Kontrola CF
Napsal: 17 dub 2012 01:47
Dobrý večer už docela dlouhou dobu mám velký problém se svím pc,zpomalený,zasekaný,nejde zvuk a všechny ty nepříjemnosti kolem toho.Programy jako CCleaner,Systeme advanced care a další pič***samozřejmě nepomáhají,takže zbývá klasika RESTART už nevím co s tím napadá mě jedině přeinstal,ale chci se předem poradit..CPU stále okolo 20% někdy i méně.Zkoušel jsem Combo Fix,ale připadá mě že se nic nezměnilo.Najde se tu prosím někdo kdo by mě poradil co s tím mám dělat,předem děkuji za RADU A ODPOVĚD-Zde je Log--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------->>>ComboFix 12-04-16.02 - Owner 17.04.2012 1:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.268 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL
c:\program files\MorpheusBar\bar\1.bin\NPMORPBR.DLL
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.3.0.840\Data\eacore.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.3.0.840\unins000.dat
c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\Install.exe
c:\windows\system32\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 23:05 . 2012-04-16 23:05 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-04-15 20:15 . 2012-04-15 21:20 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.....ZZ..Z
2012-04-15 19:35 . 2012-04-15 20:14 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z....ZZZZ..ZZ.ZZ
2012-04-15 19:00 . 2012-04-15 19:35 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.ZZZZ......ZZ
2012-04-15 18:38 . 2012-04-15 19:00 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.Z.....ZZZZ..Z
2012-04-09 19:22 . 2012-04-14 13:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 19:42 . 2012-04-07 19:43 -------- d-----w- C:\6f997e1f41da20ee1f3d5544a21ee556
2012-04-01 10:18 . 2012-04-01 10:18 -------- d-----w- c:\documents and settings\Owner\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 13:34 . 2011-10-05 19:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-13 17:02 . 2012-03-13 17:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-13 17:02 . 2010-06-27 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-07 00:15 . 2011-10-30 14:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-10-30 14:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-10-30 14:15 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-10-30 14:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-10-30 14:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-10-30 14:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-10-30 14:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-10-30 14:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-10-30 14:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-10-30 14:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-03-26 11:03 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-09 13:13 . 2012-03-13 20:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2012-03-13 20:53 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-03 09:57 . 2009-03-26 11:03 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 07:39 . 2012-01-11 11:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-11-08 01:45 2376792 ----a-w- c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBro2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2011-05-09 09:49 176936 ----a-w- c:\program files\NCH\prxtbNC0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2011-05-09 09:49 176936 ----a-w- c:\program files\free-downloads.net\prxtbfre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-02 198160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SoundMAXPnP"="c:\program files\analog devices\soundmax\smax4pnp.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-03-24 18:24 137536 ----atw- c:\documents and settings\Owner\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 05:27 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesk]
2011-02-24 06:17 6089576 ----a-w- c:\program files\TweakNow PowerPack 2011\VirDesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [27.4.2007 10:56 52480]
R0 pe3apasb;Made Man Environment Driver (pe3apasb);c:\windows\system32\drivers\pe3apasb.sys [13.11.2007 14:25 65136]
R0 ps7apasb;Made Man Synchronization Driver (ps7apasb);c:\windows\system32\drivers\ps7apasb.sys [13.11.2007 14:24 68728]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [27.4.2007 10:56 45056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.10.2011 16:15 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.10.2011 16:15 337880]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [22.3.2012 22:31 497496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.10.2011 16:15 20696]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [13.3.2012 21:17 820568]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [18.12.2011 1:38 140848]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 16:54 232512]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.10.2007 14:08 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [1.2.2012 14:24 10064]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [27.4.2007 10:56 28672]
S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb);c:\windows\system32\pr2apasb.exe svc --> c:\windows\system32\pr2apasb.exe svc [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 15:13 1529152]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9.4.2012 21:22 253088]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [19.3.2010 19:06 100992]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [13.3.2012 21:17 239600]
S3 gtermddo;gtermddo; [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [13.3.2012 21:17 30368]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [13.3.2012 21:17 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:34]
.
2012-04-16 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-03-22 09:58]
.
2012-04-16 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-03-22 17:19]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{120CFF7D-641A-4868-9954-13E6FCED0684}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{52D0369D-0EC1-425D-ABC0-9C10E334C4C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-04-16 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_DREZI-5D963DE92_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
2012-04-16 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ÚPŮÚŮ_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uStart Page = hxxp://isearch.avg.com/?cid={9C307AF4-20C5-415A-B88C-D40FF99EF1E6}&mid=5e5d7862a35447d09a7cd153d4b09364-a294c56481036312c00500de39bbdb869d95a9cf&lang=en&ds=tt014&pr=sa&d=2012-03-13 21:49&v=8.0.0.34&sap=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page =
mStart Page = hxxp://www.taazu.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download with &Shareaza - c:\program files\BearShare MP3\Plugins\RazaWebHook.dll/3000
IE: {{3015DB92-158E-4b77-9020-85C8E311FBB5}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 188.122.222.222 188.122.222.223
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\1o8lc42f.default\
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 01:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-412668190-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,e6,f0,38,7b,39,fb,d3,78,61,0c,9d,52,2d,d4,db,6a,59,70,9f,9b,
31,c0,39,39,e1,54,5a,45,1e,f1,b4,51,c4,8f,c5,bf,00,f4,36,b2,00,73,d6,10,09,\
"rkeysecu"=hex:1c,76,53,ec,c3,cc,b5,db,fa,59,b9,15,be,f8,5a,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2012-04-17 01:54:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 23:54
.
Před spuštěním: Volných bajtů: 39 111 655 424
Po spuštění: Volných bajtů: 42 860 412 928
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Instalace systému Windows"
.
- - End Of File - - FF25EBDE00175321B7CBBD120402003A
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.268 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL
c:\program files\MorpheusBar\bar\1.bin\NPMORPBR.DLL
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.3.0.840\Data\eacore.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.3.0.840\unins000.dat
c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\Install.exe
c:\windows\system32\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 23:05 . 2012-04-16 23:05 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-04-15 20:15 . 2012-04-15 21:20 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.....ZZ..Z
2012-04-15 19:35 . 2012-04-15 20:14 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z....ZZZZ..ZZ.ZZ
2012-04-15 19:00 . 2012-04-15 19:35 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ.ZZZZ......ZZ
2012-04-15 18:38 . 2012-04-15 19:00 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.Z.....ZZZZ..Z
2012-04-09 19:22 . 2012-04-14 13:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 19:42 . 2012-04-07 19:43 -------- d-----w- C:\6f997e1f41da20ee1f3d5544a21ee556
2012-04-01 10:18 . 2012-04-01 10:18 -------- d-----w- c:\documents and settings\Owner\AppData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 13:34 . 2011-10-05 19:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-13 17:02 . 2012-03-13 17:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-13 17:02 . 2010-06-27 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-07 00:15 . 2011-10-30 14:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-10-30 14:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-10-30 14:15 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-10-30 14:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-10-30 14:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-10-30 14:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-10-30 14:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-10-30 14:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-10-30 14:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-10-30 14:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-03-26 11:03 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-09 13:13 . 2012-03-13 20:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 13:13 . 2012-03-13 20:53 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-03 09:57 . 2009-03-26 11:03 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 07:39 . 2012-01-11 11:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-11-08 01:45 2376792 ----a-w- c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBro2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2011-05-09 09:49 176936 ----a-w- c:\program files\NCH\prxtbNC0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2011-05-09 09:49 176936 ----a-w- c:\program files\free-downloads.net\prxtbfre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"= "c:\program files\NCH\prxtbNC0.dll" [2011-05-09 176936]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro2.dll" [2011-05-09 176936]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\prxtbfre0.dll" [2011-05-09 176936]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-11-08 2376792]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-02 198160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SoundMAXPnP"="c:\program files\analog devices\soundmax\smax4pnp.exe" [2004-10-14 1388544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-03-24 18:24 137536 ----atw- c:\documents and settings\Owner\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-08-06 05:27 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesk]
2011-02-24 06:17 6089576 ----a-w- c:\program files\TweakNow PowerPack 2011\VirDesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [27.4.2007 10:56 52480]
R0 pe3apasb;Made Man Environment Driver (pe3apasb);c:\windows\system32\drivers\pe3apasb.sys [13.11.2007 14:25 65136]
R0 ps7apasb;Made Man Synchronization Driver (ps7apasb);c:\windows\system32\drivers\ps7apasb.sys [13.11.2007 14:24 68728]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [27.4.2007 10:56 45056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.10.2011 16:15 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.10.2011 16:15 337880]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [22.3.2012 22:31 497496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.10.2011 16:15 20696]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [13.3.2012 21:17 820568]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [18.12.2011 1:38 140848]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [17.10.2011 16:54 232512]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.10.2007 14:08 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [1.2.2012 14:24 10064]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [27.4.2007 10:56 28672]
S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb);c:\windows\system32\pr2apasb.exe svc --> c:\windows\system32\pr2apasb.exe svc [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [9.2.2012 15:13 1529152]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9.4.2012 21:22 253088]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [19.3.2010 19:06 100992]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [13.3.2012 21:17 239600]
S3 gtermddo;gtermddo; [x]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [13.3.2012 21:17 30368]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [13.3.2012 21:17 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:34]
.
2012-04-16 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-03-22 09:58]
.
2012-04-16 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-03-22 17:19]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{120CFF7D-641A-4868-9954-13E6FCED0684}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{52D0369D-0EC1-425D-ABC0-9C10E334C4C7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-04-16 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_DREZI-5D963DE92_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
2012-04-16 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ÚPŮÚŮ_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uStart Page = hxxp://isearch.avg.com/?cid={9C307AF4-20C5-415A-B88C-D40FF99EF1E6}&mid=5e5d7862a35447d09a7cd153d4b09364-a294c56481036312c00500de39bbdb869d95a9cf&lang=en&ds=tt014&pr=sa&d=2012-03-13 21:49&v=8.0.0.34&sap=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page =
mStart Page = hxxp://www.taazu.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download with &Shareaza - c:\program files\BearShare MP3\Plugins\RazaWebHook.dll/3000
IE: {{3015DB92-158E-4b77-9020-85C8E311FBB5}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 188.122.222.222 188.122.222.223
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\1o8lc42f.default\
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 01:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-412668190-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,e6,f0,38,7b,39,fb,d3,78,61,0c,9d,52,2d,d4,db,6a,59,70,9f,9b,
31,c0,39,39,e1,54,5a,45,1e,f1,b4,51,c4,8f,c5,bf,00,f4,36,b2,00,73,d6,10,09,\
"rkeysecu"=hex:1c,76,53,ec,c3,cc,b5,db,fa,59,b9,15,be,f8,5a,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2012-04-17 01:54:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 23:54
.
Před spuštěním: Volných bajtů: 39 111 655 424
Po spuštění: Volných bajtů: 42 860 412 928
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Instalace systému Windows"
.
- - End Of File - - FF25EBDE00175321B7CBBD120402003A
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené