VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

chybná bitová kopie

https://forum.viry.cz:443/viewtopic.php?t=126274

Stránka 1 z 1

chybná bitová kopie

Napsal: 03 pro 2012 18:48
od Vojtěch
Dobrý den , dnes při zapnutí Pc na mě začalo vyskakovat několik erorů : chybná bitová kopie. Našel jsem tu stejný problém který se řešil pomocí programu Combofix , tak jsem ho stáhl a postupoval podle rad uživatele JanH. odkaz zde : http://forum.viry.cz/viewtopic.php?f=13&t=81363 , po uvedeném restartování PC už žádný eror nevyskočil , ale pro jistotu vkládám log z Combofixu a prosím aby se na to někdo podíval a případně popsal další kroky , děkuji


ComboFix 12-12-02.01 - Administrator 03.12.2012 18:18:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1232 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\uidsave.dat
c:\documents and settings\Administrator\WINDOWS
C:\install.exe
c:\program files\_arh1
c:\program files\_arh1\_arh1\kokolok.txt
c:\program files\_arh1\_arh1\kust.txt
c:\program files\_arh1\_arh1\na1111111111111ki.bat
c:\program files\_arh1\_arh1\no111111111ri.vbs
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3ca605b94c6c1cba.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\62414bb7f3cfdbfa.fb
c:\windows\system32\Cache\63e3a432d3c29c90.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a0d69a628236f252.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ba48bfa828f5a77f.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f0b67b8fa39bc287.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\nspupdt.dll.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\tmp65A.tmp
c:\windows\system32\tmp65B.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\program files\SweetIM
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d3ec233-b92d-4187-a506-284127cfba2d}]
2012-10-10 02:45 1031240 ----a-w- c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{8d3ec233-b92d-4187-a506-284127cfba2d}"= "c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll" [2012-10-10 1031240]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{8d3ec233-b92d-4187-a506-284127cfba2d}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{5c0647de-0eee-4822-b211-a05a5bf316ab}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"SunJavaUpdateSched"="c:\program files\common files\java\java update\jusched.exe" [2011-06-09 254696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} - c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~1\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-DATAMNGR - c:\progra~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE
HKLM-Explorer_Run-3032 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}"=hex:51,66,7a,6c,4c,1d,3b,1b,e5,38,68,
a2,fe,3b,66,0b,a8,70,f1,ad,a4,47,79,8e
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,df,f4,
f2,2d,33,b2,5d,83,79,40,53,22,84,da,5c
.
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,35,1e,09,9d,ca,29,40,86,0c,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,35,1e,09,9d,ca,29,40,86,0c,77,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-12-03 18:31:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 666 486 272
Po spuštění: Volných bajtů: 257 957 933 056
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 30D238C7E39E13BB6939E425BE47CF6B

Re: chybná bitová kopie

Napsal: 03 pro 2012 19:10
od Rudy
Proč spouštíte Combofix, utilitu uečenou odborníkům, bez kozultace s rádcem? Nečtete pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601
2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám mi poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.
neznalá osoba si Combofixem může snadno zbořit systém.

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\program files\SweetIM
c:\documents and settings\All Users\Data aplikací\SweetIM
c:\program files\uTorrentControl_v2
c:\documents and settings\Administrator\Data aplikací\DownTango4SToolba

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"=-
[-HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{8d3ec233-b92d-4187-a506-284127cfba2d}]
[-HKEY_CLASSES_ROOT\wtb.Band.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5c0647de-0eee-4822-b211-a05a5bf316ab}]
[-HKEY_CLASSES_ROOT\wtb.Band]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"Sweetpacks Communicator"=-

Driver::
Skype C2C Service

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

RegLock::
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: chybná bitová kopie

Napsal: 04 pro 2012 16:50
od Vojtěch
Dobrý den , dnes jsem provedl to co jste mi psal , přidávám log :

ComboFix 12-12-02.01 - Administrator 04.12.2012 16:34:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SweetIM
c:\program files\SweetIM\Communicator\mgcommon.dll
c:\program files\SweetIM\Communicator\mgcommunication.dll
c:\program files\SweetIM\Communicator\mgsimcommon.dll
c:\program files\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files\uTorrentControl_v2
c:\program files\uTorrentControl_v2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl_v2\ldrtbuTor.dll
c:\program files\uTorrentControl_v2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl_v2\prxtbuTor.dll
c:\program files\uTorrentControl_v2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl_v2\tbuTor.dll
c:\program files\uTorrentControl_v2\toolbar.cfg
c:\program files\uTorrentControl_v2\ToolbarContextMenu.xml
c:\program files\uTorrentControl_v2\uninstall.exe
c:\program files\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPE_C2C_SERVICE
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
BHO-{8d3ec233-b92d-4187-a506-284127cfba2d} - (no file)
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 16:45:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 15:45
ComboFix2.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 579 180 032
Po spuštění: Volných bajtů: 257 576 423 424
.
- - End Of File - - 81BA75E11F81C980508DB4F5335A4FE4

Re: chybná bitová kopie

Napsal: 04 pro 2012 17:14
od Rudy
Ještě jednou spusťte CF tímto skriptem:
KillAll::

Folder::
c:\program files\Common Files\Spigot

Collect::
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"=-

Reboot::

Re: chybná bitová kopie

Napsal: 04 pro 2012 17:32
od Vojtěch
ComboFix 12-12-02.01 - Administrator 04.12.2012 17:19:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1352 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth155.dll
c:\program files\Common Files\Spigot\Search Settings\wthx155.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.js
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xul
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 17:30:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 16:30
ComboFix2.txt 2012-12-04 15:45
ComboFix3.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 567 068 160
Po spuštění: Volných bajtů: 257 555 771 392
.
- - End Of File - - D730CCCE728BFCDAD9865DF69B0DCF3F

Re: chybná bitová kopie

Napsal: 04 pro 2012 17:43
od Rudy
Stáhněte a spusťte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 . Do bílého okna zkopírujte:
Files to delete:
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com

Folders to delete:
c:\documents and settings\All Users\Data aplikací\SweetIM

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run | 3032
a klikněte na >Execute<. PC bude restartován.

Re: chybná bitová kopie

Napsal: 04 pro 2012 17:50
od Vojtěch
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" not found!
Deletion of file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\documents and settings\All Users\Data aplikací\SweetIM" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run|3032" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: chybná bitová kopie

Napsal: 04 pro 2012 19:10
od Rudy
Soubor už tam nebyl, pouze klíč a jeden zbylý adresář. Vše smazáno. Nastala nějaká změna?

Re: chybná bitová kopie

Napsal: 05 pro 2012 15:12
od Vojtěch
Dobrý den , vše už vypadá být vpořádku , děkuji za pomoc. Program Combofix mohu odstranit ?

Re: chybná bitová kopie

Napsal: 05 pro 2012 19:36
od Rudy
Vojtěch píše:Program Combofix mohu odstranit ?
Ano. Start>spustit>(napsat) combofix /uninstall>OK. Avenger smažte. Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz