spomaleny pocitac

[jezz33]

Zdravim,
mohli by ste sa prosim pozriet na tieto logy. Segrin notas je kruto spomaleny.


mwav:

Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP108F.tmp\mscorlib.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.


RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dada at 2009-12-22 15:29:37
Microsoft Windows XP Professional Service Pack 3, v.5857
System drive C: has 7 GB (46%) free of 15 GB
Total RAM: 502 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:02, on 22. 12. 2009
Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\DOCUME~1\Dada\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Dada\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Dada.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6701 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-29 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-17 1800464]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-11-30 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\Dada\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 (1033:exe)"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 (1033:com)"
"F:\setup.exe"="F:\setup.exe:*:Enabled:setup.exe"
"C:\WINDOWS\system\csrss.exe"="C:\WINDOWS\system\csrss.exe:*:Enabled:csrss.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e6655ce-e344-11de-8176-001c265f7bee}]
shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6a02d64-9899-11de-8117-001c265f7bee}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90f6492-e898-11de-8184-001c265f7bee}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90f6495-e898-11de-8184-001c265f7bee}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-12-22 15:29:43 ----D---- C:\Program Files\trend micro
2009-12-22 15:29:37 ----D---- C:\rsit
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\VDLL.DLL
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\rundll16.exe
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\RUNDL132.EXE
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\logo1_.exe
2009-12-22 14:18:14 ----AD---- C:\WINDOWS\logo_1.exe
2009-12-22 14:15:07 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-12-22 14:15:06 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-12-22 14:15:05 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-12-22 14:14:56 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-12-22 14:14:56 ----A---- C:\WINDOWS\system32\T.COM
2009-12-22 14:14:56 ----A---- C:\WINDOWS\REGEDIT.COM
2009-12-22 14:14:56 ----A---- C:\WINDOWS\R.COM
2009-12-22 14:14:52 ----D---- C:\Program Files\Common Files\MicroWorld
2009-12-22 14:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2009-12-21 23:01:22 ----A---- C:\WINDOWS\IsUninst.exe
2009-12-14 11:12:53 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-12-14 11:10:48 ----D---- C:\Program Files\Mobile Partner
2009-12-13 10:56:22 ----A---- C:\WINDOWS\wininit.ini
2009-12-11 20:17:30 ----D---- C:\Program Files\Adobe
2009-12-08 19:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
2009-12-07 17:27:00 ----D---- C:\Program Files\Common Files\Novell Shared
2009-12-07 17:26:59 ----A---- C:\WINDOWS\system32\ltih21tb.dll
2009-12-07 17:26:59 ----A---- C:\WINDOWS\system32\awrtl32.dll
2009-12-07 17:26:54 ----A---- C:\WINDOWS\system32\msfrt40.dll
2009-12-07 17:26:44 ----A---- C:\WINDOWS\system32\ww_mc232.dll
2009-12-07 17:26:44 ----A---- C:\WINDOWS\system32\ww_cu232.dll
2009-12-07 17:26:43 ----A---- C:\WINDOWS\system32\ww_oa232.dll
2009-12-07 17:26:43 ----A---- C:\WINDOWS\system32\vb40032.dll
2009-12-07 17:26:21 ----A---- C:\WINDOWS\isgdi32.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\imwmf2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\emwmf2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\emps_2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\empct2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\emcgm2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\ebtif2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\ebjpg2.ini
2009-12-07 17:26:21 ----A---- C:\WINDOWS\ebbmp2.ini
2009-12-07 17:23:03 ----D---- C:\Program Files\SPSS
2009-12-07 16:43:32 ----A---- C:\WINDOWS\uninst.exe
2009-11-24 23:33:40 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-12-22 15:30:02 ----D---- C:\WINDOWS\Prefetch
2009-12-22 15:29:51 ----D---- C:\WINDOWS\Temp
2009-12-22 15:29:43 ----RD---- C:\Program Files
2009-12-22 15:15:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-22 14:18:14 ----D---- C:\WINDOWS\system32
2009-12-22 14:18:14 ----D---- C:\WINDOWS
2009-12-22 14:14:52 ----D---- C:\Program Files\Common Files
2009-12-22 14:07:32 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 14:04:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-22 13:59:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-22 13:59:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-17 00:33:18 ----A---- C:\WINDOWS\WINCMD.INI
2009-12-16 00:11:05 ----D---- C:\Documents and Settings\Dada\Application Data\vlc
2009-12-15 20:25:31 ----D---- C:\Documents and Settings\Dada\Application Data\dvdcss
2009-12-14 11:12:15 ----HD---- C:\WINDOWS\inf
2009-12-14 11:11:41 ----D---- C:\WINDOWS\system32\drivers
2009-12-13 10:59:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-13 10:59:49 ----D---- C:\WINDOWS\Debug
2009-12-13 10:39:53 ----D---- C:\WINDOWS\system
2009-12-12 15:28:09 ----D---- C:\Documents and Settings\Dada\Application Data\uTorrent
2009-12-12 00:28:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-11 20:18:50 ----SHD---- C:\WINDOWS\Installer
2009-12-11 20:18:03 ----D---- C:\Program Files\Common Files\Adobe
2009-12-11 18:32:15 ----D---- C:\Documents and Settings\Dada\Application Data\Skype
2009-12-11 18:21:57 ----D---- C:\Documents and Settings\Dada\Application Data\skypePM
2009-12-08 07:47:15 ----SD---- C:\Documents and Settings\Dada\Application Data\Microsoft
2009-12-07 17:26:58 ----RSD---- C:\WINDOWS\Fonts
2009-12-07 17:20:41 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-11-24 23:32:12 ----D---- C:\Documents and Settings\Dada\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-11-17 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-17 25160]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2007-11-30 8832]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2007-11-30 88192]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-11-30 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-11-30 13952]
R3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-31 4424192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-11-30 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2007-11-30 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-11-30 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-11-30 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2007-11-30 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-17 723632]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2007-11-30 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


diky

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení

[Caroprd111]

Odinstalujte COMODO Internet Security

Doporučuji odinstalovat Spybot - Search & Destroy

Doporučuji odinstalovat (pokud nepoužíváte) ICQToolBar (lištu) v Přidat nebo odebrat programy

Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\WINDOWS\system\csrss.exe

:commands
[purity]
[emptytemp]
[Reboot]

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte že chcete instalovat yahoo toolbar

Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner

Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, dejte Opravit všechny problémy
OK Zavřít


K čemu používáte disk F:

Jsou s PC nějaké problémy, kromě toho zpomalení

[jezz33]

Comodo, spybot, icq odinstalovane.
Tu je log :

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTM by OldTimer - Version 3.1.3.0 log created on 12232009_124757





All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system\csrss.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dada
->Temp folder emptied: 283028935 bytes
->Temporary Internet Files folder emptied: 623941 bytes
->FireFox cache emptied: 36074058 bytes
->Apple Safari cache emptied: 93930 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 237909 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 482153 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2398419 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 886671 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 27008722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8413032 bytes

Total Files Cleaned = 343,00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12232009_125159

Files moved on Reboot...

Registry entries deleted on Reboot...


Vycistil som Ccleanerom (ma ho v PC tak ho hadam obcas pouziva )
O disku F nic nevie, nie je v ponuke v My comp.
O inych problemoch nevravela, len ze je cely spomaleny, a obcas sa spomaly totalne , zasekava sa, ale ci to je konkretne spojene s niektorymi procesmi nevie.

[Caroprd111]

Zdravím

Defragmentujte disk

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90f6495-e898-11de-8184-001c265f7bee}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90f6492-e898-11de-8184-001c265f7bee}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e6655ce-e344-11de-8176-001c265f7bee}]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[jezz33]

Nepodarilo sa mi vypnut Win firewall, aj ked kliknem na Off a potvrdim OK, stale mi ho zobrazuje v Security center zapnuty.
Taktiez je tam Virus Protection (Antivir desktop) stale zapnuty a neprisiel som na sposob ako ho vypnut. Koli nemu nemozem spustit CF. Mozete mi s tym poradit? hadam sa mi podarilo poslat aj obr.a

screen2.JPG

(125.09 KiB) Staženo 918 x

ko prilohu

[Caroprd111]

Spusťte ComboFix při spuštěném antiviru.

[jezz33]

Combofix:



ComboFix 09-12-23.04 - Dada . 12. 2009 12:45:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.502.278 [GMT 1:00]
Running from: c:\documents and settings\Dada\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\lsprst7.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-23 12:39 . 2009-12-23 12:39 -------- d-----w- c:\program files\CCleaner
2009-12-23 11:47 . 2009-12-23 11:47 -------- d-----w- C:\_OTM
2009-12-22 14:29 . 2009-12-22 14:30 -------- d-----w- c:\program files\trend micro
2009-12-22 14:29 . 2009-12-22 14:30 -------- d-----w- C:\rsit
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\rundll16.exe
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\logo1_.exe
2009-12-22 13:18 . 2009-12-22 13:18 -------- d---a-w- c:\windows\logo_1.exe
2009-12-22 13:15 . 2009-12-22 13:15 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-22 13:15 . 2009-12-22 13:15 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-22 13:15 . 2009-12-22 13:15 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-22 13:14 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2009-12-22 13:14 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2009-12-22 13:14 . 2009-12-22 13:14 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-22 13:14 . 2009-12-22 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-12-21 22:01 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-14 10:11 . 2008-03-17 10:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-12-14 10:11 . 2008-03-17 10:03 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-14 10:11 . 2008-03-16 13:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-12-14 10:11 . 2008-01-22 14:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-12-14 10:11 . 2007-08-09 03:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-12-14 10:10 . 2009-12-14 10:12 -------- d-----w- c:\program files\Mobile Partner
2009-12-08 18:04 . 2009-12-23 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-12-07 16:27 . 2009-12-07 16:27 -------- d-----w- c:\program files\Common Files\Novell Shared
2009-12-07 16:26 . 1997-10-01 18:09 164864 ----a-w- c:\windows\system32\awrtl32.dll
2009-12-07 16:26 . 1997-09-19 09:10 93184 ----a-w- c:\windows\system32\ltih21tb.dll
2009-12-07 16:26 . 1995-08-23 22:00 393728 ----a-w- c:\windows\system32\msfrt40.dll
2009-12-07 16:26 . 1997-11-05 10:28 576000 ----a-w- c:\windows\system32\ww_cu232.dll
2009-12-07 16:26 . 1997-11-05 10:28 215552 ----a-w- c:\windows\system32\ww_mc232.dll
2009-12-07 16:26 . 1997-11-05 10:28 168960 ----a-w- c:\windows\system32\ww_oa232.dll
2009-12-07 16:26 . 1995-08-14 22:00 721168 ----a-w- c:\windows\system32\vb40032.dll
2009-12-07 16:23 . 2009-12-16 23:45 -------- d-----w- c:\program files\SPSS
2009-12-07 15:43 . 1996-10-23 16:26 298496 ----a-w- c:\windows\uninst.exe
2009-12-07 15:43 . 2009-12-07 15:43 -------- d-----w- c:\documents and settings\Dada\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 11:30 . 2009-06-24 22:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-23 11:37 . 2009-06-22 16:50 -------- d-----w- c:\program files\COMODO
2009-12-23 11:24 . 2009-07-22 10:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-23 11:24 . 2009-07-22 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 23:11 . 2009-10-25 22:59 -------- d-----w- c:\documents and settings\Dada\Application Data\vlc
2009-12-15 19:25 . 2009-10-27 13:46 -------- d-----w- c:\documents and settings\Dada\Application Data\dvdcss
2009-12-12 14:28 . 2009-06-22 17:13 -------- d-----w- c:\documents and settings\Dada\Application Data\uTorrent
2009-12-11 19:18 . 2009-06-24 14:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-11 17:32 . 2009-06-25 18:04 -------- d-----w- c:\documents and settings\Dada\Application Data\Skype
2009-12-11 17:21 . 2009-06-25 18:05 -------- d-----w- c:\documents and settings\Dada\Application Data\skypePM
2009-12-08 08:48 . 2009-06-25 08:16 68488 ----a-w- c:\documents and settings\Dada\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 16:01 . 2009-10-26 19:21 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-11-24 22:32 . 2009-06-25 09:31 -------- d-----w- c:\documents and settings\Dada\Application Data\Apple Computer
2009-11-03 15:26 . 2009-11-03 15:18 -------- d-----w- c:\program files\Stylish Profile
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\zgnf7i8.dll
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\sus7k1j.dll
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\s1axdtm.dll
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\o27ijlz.dll
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\fvuyqof.dll
2009-10-26 19:22 . 2009-10-26 19:22 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\csmleyt.dll
2009-10-26 19:16 . 2009-10-26 19:16 -------- d-----w- c:\program files\SPSSInc
2009-10-26 19:16 . 2009-10-26 19:16 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-10-25 22:39 . 2009-10-25 22:39 -------- d-----w- c:\program files\VideoLAN
2009-10-25 17:30 . 2009-06-22 17:15 -------- d-----w- c:\program files\Mv2Player
2009-10-21 11:29 . 2009-10-21 11:29 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
.

------- Sigcheck -------

[-] 2009-06-22 . 0E755615AC4A868C37E3CB7E5BEFC2A1 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]

c:\documents and settings\Dada\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.
------- Supplementary Scan -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
FF - ProfilePath - c:\documents and settings\Dada\Application Data\Mozilla\Firefox\Profiles\wifgln8n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 12:47
Windows 5.1.2600 Service Pack 3, v.5857 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-12-24 12:49:00
ComboFix-quarantined-files.txt 2009-12-24 11:48

Pre-Run: 7 882 457 088 bytes free
Post-Run: 7 849 742 336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6DACE15AF4174606DBDA566A80E96BC4

[Caroprd111]

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ww_oa232.dll
c:\windows\VDLL.DLL

(Soubor nehledejte, jenom vložete tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. výsledek analýzy sem vložte.)

Jak to vypadá s PC

[jezz33]

Soubor sfcfiles.dll přijatý 2009.12.24 15:15:25 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 10.
Odhadovaný čas začátku mezi 100 a 142 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.24 -
AhnLab-V3 5.0.0.2 2009.12.24 -
AntiVir 7.9.1.122 2009.12.24 -
Antiy-AVL 2.0.3.7 2009.12.24 -
Authentium 5.2.0.5 2009.12.24 -
Avast 4.8.1351.0 2009.12.24 -
AVG 8.5.0.430 2009.12.24 -
BitDefender 7.2 2009.12.24 -
CAT-QuickHeal 10.00 2009.12.24 -
ClamAV 0.94.1 2009.12.24 -
Comodo 3353 2009.12.24 -
DrWeb 5.0.1.12222 2009.12.24 -
eSafe 7.0.17.0 2009.12.24 -
eTrust-Vet 35.1.7195 2009.12.24 -
F-Prot 4.5.1.85 2009.12.24 -
F-Secure 9.0.15370.0 2009.12.24 -
Fortinet 4.0.14.0 2009.12.24 -
GData 19 2009.12.24 -
Ikarus T3.1.1.79.0 2009.12.24 -
Jiangmin 13.0.900 2009.12.23 -
K7AntiVirus 7.10.929 2009.12.24 -
Kaspersky 7.0.0.125 2009.12.24 -
McAfee 5841 2009.12.23 -
McAfee+Artemis 5841 2009.12.23 -
McAfee-GW-Edition 6.8.5 2009.12.24 -
Microsoft 1.5302 2009.12.24 -
NOD32 4715 2009.12.24 -
Norman 6.04.03 2009.12.24 -
nProtect 2009.1.8.0 2009.12.24 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.24 -
Prevx 3.0 2009.12.24 -
Rising 22.27.03.04 2009.12.24 -
Sophos 4.49.0 2009.12.24 -
Sunbelt 3.2.1858.2 2009.12.23 -
Symantec 1.4.4.12 2009.12.24 -
TheHacker 6.5.0.3.109 2009.12.23 -
TrendMicro 9.120.0.1004 2009.12.24 -
VBA32 3.12.12.0 2009.12.24 -
ViRobot 2009.12.24.2107 2009.12.24 -
VirusBuster 5.0.21.0 2009.12.23 -
Rozšiřující informace
File size: 1613824 bytes
MD5...: 0e755615ac4a868c37e3cb7e5befc2a1
SHA1..: 68a5912208dd5801a62589a0d08e4bcee6cb2626
SHA256: 496fb27279bea2a7e80c668181583234493c9d332b09bedc989bbb073919d492
ssdeep: 3072:w69mOkXXXH/vo/Rz576ytutFKRwLgLhRvCw5pl9DDp0cmnaK:wXOkXXIp6w
6wbvp
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x120d
timedatestamp.....: 0x474ffae2 (Fri Nov 30 11:58:26 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcbf 0xe00 5.89 6595c9b56cfa02987bafd69ed5dd3cac
.data 0x2000 0x17e410 0x17e400 3.28 5f7afe9758f1caceca6eb35aa0d898d8
.rsrc 0x181000 0x408 0x600 2.50 f56e044b376fc0b381b4a65ad63ed72c
.reloc 0x182000 0xa21c 0xa400 5.76 fd97ea41d37fe3bafe18249f7c69d9a0

( 1 imports )
> ntdll.dll: LdrDisableThreadCalloutsForDll, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlGetVersion, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind, NtQueryVirtualMemory

( 1 exports )
SfcGetFiles
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows 2000 System File Checker
original name:
internal name:
file version.: 5.1.2600.3264 (xpsp.071130-1427)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)





Soubor ww_oa232.dll přijatý 2009.12.24 15:16:46 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 50 a 71 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.12.24 -
AhnLab-V3 5.0.0.2 2009.12.24 -
AntiVir 7.9.1.122 2009.12.24 -
Antiy-AVL 2.0.3.7 2009.12.24 -
Authentium 5.2.0.5 2009.12.24 -
Avast 4.8.1351.0 2009.12.24 -
AVG 8.5.0.430 2009.12.24 -
BitDefender 7.2 2009.12.24 -
CAT-QuickHeal 10.00 2009.12.24 -
ClamAV 0.94.1 2009.12.24 -
Comodo 3353 2009.12.24 -
DrWeb 5.0.1.12222 2009.12.24 -
eSafe 7.0.17.0 2009.12.24 -
eTrust-Vet 35.1.7195 2009.12.24 -
F-Prot 4.5.1.85 2009.12.24 -
F-Secure 9.0.15370.0 2009.12.24 -
Fortinet 4.0.14.0 2009.12.24 -
GData 19 2009.12.24 -
Ikarus T3.1.1.79.0 2009.12.24 -
Jiangmin 13.0.900 2009.12.23 -
K7AntiVirus 7.10.929 2009.12.24 -
Kaspersky 7.0.0.125 2009.12.24 -
McAfee 5841 2009.12.23 -
McAfee+Artemis 5841 2009.12.23 -
McAfee-GW-Edition 6.8.5 2009.12.24 -
Microsoft 1.5302 2009.12.24 -
NOD32 4715 2009.12.24 -
Norman 6.04.03 2009.12.24 -
nProtect 2009.1.8.0 2009.12.24 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.24 -
Prevx 3.0 2009.12.24 -
Rising 22.27.03.04 2009.12.24 -
Sophos 4.49.0 2009.12.24 -
Sunbelt 3.2.1858.2 2009.12.23 -
Symantec 1.4.4.12 2009.12.24 -
TheHacker 6.5.0.3.109 2009.12.23 -
TrendMicro 9.120.0.1004 2009.12.24 -
VBA32 3.12.12.0 2009.12.24 -
ViRobot 2009.12.24.2107 2009.12.24 -
VirusBuster 5.0.21.0 2009.12.23 -
Rozšiřující informace
File size: 168960 bytes
MD5...: 594dadea9ea2b24bfd8bfb726ff1ca7c
SHA1..: fdc74dbe56fff49f005ce6b5458ca9086e77a6b5
SHA256: 223c98b51fa23790066e059ac2dfb46cc2d89bde57fb00e0ace708e483786f36
ssdeep: 3072:WYBIBv4oDbLmY8/tzV+li4Jd+LR+K0hzs8ieaLqpG59Kr:WYiR4oDXR8/NV
+/iLRYz1ivD
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd550
timedatestamp.....: 0x34048f2d (Wed Aug 27 20:33:49 1997)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12640 0x12800 6.25 62e6857eaff5de77a1085fcd3b0ff3d5
.rdata 0x14000 0x590e 0x5a00 5.70 d64f7d4948b43778229fa1694d7a0cea
.data 0x1a000 0x3cb8 0x2a00 4.13 6a448d38d56a51cedf7b74688bc20a77
.idata 0x1e000 0xd68 0xe00 5.25 22103fcd5e1009ccae72c11481e6a290
.rsrc 0x1f000 0xbde8 0xbe00 3.82 a101a4921313fa3621b7be1ee7aeee9f
.reloc 0x2b000 0x1718 0x1800 5.48 7b873f75f5edf172885290a1c00ec8f7

