Win XP - m. smrt

[sendy80]

dobrý den,
zrovna testuji z memtestem, po prvním testu bez chyby, ale jedu dál, aspon 5 krát .
při poslední BSOD bylo na obrazovce napsáno Technické inf.: stop: 0×0000008E (0×C0000005, 0×BF800C4F, 0×B8F749F0, 0×00000000)
win32k.sys - Address BF800C4F base at BF 800000, DateStamp 4f85831a tak jestli Vám to pomůže? ještě něco takového, že jestli je v koncové zprávě určen ovladač, tak ho zakažte, zkuste změnit vydeoadaptéry, zakažte pamětové možnosti sys. BYOS, například použití mezipaměti nebo stínování, vyžádejte si poslední verzi sys. BYOS atd. atd., jenže to je pro mne španělská vesnice

test podruhé - Pass complete, no errors - pokračuji dál........

[JaRon]

pokial memtest nenasiel chyby pri niekolkych opakovaniach pristup k odinstalovaniu uvedeneho SW

[sendy80]

ahoj,
tak memtest nenašel žádnou chybu , co jsem našla od AVG, tak jsem odinstalovala, zase jedna BSOD, na obrazovce napsáno - potíže pravděpodobně způsobil soubor : win32k.sys, zahajování výpisu fyzické paměti ram, výpis dokončen, PAGE_FAULT_IN_NONPAGET_AREA

[JaRon]

ahoj
zopakuj ComboFix - log vloz - uvidime co sa podarilo odinstalovat

[sendy80]

dobrý den,
zde je ten log:


ComboFix 12-05-25.02 - -- 28.05.2012 11:53:05.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.947 [GMT 2:00]
Spuštěný z: c:\documents and settings\--\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET11.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET74.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 09:02 . 2012-05-28 09:02 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-05-28 09:02 . 2012-05-28 09:02 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-05-28 09:02 . 2012-05-28 09:02 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-05-28 09:02 . 2012-05-28 09:02 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-05-28 09:02 . 2012-05-28 09:02 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-05-28 09:02 . 2012-05-28 09:02 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-05-28 09:02 . 2012-05-28 09:02 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-05-28 09:02 . 2012-05-28 09:02 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-05-28 09:02 . 2012-05-28 09:02 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-05-28 09:02 . 2012-05-28 09:02 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-05-28 09:02 . 2012-05-28 09:02 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-05-28 09:02 . 2012-05-28 09:02 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-05-28 09:01 . 2012-05-28 09:01 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-05-28 09:01 . 2012-05-28 09:01 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-05-28 09:01 . 2012-05-28 09:01 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-05-28 09:01 . 2012-05-28 09:01 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-05-28 09:01 . 2012-05-28 09:01 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-05-27 21:03 . 2012-05-27 21:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-23 16:23 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\--\Data aplikací\PC Cleaners
2012-05-23 16:23 . 2012-05-23 16:24 -------- d-----w- c:\documents and settings\--\Data aplikací\PCPro
2012-05-23 16:23 . 2012-05-23 16:22 4101392 ----a-w- c:\windows\uninst.exe
2012-05-23 16:23 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC1Data
2012-05-17 21:36 . 2012-05-21 13:04 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-05-16 15:42 . 2012-05-16 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-16 15:42 . 2012-05-16 15:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 12:33 . 2012-05-15 12:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AltrixSoft
2012-05-15 12:31 . 2012-05-27 21:23 -------- d-----w- c:\program files\Common Files\AltrixSoft
2012-05-13 16:30 . 2012-05-14 13:14 -------- d-----w- c:\windows\LastGood(2)
2012-05-13 15:44 . 2012-05-13 15:44 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UICORE.JS
2012-05-13 15:44 . 2012-05-13 15:44 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\USERTILE.JS
2012-05-13 15:44 . 2012-05-13 15:44 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UIRESOURCE.JS
2012-05-13 15:44 . 2012-05-13 15:44 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXTBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TILEBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXT.JS
2012-05-13 15:44 . 2012-05-13 15:44 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\SAVEDUSER.JS
2012-05-13 15:44 . 2012-05-13 15:44 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\QUERYSTRING.JS
2012-05-13 15:44 . 2012-05-13 15:44 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\NEWUSERCOMM.JS
2012-05-13 15:44 . 2012-05-13 15:44 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LOCALIZATION.JS
2012-05-13 15:44 . 2012-05-13 15:44 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\IMAGE.JS
2012-05-13 15:44 . 2012-05-13 15:44 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LINK.JS
2012-05-13 15:43 . 2012-05-13 15:43 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2012-05-09 12:54 . 2012-05-09 12:54 -------- d-----w- c:\program files\Common Files\Skype
2012-05-09 12:50 . 2012-05-28 09:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-05-05 16:21 . 2012-05-05 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2012-05-04 14:56 . 2012-05-04 14:56 -------- d-----w- c:\program files\1ClickDownload
2012-05-04 14:02 . 2012-05-04 14:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Premium
2012-05-04 14:01 . 2012-05-04 14:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bcool
2012-05-04 13:57 . 2012-05-05 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2012-05-01 10:54 . 2012-05-01 10:54 -------- d-----w- c:\program files\Speccy
2012-04-28 12:03 . 2012-04-28 12:03 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 15:42 . 2010-05-10 09:29 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 15:06 . 2012-04-22 15:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 15:06 . 2011-05-19 11:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-17 13:44 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-17 13:45 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 13:53 . 2012-04-05 12:55 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-09 13:51 . 2010-03-17 12:26 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-07 00:15 . 2011-03-10 14:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-01-09 15:38 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-10 14:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2010-01-09 15:38 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2010-01-09 15:38 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2010-01-09 15:38 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-01-09 15:38 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2010-01-09 15:38 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2010-01-09 15:38 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2010-01-09 15:38 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-06 16:29 . 2012-03-06 15:49 87608 ----a-w- c:\documents and settings\--\Data aplikací\inst.exe
2012-03-06 16:29 . 2012-03-06 15:49 47360 ----a-w- c:\documents and settings\--\Data aplikací\pcouffin.sys
2012-03-01 10:59 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-17 13:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-17 13:49 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ------w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-05-08 9533848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Povolit program Bezdrátová klávesnice a myš Labtec.lnk - c:\program files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe [2009-10-31 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2012-05-08 12:08 9533848 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 15:24 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" /hide
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sudden Strike II\\game\\code\\Release\\game_exe.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"17469:TCP"= 17469:TCP:BitComet 17469 TCP
"17469:UDP"= 17469:UDP:BitComet 17469 UDP
"19744:TCP"= 19744:TCP:BitComet 19744 TCP
"19744:UDP"= 19744:UDP:BitComet 19744 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys [x]
R0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-02-10 14336]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service; [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-04-06 11232]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 kbfilter;Keyboard Filter Driver; [x]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-17 249616]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-11-25 160448]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-11-24 89192]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-11-25 124992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-03-04 19:06]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{51CFA3EA-DC95-4795-8228-1D9C1ADB4157}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{F657FCBC-15DD-4DF9-B8EA-107EC8644767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10004
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{25F1BE69-A1FD-42F9-8646-A9B06370D4E2}: NameServer = 62.129.50.20,62.129.32.100
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 12:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-651377827-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1820)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-05-28 12:18:11
ComboFix-quarantined-files.txt 2012-05-28 10:18
ComboFix2.txt 2012-05-25 09:03
.
Před spuštěním: Volných bajtů: 10 982 371 328
Po spuštění: Volných bajtů: 10 974 777 344
.
- - End Of File - - 580D687447F5B694B80A95254D85C4DE

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Folder::
c:\documents and settings\--\Data aplikací\PC Cleaners
c:\documents and settings\--\Data aplikací\PCPro
c:\program files\GridinSoft Trojan Killer
c:\program files\facemoods.com\facemoods

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[sendy80]

tady je:


ComboFix 12-05-25.02 - -- 28.05.2012 14:42:36.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.724 [GMT 2:00]
Spuštěný z: c:\documents and settings\--\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\--\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 09:02 . 2012-05-28 09:02 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-05-28 09:02 . 2012-05-28 09:02 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-05-28 09:02 . 2012-05-28 09:02 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-05-28 09:02 . 2012-05-28 09:02 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-05-28 09:02 . 2012-05-28 09:02 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-05-28 09:02 . 2012-05-28 09:02 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-05-28 09:02 . 2012-05-28 09:02 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-05-28 09:02 . 2012-05-28 09:02 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-05-28 09:02 . 2012-05-28 09:02 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-05-28 09:02 . 2012-05-28 09:02 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-05-28 09:02 . 2012-05-28 09:02 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-05-28 09:02 . 2012-05-28 09:02 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-05-28 09:01 . 2012-05-28 09:01 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-05-28 09:01 . 2012-05-28 09:01 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-05-28 09:01 . 2012-05-28 09:01 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-05-28 09:01 . 2012-05-28 09:01 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-05-28 09:01 . 2012-05-28 09:01 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-05-27 21:03 . 2012-05-27 21:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-23 16:23 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC1Data
2012-05-16 15:42 . 2012-05-16 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-16 15:42 . 2012-05-16 15:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 12:33 . 2012-05-15 12:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AltrixSoft
2012-05-15 12:31 . 2012-05-27 21:23 -------- d-----w- c:\program files\Common Files\AltrixSoft
2012-05-13 16:30 . 2012-05-14 13:14 -------- d-----w- c:\windows\LastGood(2)
2012-05-13 15:44 . 2012-05-13 15:44 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UICORE.JS
2012-05-13 15:44 . 2012-05-13 15:44 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\USERTILE.JS
2012-05-13 15:44 . 2012-05-13 15:44 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UIRESOURCE.JS
2012-05-13 15:44 . 2012-05-13 15:44 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXTBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TILEBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXT.JS
2012-05-13 15:44 . 2012-05-13 15:44 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\SAVEDUSER.JS
2012-05-13 15:44 . 2012-05-13 15:44 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\QUERYSTRING.JS
2012-05-13 15:44 . 2012-05-13 15:44 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\NEWUSERCOMM.JS
2012-05-13 15:44 . 2012-05-13 15:44 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LOCALIZATION.JS
2012-05-13 15:44 . 2012-05-13 15:44 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\IMAGE.JS
2012-05-13 15:44 . 2012-05-13 15:44 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LINK.JS
2012-05-13 15:43 . 2012-05-13 15:43 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2012-05-09 12:54 . 2012-05-09 12:54 -------- d-----w- c:\program files\Common Files\Skype
2012-05-09 12:50 . 2012-05-28 09:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-05-05 16:21 . 2012-05-05 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2012-05-04 14:56 . 2012-05-04 14:56 -------- d-----w- c:\program files\1ClickDownload
2012-05-04 14:02 . 2012-05-04 14:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Premium
2012-05-04 14:01 . 2012-05-04 14:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bcool
2012-05-04 13:57 . 2012-05-05 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2012-05-01 10:54 . 2012-05-01 10:54 -------- d-----w- c:\program files\Speccy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 15:42 . 2010-05-10 09:29 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 15:06 . 2012-04-22 15:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 15:06 . 2011-05-19 11:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-17 13:44 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-17 13:45 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 13:53 . 2012-04-05 12:55 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-09 13:51 . 2010-03-17 12:26 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-07 00:15 . 2011-03-10 14:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-01-09 15:38 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-10 14:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2010-01-09 15:38 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2010-01-09 15:38 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2010-01-09 15:38 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-01-09 15:38 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2010-01-09 15:38 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2010-01-09 15:38 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2010-01-09 15:38 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-06 16:29 . 2012-03-06 15:49 87608 ----a-w- c:\documents and settings\--\Data aplikací\inst.exe
2012-03-06 16:29 . 2012-03-06 15:49 47360 ----a-w- c:\documents and settings\--\Data aplikací\pcouffin.sys
2012-03-01 10:59 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-17 13:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-17 13:49 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ------w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-05-08 9533848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Povolit program Bezdrátová klávesnice a myš Labtec.lnk - c:\program files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe [2009-10-31 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2012-05-08 12:08 9533848 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 15:24 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" /hide
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sudden Strike II\\game\\code\\Release\\game_exe.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"17469:TCP"= 17469:TCP:BitComet 17469 TCP
"17469:UDP"= 17469:UDP:BitComet 17469 UDP
"19744:TCP"= 19744:TCP:BitComet 19744 TCP
"19744:UDP"= 19744:UDP:BitComet 19744 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.3.2010 19:14 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.3.2011 16:43 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.1.2010 17:38 337880]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [31.10.2009 13:21 11776]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27.1.2011 12:38 249616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.1.2010 17:38 20696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27.1.2011 12:38 160448]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [27.1.2011 12:38 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [27.1.2011 12:38 57536]
S0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys --> c:\windows\system32\DRIVERS\a347bus.sys [?]
S0 a347scsi;a347scsi;c:\windows\system32\Drivers\a347scsi.sys --> c:\windows\system32\Drivers\a347scsi.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2010 20:07 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.4.2012 11:20 3063968]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:16 158856]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.2.2007 4:04 14336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2010 20:07 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; [x]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17.8.2004 15:49 14336]
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [27.1.2011 12:38 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27.1.2011 12:38 124992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [5.4.2012 14:55 11232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 15:49 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-03-04 19:06]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{51CFA3EA-DC95-4795-8228-1D9C1ADB4157}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{F657FCBC-15DD-4DF9-B8EA-107EC8644767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10004
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{25F1BE69-A1FD-42F9-8646-A9B06370D4E2}: NameServer = 62.129.50.20,62.129.32.100
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 14:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-651377827-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1820)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(19184)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-05-28 15:04:26
ComboFix-quarantined-files.txt 2012-05-28 13:04
ComboFix2.txt 2012-05-28 10:18
ComboFix3.txt 2012-05-25 09:03
.
Před spuštěním: Volných bajtů: 11 082 203 136
Po spuštění: Volných bajtů: 11 064 594 432
.
- - End Of File - - FCB2A0E04707A77D544296D319F4FD64

[JaRon]

no zial akciu musis zopakovat ,,,
script si ulozila ako c:\documents and settings\--\Plocha\CFScript.txt.txt
musi byt CFScript.txt

[sendy80]

ahoj,
to jsem, ale trdlo tak snad je to už správně.....

ComboFix 12-05-28.05 - -- 28.05.2012 21:35:16.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.990 [GMT 2:00]
Spuštěný z: c:\documents and settings\--\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\--\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-27 21:03 . 2012-05-27 21:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-23 16:23 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC1Data
2012-05-16 15:42 . 2012-05-16 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-16 15:42 . 2012-05-16 15:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 12:33 . 2012-05-15 12:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AltrixSoft
2012-05-15 12:31 . 2012-05-27 21:23 -------- d-----w- c:\program files\Common Files\AltrixSoft
2012-05-13 16:30 . 2012-05-14 13:14 -------- d-----w- c:\windows\LastGood(2)
2012-05-13 15:44 . 2012-05-13 15:44 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UICORE.JS
2012-05-13 15:44 . 2012-05-13 15:44 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\USERTILE.JS
2012-05-13 15:44 . 2012-05-13 15:44 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\UIRESOURCE.JS
2012-05-13 15:44 . 2012-05-13 15:44 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXTBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TILEBOX.JS
2012-05-13 15:44 . 2012-05-13 15:44 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\TEXT.JS
2012-05-13 15:44 . 2012-05-13 15:44 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\SAVEDUSER.JS
2012-05-13 15:44 . 2012-05-13 15:44 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\QUERYSTRING.JS
2012-05-13 15:44 . 2012-05-13 15:44 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\NEWUSERCOMM.JS
2012-05-13 15:44 . 2012-05-13 15:44 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LOCALIZATION.JS
2012-05-13 15:44 . 2012-05-13 15:44 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\IMAGE.JS
2012-05-13 15:44 . 2012-05-13 15:44 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\LINK.JS
2012-05-13 15:43 . 2012-05-13 15:43 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2012-05-13 15:43 . 2012-05-13 15:43 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2012-05-13 15:43 . 2012-05-13 15:43 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2012-05-09 12:54 . 2012-05-09 12:54 -------- d-----w- c:\program files\Common Files\Skype
2012-05-09 12:50 . 2012-05-28 18:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-05-05 16:21 . 2012-05-05 16:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2012-05-04 14:56 . 2012-05-04 14:56 -------- d-----w- c:\program files\1ClickDownload
2012-05-04 14:02 . 2012-05-04 14:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Premium
2012-05-04 14:01 . 2012-05-04 14:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Bcool
2012-05-04 13:57 . 2012-05-05 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2012-05-01 10:54 . 2012-05-01 10:54 -------- d-----w- c:\program files\Speccy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-16 15:42 . 2010-05-10 09:29 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 15:06 . 2012-04-22 15:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-22 15:06 . 2011-05-19 11:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-17 13:44 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-17 13:45 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 13:53 . 2012-04-05 12:55 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-09 13:51 . 2010-03-17 12:26 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-07 00:15 . 2011-03-10 14:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-01-09 15:38 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-10 14:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2010-01-09 15:38 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2010-01-09 15:38 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2010-01-09 15:38 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-01-09 15:38 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2010-01-09 15:38 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2010-01-09 15:38 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2010-01-09 15:38 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-06 16:29 . 2012-03-06 15:49 87608 ----a-w- c:\documents and settings\--\Data aplikací\inst.exe
2012-03-06 16:29 . 2012-03-06 15:49 47360 ----a-w- c:\documents and settings\--\Data aplikací\pcouffin.sys
2012-03-01 10:59 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 10:59 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-17 13:49 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-17 13:49 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-17 13:44 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_10.11.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-28 18:11 . 2012-05-28 18:11 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_554.dat
+ 2012-05-28 18:09 . 2012-05-28 18:09 16384 c:\windows\Temp\Perflib_Perfdata_154.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ------w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Povolit program Bezdrátová klávesnice a myš Labtec.lnk - c:\program files\Bezdrátová klávesnice a myš Labtec\MagicKey.exe [2009-10-31 258048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2011-09-23 07:02 11515184 ----a-w- c:\program files\BitComet\BitComet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2012-05-08 12:08 9533848 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 15:24 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" /hide
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sudden Strike II\\game\\code\\Release\\game_exe.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"17469:TCP"= 17469:TCP:BitComet 17469 TCP
"17469:UDP"= 17469:UDP:BitComet 17469 UDP
"19744:TCP"= 19744:TCP:BitComet 19744 TCP
"19744:UDP"= 19744:UDP:BitComet 19744 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 a347bus;a347bus;c:\windows\system32\DRIVERS\a347bus.sys [x]
R0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-02-10 14336]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service; [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-04-06 11232]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 kbfilter;Keyboard Filter Driver; [x]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-17 249616]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-11-25 160448]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-11-24 89192]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-07-08 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-11-25 124992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-03-04 19:06]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 18:07]
.
2012-05-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{51CFA3EA-DC95-4795-8228-1D9C1ADB4157}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-05-28 c:\windows\Tasks\User_Feed_Synchronization-{F657FCBC-15DD-4DF9-B8EA-107EC8644767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10004
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{25F1BE69-A1FD-42F9-8646-A9B06370D4E2}: NameServer = 62.129.50.20,62.129.32.100
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 21:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-651377827-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1928)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-05-28 21:58:27
ComboFix-quarantined-files.txt 2012-05-28 19:58
ComboFix2.txt 2012-05-28 13:04
ComboFix3.txt 2012-05-28 10:18
ComboFix4.txt 2012-05-25 09:03
.
Před spuštěním: Volných bajtů: 11 057 917 952
Po spuštění: Volných bajtů: 11 038 449 664
.
- - End Of File - - 0A5E1B1AC988F24A971C31DAB88E23DE

[JaRon]

vypada to nadejne
vycisti PC s CCleanerom a napis, ci su este problemy

[sendy80]

Zdravím,
Ccleanerem vyčištěno, od včera odpoledne žádná BSOD, tak snad to vydrží , můžete mi tak trošku osvětlit co s tím bylo, jen tak zhruba, polopatě, abych příště věděla? Jinak zatím strašně moccc děkuji!

[JaRon]

ahoj,
uvedeny BSOD moze mat mnoho pricin - zatial sme urobili poriadok z hladiska SW - dufam, ze stav bez BSOD vydrzi, no ale v takychto pripadoch je lepsie sa radovat az po tyzdni bez BSOD
ak by sa zopakoval, vloz obsah minidump
ak sa nezopakuje, radi sme pomohli

[sendy80]

ano rozumím, před chvilkou jsem zjistila, že mi automaticky nespouští dvd jednotka, někde jsem se dočetla, že to může způsobit právě ten Combofix, dívala jsem se do VLASTNOSTI dvd a tam to mám správně -,, vždy se dotázat na výběr akce,, poradíte mi ještě prosím

[JaRon]

moznosti autorun su popisane tu: http://forum.zive.cz/viewtopic.php?t=1021096

[sendy80]

tak jsem nepochodila, zkoušela jsem to přes editor registru - Cdrom - autorun a ten je nastavenej na hodnotu 1, tak že tady by to mělo být v pořádku, potom přes příkaz gpedit.msc - zásady skupiny - konfigurace počítače - šablony pro správu a tam jsem měla kliknout na složku systém, jenom, že ta tam uplně chybí, je tam jenom složka součásti systému windows a složka windows components, tak jsem v koncích, ještě zkusím hledat.....