Měl jsem v počítači nějaké potvory a přestože se po zásahu konvenčích HomeEdition antivirů tváří vyléčen, někde něco asi zůstalo.
Při každém startu se mi objeví hláška "Chyba při načítání souboru cpcp.cpo". Koukal jsem, že už to tu někdo řešil, ale zároveň mi přišlo, že co řešení problému to originál, takže univerzální návod asi neexistuje.
Přikládám log
Logfile of random's system information tool 1.06 (written by random/random)
Run by petr at 2010-01-18 23:31:04
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 427 MB (6%) free of 7 GB
Total RAM: 512 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:05, on 18.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Avast4\aswUpdSv.exe
d:\Program Files\Avast4\ashServ.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
D:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Avast4\ashMaiSv.exe
d:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\data\Petr\Downloads\RSIT.exe
C:\Program Files\trend micro\petr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [avast!] d:\Program Files\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout &Mass Downloaderem - D:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: Stáhnout &vše Mass Downloaderem - D:\Program Files\Mass Downloader\Add_All.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://portal.asekol.cz/dana-cached/se ... tupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2563624B-C22C-46D3-BBCE-D7F791BE2FE8}: NameServer = 10.12.32.3,10.12.17.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2563624B-C22C-46D3-BBCE-D7F791BE2FE8}: NameServer = 10.3.0.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{2563624B-C22C-46D3-BBCE-D7F791BE2FE8}: NameServer = 10.12.32.3,10.12.17.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6100 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
"avast!"=d:\Program Files\Avast4\ashDisp.exe [2009-11-25 81000]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2002-01-31 151552]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]
"nwiz"=nwiz.exe /install []
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2006-05-18 450560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=C:\Program Files\Skype\Skype.exe [2007-01-22 25368104]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"D:\Program Files\CZDC++\CZDCPlusPlus.exe"="D:\Program Files\CZDC++\CZDCPlusPlus.exe:*:Disabled:CZDC++"
"C:\Program Files\WinCommander\WINCMD32.EXE"="C:\Program Files\WinCommander\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Skype.exe"="C:\Program Files\Skype\Skype.exe:*:Enabled:Skype"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"D:\Program Files\hry\Need for Speed Underground 2\speed2.exe"="D:\Program Files\hry\Need for Speed Underground 2\speed2.exe:*:Disabled:speed2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{629312e2-be18-11dd-9f69-000c6e2e378b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
shell\Open\command - resycled\boot.com i:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd1d916-6b4b-11da-9bb6-000c6e2e378b}]
shell\AutoRun\command - G:\Autorun.exe
======File associations======
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-01-18 22:46:09 ----D---- C:\Program Files\trend micro
2010-01-18 22:46:08 ----D---- C:\rsit
2010-01-18 20:29:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2010-01-10 21:59:36 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-10 21:59:36 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-10 21:59:36 ----A---- C:\WINDOWS\system32\java.exe
2010-01-08 23:00:16 ----D---- C:\Documents and Settings\petr\Data aplikací\GSBuilder
2009-12-26 17:23:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Western Digital
======List of files/folders modified in the last 1 months======
2010-01-18 23:15:05 ----D---- C:\Program Files\Mozilla Firefox
2010-01-18 23:10:44 ----D---- C:\WINDOWS\Prefetch
2010-01-18 23:09:22 ----D---- C:\Documents and Settings\petr\Data aplikací\Skype