( 6 imports )
> KERNEL32.dll: lstrcmpA, GetModuleFileNameW, MultiByteToWideChar, WideCharToMultiByte, GetUserDefaultLangID, lstrcpynA, TlsSetValue, TlsAlloc, GetVersion, DeleteCriticalSection, TlsFree, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, HeapFree, ExitProcess, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, GetCurrentThreadId, SetLastError, GetLastError, HeapCreate, HeapDestroy, SetHandleCount, GetFileType, HeapAlloc, GetStartupInfoA, OpenFile, GetLocaleInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WriteFile, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, FlushFileBuffers, GetLocaleInfoW, CloseHandle, GetTickCount, SetFilePointer, InterlockedIncrement, EnterCriticalSection, LeaveCriticalSection, TlsGetValue, InterlockedDecrement, GetACP, FreeLibrary, LoadLibraryA, GetProcAddress, LocalHandle, LocalUnlock, LocalFree, LocalAlloc, lstrcmpiA, lstrlenA, lstrcatA, GetModuleFileNameA, lstrcpyA, GetCPInfo, GetOEMCP, GetStdHandle, SetStdHandle
> USER32.dll: InvalidateRgn, GetDlgItem, GetWindowLongA, EndPaint, CallWindowProcA, SetWindowLongA, PostMessageA, EndDialog, ScreenToClient, ClientToScreen, SetDlgItemTextA, KillTimer, GetDlgItemTextA, SetWindowPos, SetWindowTextA, SetTimer, DialogBoxParamA, GetSystemMetrics, GetWindowRect, wsprintfA, LoadStringA, BeginPaint, LoadBitmapA, GetParent, MessageBoxA
> GDI32.dll: DeleteObject, CreatePen, LineTo, MoveToEx, GetStockObject, SetPixel, DeleteDC, BitBlt, CreateCompatibleDC, GetObjectA, CreateCompatibleBitmap, CombineRgn, CreateRectRgn, OffsetRgn, CreateEllipticRgn, SelectObject
> ADVAPI32.dll: RegQueryValueA, RegQueryValueW, RegSetValueA, RegSetValueW
> ole32.dll: CLSIDFromString, CoCreateGuid, StringFromGUID2, CoRevokeClassObject, CoRegisterClassObject, CoDisconnectObject, CoCreateInstance, OleRun, IIDFromString, OleUninitialize, OleInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 568 exports )
_DebugPrint@OA_CallBack2@@UAGXPAUIDispatch@@PAD@Z, _DebugPrint@OA_CallBack@@UAGXPAUIDispatch@@PAD@Z, _DispatchName@OA_Browser@@UAGPAGJ@Z, _DoEvents@OA_CallBack2@@UAGXPAUIDispatch@@@Z, _DoEvents@OA_CallBack@@UAGXPAUIDispatch@@@Z, _Find@OA_Browser@@UAGPAGPAG@Z, _FindVerbose@OA_Browser@@UAGPAGPAG@Z, _InspectObject@OA_Browser@@UAGXPAUIDispatch@@@Z, _MapMacroName@OA_CallBack2@@UAGPADPAUIDispatch@@PAD1@Z, _Method@OA_Browser@@UAGPAGF@Z, _MethodVerbose@OA_Browser@@UAGPAGF@Z, _Notify@OA_CallBack2@@UAGXPAUIDispatch@@F@Z, _Notify@OA_CallBack@@UAGXPAUIDispatch@@F@Z, _ReadMacro@OA_CallBack2@@UAGPADPAUIDispatch@@PAD@Z, _ReadMacro@OA_CallBack@@UAGPADPAUIDispatch@@PAD@Z, _Window@OA_CallBack2@@UAGJXZ, _Window@OA_CallBack@@UAGJXZ, CB_CreateCallBack, CB_CreateCallBack2, CB_DebugPrintA, CB_DebugPrintW, CB_DoEvents, CB_MapMacroNameA, CB_MapMacroNameW, CB_Notify, CB_ReadMacroA, CB_ReadMacroW, CB_Window, CU_AddExtension, CU_BlockedKeywords, CU_BlockedKeywordsPut, CU_BreakLineNum, CU_Call, CU_CallBack, CU_CallersLine, CU_Caption, CU_CaptionPut, CU_Continue, CU_CreateCodeUnit, CU_CreateHandler, CU_CreateHandlers, CU_CurrentLine, CU_DefaultCallBack, CU_DoEvents, CU_DoEventsPut, CU_ErrorDesc, CU_ErrorDescPut, CU_ErrorLimit, CU_ErrorLimitPut, CU_ErrorLine, CU_ErrorLineNum, CU_ErrorMacroName, CU_ErrorOffset, CU_Evaluate, CU_EvaluateObject, CU_EvaluatePut, CU_Evaluating, CU_ExtensionType, CU_ExtensionTypeEx, CU_ExtensionTypeName, CU_ExtensionTypeNameEx, CU_Fire, CU_FireBusy, CU_FireCall, CU_FireEval, CU_FireResult, CU_FireSucceeded, CU_Halt, CU_HaltAll, CU_HandlerCall, CU_HandlerEvaluate, CU_HandlerExists, CU_HandlerIsModuleLoaded, CU_HandlerProcName, CU_HandlerPrototype, CU_HandlerStart, CU_HandlerStepInto, CU_HandlerStepIntoPut, CU_HandlersItem, CU_HelpFile, CU_IsActive, CU_IsIdle, CU_IsMacro, CU_IsMacroActive, CU_IsPaused, CU_IsStopped, CU_Keywords, CU_LineNum, CU_LineNumPut, CU_Load, CU_LoadedMacroName, CU_Macro, CU_MacroKeywords, CU_MacroName, CU_Prototypes, CU_RemoveExtensions, CU_Rename, CU_Run, CU_SetCallBack, CU_Shutdown, CU_StackDepth, CU_StackDepthPut, CU_Start, CU_Step, CU_Stop, CU_ToggleBreak, CU_Unload, CU_Version, CU_Yield, DllCanUnloadNow, DllGetClassObject, OA_ActiveObjectA, OA_ActiveObjectW, OA_AddRef, OA_AppCreateDispatch, OA_ArgAddBOOL, OA_ArgAddBSTRA, OA_ArgAddBSTRRef, OA_ArgAddBSTRW, OA_ArgAddDisp, OA_ArgAddDispRef, OA_ArgAddI2, OA_ArgAddI2Ref, OA_ArgAddI4, OA_ArgAddI4Ref, OA_ArgAddR4, OA_ArgAddR4Ref, OA_ArgAddR8, OA_ArgAddR8Ref, OA_ArgAddStringA, OA_ArgAddStringW, OA_ArgAddUnk, OA_ArgAddUnkRef, OA_ArgAddVariant, OA_ArgRelease, OA_ArgStart, OA_AsciiFromBSTRW, OA_AsciiFromStringLenW, OA_AsciiFromStringW, OA_AsciiFromWide, OA_BindDispatch, OA_BindMFC, OA_CreateClass, OA_CreateDispatch, OA_CreateEnum, OA_CreateInstance, OA_CreateObjectA, OA_CreateObjectW, OA_CreateTypeA, OA_CreateTypeW, OA_DisconnectObject, OA_GetCoclassType, OA_GetComp, OA_GetCompDescA, OA_GetCompDescW, OA_GetDispatchData, OA_GetDispatchID2A, OA_GetDispatchID2W, OA_GetDispatchIDA, OA_GetDispatchIDW, OA_GetDispatchNameA, OA_GetDispatchNameW, OA_GetDispatchNamesA, OA_GetDispatchNamesW, OA_GetDispatchType, OA_GetMethodData, OA_GetType, OA_GetTypeDescA, OA_GetTypeDescW, OA_GetTypeHelpFileA, OA_GetTypeHelpFileW, OA_Initialize, OA_InitializeApplication, OA_Invoke, OA_InvokeBOOL, OA_InvokeBSTRA, OA_InvokeBSTRW, OA_InvokeDisp, OA_InvokeError, OA_InvokeErrorSilent, OA_InvokeI2, OA_InvokeI4, OA_InvokePut, OA_InvokeR4, OA_InvokeR8, OA_InvokeUnk, OA_InvokeVariant, OA_LoadLib, OA_LoadType_A, OA_LoadType_W, OA_NlsAdjustPathName, OA_NlsGetInstance, OA_NlsGetLangID, OA_NlsGetOleLCID, OA_NlsLock, OA_NlsSetLangID, OA_OLESTRFromBSTRA, OA_OLESTRFromStringA, OA_OLESTRFromStringLenA, OA_PostInvokeError, OA_PreInvokeError, OA_RaiseError2A, OA_RaiseError2W, OA_RaiseErrorA, OA_RaiseErrorW, OA_RegisterActiveObjectA, OA_RegisterActiveObjectW, OA_RegisterClassObjectA, OA_RegisterClassObjectW, OA_Release, OA_RevokeActiveObject, OA_RevokeClassObject, OA_StrCat, OA_StrCmp, OA_StrCmpi, OA_StrCpy, OA_StrLen, OA_SysAllocNullString, OA_SysAllocString, OA_SysAllocStringA, OA_SysAllocStringLen, OA_SysAllocStringLenA, OA_SysCmp, OA_SysDupString, OA_SysDupStringA, OA_SysFreeString, OA_SysFreeStringA, OA_SysReAllocString, OA_SysReAllocStringA, OA_SysReAllocStringLen, OA_SysReAllocStringLenA, OA_SysStringLen, OA_SysStringLenA, OA_Uninitialize, OA_UninitializeApplication, OA_VariantFromBOOL, OA_VariantFromBSTR, OA_VariantFromDisp, OA_VariantFromI2, OA_VariantFromI4, OA_VariantFromR4, OA_VariantFromR8, OA_VariantFromStringA, OA_VariantFromStringW, OA_Version, OA_WideFromAscii, OA_WinWrapAboutBoxA, OA_WrapMFCLib, WWBE_AddExtension, WWBE_Attach, WWBE_CodeUnit, WWBE_Continue, WWBE_CreateHandler, WWBE_CreateHandlers, WWBE_CurrentMacroName, WWBE_Detach, WWBE_EditMacro, WWBE_Enabled, WWBE_EnabledPut, WWBE_EventMode, WWBE_EventModePut, WWBE_FileChangeDir, WWBE_FileChangeDirPut, WWBE_FileDesc, WWBE_FileDescPut, WWBE_FileExt, WWBE_FileExtPut, WWBE_Fire, WWBE_Interrupt, WWBE_IsActive, WWBE_IsIdle, WWBE_IsStopped, WWBE_LoadMacro, WWBE_LoadModule, WWBE_Locked, WWBE_LockedPut