\windows\system32\sho63.tmp
2012-03-10 12:28 . 2012-03-10 12:28 0 ----a-w- c:\windows\system32\shoD.tmp
2012-03-09 21:09 . 2012-03-09 21:09 0 ----a-w- c:\windows\system32\sho62.tmp
2012-03-09 19:52 . 2012-03-09 19:52 0 ----a-w- c:\windows\system32\sho19.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 12:50 . 2011-11-24 17:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 17:41 . 2012-03-09 17:41 0 ----a-w- c:\windows\system32\sho18.tmp
2012-03-08 20:02 . 2012-03-08 20:02 0 ----a-w- c:\windows\system32\sho60.tmp
2012-03-07 10:19 . 2012-03-07 10:19 0 ----a-w- c:\windows\system32\sho5F.tmp
2012-03-06 19:18 . 2012-03-06 19:17 0 ----a-w- c:\windows\system32\sho5E.tmp
2012-03-06 14:59 . 2012-03-06 14:59 0 ----a-w- c:\windows\system32\sho2.tmp
2012-03-06 13:50 . 2012-03-06 13:50 0 ----a-w- c:\windows\system32\sho61.tmp
2012-03-05 17:03 . 2012-03-05 17:03 0 ----a-w- c:\windows\system32\sho9.tmp
2012-03-05 16:45 . 2012-03-05 16:45 0 ----a-w- c:\windows\system32\sho5D.tmp
2012-03-05 09:25 . 2012-03-05 09:24 0 ----a-w- c:\windows\system32\sho5C.tmp
2012-03-02 16:12 . 2012-03-02 16:12 0 ----a-w- c:\windows\system32\sho17.tmp
2012-02-24 16:08 . 2012-02-24 16:08 0 ----a-w- c:\windows\system32\sho56.tmp
2012-02-23 20:30 . 2012-02-23 20:30 0 ----a-w- c:\windows\system32\sho57.tmp
2012-02-22 18:08 . 2012-02-22 18:08 0 ----a-w- c:\windows\system32\sho55.tmp
2012-02-21 13:36 . 2012-02-21 13:36 0 ----a-w- c:\windows\system32\sho54.tmp
2012-02-19 16:05 . 2012-02-19 16:05 0 ----a-w- c:\windows\system32\sho16.tmp
2012-02-16 12:32 . 2012-02-16 12:32 0 ----a-w- c:\windows\system32\sho4F.tmp
2012-02-13 19:50 . 2012-02-13 19:50 0 ----a-w- c:\windows\system32\sho4E.tmp
2012-02-04 17:24 . 2012-02-04 17:24 0 ----a-w- c:\windows\system32\sho4D.tmp
2012-02-03 18:42 . 2012-02-03 18:42 0 ----a-w- c:\windows\system32\sho15.tmp
2012-02-03 09:22 . 2004-08-10 18:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 03:05 . 2012-02-03 03:05 0 ----a-w- c:\windows\system32\sho4C.tmp
2012-02-01 21:48 . 2012-02-01 21:48 0 ----a-w- c:\windows\system32\sho4A.tmp
2012-02-01 07:51 . 2012-02-01 07:51 0 ----a-w- c:\windows\system32\sho53.tmp
2012-01-29 21:42 . 2012-01-29 21:42 0 ----a-w- c:\windows\system32\sho34.tmp
2012-01-28 19:47 . 2012-01-28 19:47 0 ----a-w- c:\windows\system32\sho32.tmp
2012-01-28 17:32 . 2012-01-28 17:32 0 ----a-w- c:\windows\system32\sho12.tmp
2012-01-26 20:29 . 2012-01-26 20:29 0 ----a-w- c:\windows\system32\sho7.tmp
2012-01-26 16:15 . 2012-01-26 16:15 0 ----a-w- c:\windows\system32\sho31.tmp
2012-01-26 11:05 . 2012-01-26 11:05 0 ----a-w- c:\windows\system32\sho2F.tmp
2012-01-24 13:29 . 2012-01-24 13:29 0 ----a-w- c:\windows\system32\sho33.tmp
2012-01-23 08:20 . 2012-01-23 08:20 0 ----a-w- c:\windows\system32\sho43.tmp
2012-01-20 07:01 . 2012-01-20 07:01 0 ----a-w- c:\windows\system32\sho42.tmp
2012-01-19 19:06 . 2012-01-19 19:06 0 ----a-w- c:\windows\system32\sho89.tmp
2012-01-12 18:07 . 2012-01-12 18:07 0 ----a-w- c:\windows\system32\sho41.tmp
2012-01-11 19:34 . 2012-01-11 19:34 0 ----a-w- c:\windows\system32\shoC1.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_16.32.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 18:17 . 2012-04-08 18:17 16384 c:\windows\Temp\Perflib_Perfdata_d80.dat
+ 2012-04-08 18:42 . 2012-04-08 18:42 16384 c:\windows\Temp\Perflib_Perfdata_d64.dat
+ 2012-04-08 18:41 . 2012-04-08 18:41 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\onenote.exe"=
"c:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKsl78d49ebe;MpKsl78d49ebe;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28DD4884-860A-4D70-A0E2-4FB4B1F0C3DC}\MpKsl78d49ebe.sys [8.4.2012 20:17 29904]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [10.8.2004 20:00 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4.1.2012 14:22 821664]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 21:48 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2.12.2009 22:23 581480]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2.12.2009 22:23 209640]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2.12.2009 22:23 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2.12.2009 22:23 18280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:47]
.
2012-04-08 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2012-04-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Eurotran XP\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Eurotran XP\etnxp.dll
Trusted Zone: seznam.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\PAVEL\Application Data\Mozilla\Firefox\Profiles\z130dc79.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 20:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\bgsvcgen.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 20:46:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 18:46
ComboFix2.txt 2012-04-08 16:35
ComboFix3.txt 2012-04-08 09:09
.
Před spuštěním: 13 516 570 624 bytes free
Po spuštění: Volných bajtů: 13 474 955 264
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - AABF1F77CA9F1C47BCF552986A7FF3FD
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: rozhozene zobrazovani webovych stranek
Log již vypadá čistý. Samozřejmě, pokud jsou v daném profilu poškozeny např. registry, jiný profil (účet) bude fungovat normálně. Pokud tomu tak je, klidně používejteý nový účet a z původního zkopírujte jen data (fotky, hudbu, videa, apod.).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: rozhozene zobrazovani webovych stranek
diky za pomoc. zalozen novy ucet, data presunuta a stary ucet odstranen, vse jiz funguje.
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: rozhozene zobrazovani webovych stranek
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?