2010-01-18 22:46:09 ----D---- C:\Program Files
2010-01-18 22:24:40 ----D---- C:\temp
2010-01-18 22:23:37 ----A---- C:\WINDOWS\Msiosd.ini
2010-01-18 22:20:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-18 22:20:32 ----D---- C:\Documents and Settings\petr\Data aplikací\ICQ
2010-01-18 22:07:38 ----D---- C:\WINDOWS
2010-01-18 22:07:30 ----D---- C:\WINDOWS\system32
2010-01-18 22:05:53 ----D---- C:\Program Files\Common Files
2010-01-18 22:03:16 ----SHD---- C:\WINDOWS\Installer
2010-01-18 22:01:25 ----D---- C:\Documents and Settings\petr\Data aplikací\Adobe
2010-01-18 22:01:22 ----D---- C:\Program Files\Common Files\Adobe
2010-01-18 22:01:22 ----D---- C:\Program Files\Adobe
2010-01-18 22:00:13 ----D---- C:\WINDOWS\WinSxS
2010-01-18 22:00:10 ----D---- C:\Program Files\Common Files\Nikon
2010-01-18 21:57:15 ----D---- C:\Program Files\Common Files\System
2010-01-18 21:57:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-18 21:57:12 ----D---- C:\Program Files\Microsoft Office
2010-01-18 21:56:58 ----D---- C:\WINDOWS\ShellNew
2010-01-18 21:42:41 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2010-01-18 21:42:29 ----A---- C:\WINDOWS\SYSTEM.INI
2010-01-18 21:35:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-17 17:36:45 ----D---- C:\WINDOWS\system32\drivers
2010-01-17 17:36:44 ----HD---- C:\WINDOWS\inf
2010-01-10 22:01:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-10 21:59:00 ----D---- C:\Program Files\Java
2010-01-10 21:01:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-10 21:01:16 ----D---- C:\WINDOWS\Temp
2010-01-10 21:01:13 ----D---- C:\WINDOWS\system32\Macromed
2010-01-10 20:58:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-10 20:58:33 ----D---- C:\WINDOWS\Help
2010-01-10 20:50:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-10 20:48:51 ----D---- C:\Garmin
2010-01-08 22:40:25 ----D---- C:\Documents and Settings\petr\Data aplikací\GARMIN
2010-01-04 20:19:59 ----AC---- C:\WINDOWS\WINCMD.INI
2010-01-04 20:19:50 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-31 10:19:02 ----D---- C:\Program Files\ICQ6.5
2009-12-26 17:48:40 ----D---- C:\Program Files\QuickTime
2009-12-26 17:48:16 ----D---- C:\Program Files\PowerArchiver
2009-12-26 17:47:15 ----D---- C:\Program Files\Common Files\Real
2009-12-24 00:12:25 ----A---- C:\WINDOWS\winamp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2009-01-23 23552]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-05-13 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-05-13 21440]
R3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-05-13 14720]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-05-13 44384]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-08-01 8320]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 STIrUsb;STIrUsb.sys SigmaTel USB-IrDA Adapter; C:\WINDOWS\System32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-05-13 5600]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2003-11-03 32256]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2009-01-23 431472]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{629312e2-be18-11dd-9f69-000c6e2e378b}]
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
ComboFix 10-01-18.03 - petr 19.01.2010 20:39:38.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.215 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\helca\Data aplikací\JuniperSetup.exe
c:\documents and settings\helca\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\petr\Cookies\aquvuner.db
c:\documents and settings\petr\Cookies\ifezes.vbs
c:\documents and settings\petr\Cookies\jadose.exe
c:\documents and settings\petr\Cookies\rava.vbs
c:\documents and settings\petr\Cookies\xijoqat._sy
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
c:\documents and settings\petr\Local Settings\Temporary Internet Files\ahuher.dll
c:\documents and settings\petr\Local Settings\Temporary Internet Files\hudoke.ban
c:\documents and settings\petr\Local Settings\Temporary Internet Files\qedobapit._sy