, WWBE_Maximize, WWBE_Minimize, WWBE_ModuleInstance, WWBE_MultiSheet, WWBE_MultiSheetPut, WWBE_ReportError, WWBE_Restore, WWBE_RunMacro, WWBE_SetHiddenCode, WWBE_SetIni, WWBE_UnloadModule, WWBE_Visible, WWBE_VisiblePut, _CB_CreateCallBack2@12, _CB_CreateCallBack@12, _CB_DebugPrintA@12, _CB_DebugPrintW@12, _CB_DoEvents@8, _CB_MapMacroNameA@16, _CB_MapMacroNameW@16, _CB_Notify@12, _CB_ReadMacroA@12, _CB_ReadMacroW@12, _CB_Window@4, _CU_AddExtension@12, _CU_BlockedKeywords@4, _CU_BlockedKeywordsPut@8, _CU_BreakLineNum@12, _CU_Call@8, _CU_CallBack@4, _CU_CallersLine@8, _CU_Caption@4, _CU_CaptionPut@8, _CU_Continue@4, _CU_CreateCodeUnit@0, _CU_CreateHandler@8, _CU_CreateHandlers@12, _CU_CurrentLine@4, _CU_DefaultCallBack@4, _CU_DoEvents@4, _CU_DoEventsPut@8, _CU_ErrorDesc@4, _CU_ErrorDescPut@8, _CU_ErrorLimit@4, _CU_ErrorLimitPut@8, _CU_ErrorLine@4, _CU_ErrorLineNum@4, _CU_ErrorMacroName@4, _CU_ErrorOffset@4, _CU_Evaluate@12, _CU_EvaluateObject@12, _CU_EvaluatePut@16, _CU_Evaluating@4, _CU_ExtensionType@8, _CU_ExtensionTypeEx@12, _CU_ExtensionTypeName@8, _CU_ExtensionTypeNameEx@12, _CU_Fire@8, _CU_FireBusy@4, _CU_FireCall@8, _CU_FireEval@8, _CU_FireResult@8, _CU_FireSucceeded@4, _CU_Halt@4, _CU_HaltAll@4, _CU_HandlerCall@12, _CU_HandlerEvaluate@16, _CU_HandlerExists@4, _CU_HandlerIsModuleLoaded@4, _CU_HandlerProcName@4, _CU_HandlerPrototype@4, _CU_HandlerStart@12, _CU_HandlerStepInto@4, _CU_HandlerStepIntoPut@8, _CU_HandlersItem@8, _CU_HelpFile@4, _CU_IsActive@4, _CU_IsIdle@4, _CU_IsMacro@8, _CU_IsMacroActive@8, _CU_IsPaused@4, _CU_IsStopped@4, _CU_Keywords@4, _CU_LineNum@4, _CU_LineNumPut@8, _CU_Load@8, _CU_LoadedMacroName@8, _CU_Macro@12, _CU_MacroKeywords@8, _CU_MacroName@4, _CU_Prototypes@8, _CU_RemoveExtensions@8, _CU_Rename@12, _CU_Run@8, _CU_SetCallBack@8, _CU_Shutdown@4, _CU_StackDepth@4, _CU_StackDepthPut@8, _CU_Start@8, _CU_Step@4, _CU_Stop@4, _CU_ToggleBreak@12, _CU_Unload@8, _CU_Version@4, _CU_Yield@0, _OA_ActiveObjectA@4, _OA_ActiveObjectW@4, _OA_AddRef@4, _OA_AppCreateDispatch@8, _OA_AppDataDestroy@8, _OA_ArgAddBOOL@8, _OA_ArgAddBSTRA@8, _OA_ArgAddBSTRRef@8, _OA_ArgAddBSTRW@8, _OA_ArgAddDisp@8, _OA_ArgAddDispRef@8, _OA_ArgAddI2@8, _OA_ArgAddI2Ref@8, _OA_ArgAddI4@8, _OA_ArgAddI4Ref@8, _OA_ArgAddR4@8, _OA_ArgAddR4Ref@8, _OA_ArgAddR8@12, _OA_ArgAddR8Ref@8, _OA_ArgAddStringA@8, _OA_ArgAddStringW@8, _OA_ArgAddUnk@8, _OA_ArgAddUnkRef@8, _OA_ArgAddVariant@8, _OA_ArgRelease@4, _OA_ArgStart@8, _OA_AsciiFromBSTRW@4, _OA_AsciiFromStringLenW@8, _OA_AsciiFromStringW@4, _OA_AsciiFromWide@8, _OA_BindDispatch@8, _OA_BindMFC@16, _OA_BrowserCreate@8, _OA_BrowserDestroy@8, _OA_BrowserLock@8, _OA_CreateClass@16, _OA_CreateDispatch@16, _OA_CreateEnum@8, _OA_CreateInstance@4, _OA_CreateObjectA@4, _OA_CreateObjectW@4, _OA_CreateTypeA@4, _OA_CreateTypeW@4, _OA_DestroyCallBack2@8, _OA_DestroyCallBack@8, _OA_DisconnectObject@4, _OA_FreeCU@0, _OA_GetCoclassType@4, _OA_GetComp@4, _OA_GetCompDescA@12, _OA_GetCompDescW@12, _OA_GetDispatchData@4, _OA_GetDispatchID2A@12, _OA_GetDispatchID2W@12, _OA_GetDispatchIDA@8, _OA_GetDispatchIDW@8, _OA_GetDispatchNameA@8, _OA_GetDispatchNameW@8, _OA_GetDispatchNamesA@8, _OA_GetDispatchNamesW@8, _OA_GetDispatchType@4, _OA_GetMethodData@12, _OA_GetType@4, _OA_GetTypeDescA@12, _OA_GetTypeDescW@12, _OA_GetTypeHelpFileA@16, _OA_GetTypeHelpFileW@16, _OA_Initialize@0, _OA_InitializeApplication@8, _OA_Invoke@16, _OA_InvokeBOOL@16, _OA_InvokeBSTRA@16, _OA_InvokeBSTRW@16, _OA_InvokeDisp@16, _OA_InvokeError@0, _OA_InvokeErrorSilent@0, _OA_InvokeI2@16, _OA_InvokeI4@16, _OA_InvokePut@16, _OA_InvokeR4@16, _OA_InvokeR8@16, _OA_InvokeUnk@16, _OA_InvokeVariant@20, _OA_LoadCU@0, _OA_LoadLib@4, _OA_LoadType_A@8, _OA_LoadType_W@8, _OA_NlsAdjustPathName@8, _OA_NlsGetInstance@0, _OA_NlsGetLangID@0, _OA_NlsGetOleLCID@0, _OA_NlsLock@4, _OA_NlsSetLangID@4, _OA_OLESTRFromBSTRA@4, _OA_OLESTRFromStringA@4, _OA_OLESTRFromStringLenA@8, _OA_PostInvokeError@4, _OA_PreInvokeError@4, _OA_RaiseError2A@20, _OA_RaiseError2W@20, _OA_RaiseErrorA@20, _OA_RaiseErrorW@20, _OA_RegisterActiveObjectA@12, _OA_RegisterActiveObjectW@12, _OA_RegisterClassObjectA@16, _OA_RegisterClassObjectW@16, _OA_Release@4, _OA_RevokeActiveObject@4, _OA_RevokeClassObject@4, _OA_StrCat@8, _OA_StrCmp@8, _OA_StrCmpi@8, _OA_StrCpy@8, _OA_StrLen@4, _OA_SysAllocNullString@0, _OA_SysAllocString@4, _OA_SysAllocStringA@4, _OA_SysAllocStringLen@8, _OA_SysAllocStringLenA@8, _OA_SysCmp@8, _OA_SysDupString@4, _OA_SysDupStringA@4, _OA_SysFreeString@4, _OA_SysFreeStringA@4, _OA_SysReAllocString@8, _OA_SysReAllocStringA@8, _OA_SysReAllocStringLen@12, _OA_SysReAllocStringLenA@12, _OA_SysStringLen@4, _OA_SysStringLenA@4, _OA_Uninitialize@0, _OA_UninitializeApplication@4, _OA_VariantFromBOOL@8, _OA_VariantFromBSTR@8, _OA_VariantFromDisp@8, _OA_VariantFromI2@8, _OA_VariantFromI4@8, _OA_VariantFromR4@8, _OA_VariantFromR8@12, _OA_VariantFromStringA@8, _OA_VariantFromStringW@8, _OA_Version@0, _OA_WideFromAscii@8, _OA_WinWrapAboutBox@12, _OA_WrapMFCLib@8, _WWBE_AddExtension@12, _WWBE_Attach@8, _WWBE_CodeUnit@4, _WWBE_Continue@4, _WWBE_CreateHandler@8, _WWBE_CreateHandlers@12, _WWBE_CurrentMacroName@4, _WWBE_Detach@4, _WWBE_DetachNoCancel@4, _WWBE_EditMacro@4, _WWBE_Enabled@4, _WWBE_EnabledPut@8, _WWBE_EventMode@4, _WWBE_EventModePut@8, _WWBE_FileChangeDir@4, _WWBE_FileChangeDirPut@8, _WWBE_FileDesc@4, _WWBE_FileDescPut@8, _WWBE_FileExt@4, _WWBE_FileExtPut@8, _WWBE_Fire@8, _WWBE_Interrupt@4, _WWBE_IsActive@8, _WWBE_IsIdle@8, _WWBE_IsStopped@8, _WWBE_LoadMacro@8, _WWBE_LoadModule@8, _WWBE_Locked@4, _WWBE_LockedPut@8, _WWBE_Maximize@4, _WWBE_Minimize@4, _WWBE_ModuleInstance@12, _WWBE_MultiSheet@4, _WWBE_MultiSheetPut@8, _WWBE_ReportError@8, _WWBE_Restore@4, _WWBE_RunMacro@8, _WWBE_SetHiddenCode@8, _WWBE_SetIni@12, _WWBE_UnloadModule@8, _WWBE_Visible@4, _WWBE_VisiblePut@8
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (38.7%)
Win32 Executable MS Visual C++ 4.x (25.9%)
Windows OCX File (23.7%)
Win32 Executable MS Visual C++ (generic) (7.2%)
Win32 Executable Generic (1.6%)
sigcheck:
publisher....: Polar Engineering and Consulting
copyright....: Copyright (c) 1993-1997 Polar Engineering
product......: WinWrap Basic
description..: WinWrap Basic
original name: WW_OA232.DLL
internal name: WW_OA232.DLL
file version.: 4.1.03/32
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned





posledny subor c:\windows\system32\sfcfiles.dll mi nechce vo virus total otvorit.

[Caroprd111]

Jak se chová PC

[jezz33]

a este pekne sviatky prajem

[Caroprd111]

Vám také

[jezz33]

no PC sa nastartoval o dost rychlejsie, ale ak hybem nejakym oknom po ploche, tak to zabera 80-100% vykonu CPU, ci je to samotny task manager, winamp, alebo hocijaky proces...
ostatne veci este poskusam zajtra a ozvem sa

[Caroprd111]

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- Rozbalte a spusťte
- Proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log, který sem vložíte

- Podle návodu v odkazu provedete druhý sken a log sem také vložíte.