c:\documents and settings\petr\Local Settings\Temporary Internet Files\tysyhyc.bin
c:\program files\Common Files\agubi.bat
c:\program files\Common Files\baqym.vbs
c:\program files\Common Files\muja.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\INSTALL.LOG
c:\windows\acefa.scr
c:\windows\awusucu._sy
c:\windows\fywosapodi.bat
c:\windows\ilubyfoso.exe
c:\windows\neleqebe.reg
c:\windows\qadejuf.dll
c:\windows\qasujara.dll
c:\windows\system32\ieuinit.inf
c:\windows\yzubyzyly.scr
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 19:35 . 2010-01-19 19:35 16384 ----atw- c:\temp\Perflib_Perfdata_72c.dat
2010-01-19 14:53 . 2010-01-19 14:54 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-10-24 00:36 . 2009-10-24 00:36 16276 ----a-w- c:\windows\apyjen.sys
2009-10-24 00:36 . 2009-10-24 00:36 13552 ----a-w- c:\windows\xevuzivo.bin
2009-10-24 00:36 . 2009-10-24 00:36 10873 ----a-w- c:\windows\ufyhy.sys
2009-10-24 00:36 . 2009-10-24 00:36 13482 ----a-w- c:\windows\system32\likih.bin
2009-10-22 22:43 . 2009-10-22 22:43 19332 ----a-w- c:\windows\vufowuhevi.bin
2009-10-22 22:43 . 2009-10-22 22:43 17172 ----a-w- c:\program files\Common Files\hysykeq.dll
2009-10-22 22:43 . 2009-10-22 22:43 15418 ----a-w- c:\windows\system32\zokuva.scr
2009-10-22 22:43 . 2009-10-22 22:43 15224 ----a-w- c:\windows\dyjohobu.com
2009-10-22 22:43 . 2009-10-22 22:43 11895 ----a-w- c:\program files\Common Files\matysypalo.pif
2009-10-22 22:43 . 2009-10-22 22:43 11154 ----a-w- c:\windows\jopanuxu.pif
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Skype.exe" [2007-01-22 25368104]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Skype.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout &Mass Downloaderem - d:\program files\Mass Downloader\Add_Url.htm
IE: Stáhnout &vše Mass Downloaderem - d:\program files\Mass Downloader\Add_All.htm
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\duv5deby.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-AfroSanta - c:\program files\hry\Afrohorse Games\AfroSanta\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:44
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-19 20:46:57
ComboFix-quarantined-files.txt 2010-01-19 19:46
Před spuštěním: 348 114 944
Po spuštění: 606 707 712
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - BB987E40322DF76971632EEB362376D0
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.215 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\helca\Data aplikací\JuniperSetup.exe
c:\documents and settings\helca\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\petr\Cookies\aquvuner.db
c:\documents and settings\petr\Cookies\ifezes.vbs
c:\documents and settings\petr\Cookies\jadose.exe
c:\documents and settings\petr\Cookies\rava.vbs
c:\documents and settings\petr\Cookies\xijoqat._sy
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
c:\documents and settings\petr\Local Settings\Temporary Internet Files\ahuher.dll
c:\documents and settings\petr\Local Settings\Temporary Internet Files\hudoke.ban
c:\documents and settings\petr\Local Settings\Temporary Internet Files\qedobapit._sy
c:\documents and settings\petr\Local Settings\Temporary Internet Files\tysyhyc.bin
c:\program files\Common Files\agubi.bat
c:\program files\Common Files\baqym.vbs
c:\program files\Common Files\muja.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\INSTALL.LOG
c:\windows\acefa.scr
c:\windows\awusucu._sy
c:\windows\fywosapodi.bat
c:\windows\ilubyfoso.exe
c:\windows\neleqebe.reg
c:\windows\qadejuf.dll
c:\windows\qasujara.dll
c:\windows\system32\ieuinit.inf
c:\windows\yzubyzyly.scr
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-19 19:35 . 2010-01-19 19:35 16384 ----atw- c:\temp\Perflib_Perfdata_72c.dat
2010-01-19 14:53 . 2010-01-19 14:54 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-10-24 00:36 . 2009-10-24 00:36 16276 ----a-w- c:\windows\apyjen.sys
2009-10-24 00:36 . 2009-10-24 00:36 13552 ----a-w- c:\windows\xevuzivo.bin
2009-10-24 00:36 . 2009-10-24 00:36 10873 ----a-w- c:\windows\ufyhy.sys
2009-10-24 00:36 . 2009-10-24 00:36 13482 ----a-w- c:\windows\system32\likih.bin
2009-10-22 22:43 . 2009-10-22 22:43 19332 ----a-w- c:\windows\vufowuhevi.bin
2009-10-22 22:43 . 2009-10-22 22:43 17172 ----a-w- c:\program files\Common Files\hysykeq.dll
2009-10-22 22:43 . 2009-10-22 22:43 15418 ----a-w- c:\windows\system32\zokuva.scr
2009-10-22 22:43 . 2009-10-22 22:43 15224 ----a-w- c:\windows\dyjohobu.com
2009-10-22 22:43 . 2009-10-22 22:43 11895 ----a-w- c:\program files\Common Files\matysypalo.pif
2009-10-22 22:43 . 2009-10-22 22:43 11154 ----a-w- c:\windows\jopanuxu.pif
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Skype.exe" [2007-01-22 25368104]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Skype.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout &Mass Downloaderem - d:\program files\Mass Downloader\Add_Url.htm
IE: Stáhnout &vše Mass Downloaderem - d:\program files\Mass Downloader\Add_All.htm
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\petr\Data aplikací\Mozilla\Firefox\Profiles\duv5deby.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-AfroSanta - c:\program files\hry\Afrohorse Games\AfroSanta\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:44
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-19 20:46:57
ComboFix-quarantined-files.txt 2010-01-19 19:46
Před spuštěním: 348 114 944
Po spuštění: 606 707 712
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - BB987E40322DF76971632EEB362376D0
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
jeskove usi, to bol ale bordel 
zopakuj akciu s novym scriptom
zopakuj akciu s novym scriptom
Kód: Vybrat vše
File::
c:\windows\apyjen.sys
c:\windows\xevuzivo.bin
c:\windows\ufyhy.sys
c:\windows\system32\likih.bin
c:\windows\vufowuhevi.bin
c:\program files\Common Files\hysykeq.dll
c:\windows\system32\zokuva.scr
c:\windows\dyjohobu.com
c:\program files\Common Files\matysypalo.pif
c:\windows\jopanuxu.pif
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Tady je ten nový log...
ComboFix 10-01-18.03 - helca 20.01.2010 10:18:44.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.217 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\Common Files\hysykeq.dll"
"c:\program files\Common Files\matysypalo.pif"
"c:\windows\apyjen.sys"
"c:\windows\dyjohobu.com"
"c:\windows\jopanuxu.pif"
"c:\windows\system32\likih.bin"
"c:\windows\system32\zokuva.scr"
"c:\windows\ufyhy.sys"
"c:\windows\vufowuhevi.bin"
"c:\windows\xevuzivo.bin"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
c:\program files\Common Files\hysykeq.dll
c:\program files\Common Files\matysypalo.pif
c:\windows\apyjen.sys
c:\windows\dyjohobu.com
c:\windows\jopanuxu.pif
c:\windows\system32\likih.bin
c:\windows\system32\zokuva.scr
c:\windows\ufyhy.sys
c:\windows\vufowuhevi.bin
c:\windows\xevuzivo.bin
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 09:16 . 2010-01-20 09:16 16384 ----atw- c:\temp\Perflib_Perfdata_160.dat
2010-01-20 09:16 . 2010-01-20 09:16 16384 ----atw- c:\temp\Perflib_Perfdata_57c.dat
2010-01-19 14:53 . 2010-01-19 21:59 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 22:03 . 2005-12-20 20:02 -------- d-----w- c:\program files\Skype
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\helca\Data aplikací\Mozilla\Firefox\Profiles\dnm1yjn5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Skype - c:\program files\Skype\Skype.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 10:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-20 10:25:49
ComboFix-quarantined-files.txt 2010-01-20 09:25
ComboFix2.txt 2010-01-19 19:46
Před spuštěním: 635 072 512
Po spuštění: 601 915 392
- - End Of File - - 2FC050E4A56B70910ACAB9C34AAA71A8
ComboFix 10-01-18.03 - helca 20.01.2010 10:18:44.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.217 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\Common Files\hysykeq.dll"
"c:\program files\Common Files\matysypalo.pif"
"c:\windows\apyjen.sys"
"c:\windows\dyjohobu.com"
"c:\windows\jopanuxu.pif"
"c:\windows\system32\likih.bin"
"c:\windows\system32\zokuva.scr"
"c:\windows\ufyhy.sys"
"c:\windows\vufowuhevi.bin"
"c:\windows\xevuzivo.bin"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
c:\program files\Common Files\hysykeq.dll
c:\program files\Common Files\matysypalo.pif
c:\windows\apyjen.sys
c:\windows\dyjohobu.com
c:\windows\jopanuxu.pif
c:\windows\system32\likih.bin
c:\windows\system32\zokuva.scr
c:\windows\ufyhy.sys
c:\windows\vufowuhevi.bin
c:\windows\xevuzivo.bin
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 09:16 . 2010-01-20 09:16 16384 ----atw- c:\temp\Perflib_Perfdata_160.dat
2010-01-20 09:16 . 2010-01-20 09:16 16384 ----atw- c:\temp\Perflib_Perfdata_57c.dat
2010-01-19 14:53 . 2010-01-19 21:59 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 22:03 . 2005-12-20 20:02 -------- d-----w- c:\program files\Skype
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\helca\Data aplikací\Mozilla\Firefox\Profiles\dnm1yjn5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Skype - c:\program files\Skype\Skype.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 10:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-20 10:25:49
ComboFix-quarantined-files.txt 2010-01-20 09:25
ComboFix2.txt 2010-01-19 19:46
Před spuštěním: 635 072 512
Po spuštění: 601 915 392
- - End Of File - - 2FC050E4A56B70910ACAB9C34AAA71A8
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
uz to vypada OK, ale kedze AVAST driemal ako princezna na hrasku, preventivne prescanuj PC s http://support.f-secure.com/enu/home/ols.shtml 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Super, děkuji moc.
Večer, až se vrátím domů, to ještě proskenuji dle doporučení.
Počítač neměl nejspíš žádnou údržbu nejméně poslední 4 roky
Tak podle toho chudáček vypadá.
Večer, až se vrátím domů, to ještě proskenuji dle doporučení.
Počítač neměl nejspíš žádnou údržbu nejméně poslední 4 roky
Tak podle toho chudáček vypadá.Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
nemas zac
a tak to zas niektori sikovni uzivatelia su schopni dostat PC do takeho stavu za polhodinku
a tak to zas niektori sikovni uzivatelia su schopni dostat PC do takeho stavu za polhodinku
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Ještě bych měl jeden dotaz. Na počítači je více profilů, všechny mají admin práva. Je možné, že když jsme toto pročištění provedli pod jedním, že to mělo naopak neblahý vliv na jiný profil? Žena si stěžuje, že pod jejím profilem "je počítač pomalý a špatně funguje internet".
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Tak po proscanování tam ještě nějaké potvory byly.JaRon píše:uz to vypada OK, ale kedze AVAST driemal ako princezna na hrasku, preventivne prescanuj PC s http://support.f-secure.com/enu/home/ols.shtml
Scanning Report
Wednesday, January 20, 2010 18:32:01 - 18:46:11
Computer name: JEREMENKOVA
Scanning type: Quick scan
Target: System
5 malware found
TrackingCookie.Advertising (spyware)
* System (Disinfected)
TrackingCookie.Atdmt (spyware)
* System (Disinfected)
TrackingCookie.Doubleclick (spyware)
* System (Disinfected)
Trojan.Generic.2111996 (spyware)
* System (Disinfected)
TrackingCookie.Atwola (spyware)
* System (Disinfected)
Statistics
Scanned:
* Files: 3106
* System: 3106
* Not scanned: 0
Actions:
* Disinfected: 5
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
no jeden trojan, ostatne zanedbatelne
ak je v zeninom profile problem, spust tam ComboFix - bez scriptu - a jeho log vloz
ak je v zeninom profile problem, spust tam ComboFix - bez scriptu - a jeho log vloz
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
Tak tady je log z druhého profilu.
ComboFix 10-01-19.08 - helca 20.01.2010 19:28:34.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.204 [GMT 1:00]
Spuštěný z: c:\documents and settings\helca\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 18:22 . 2010-01-20 18:25 -------- d-----w- c:\windows\LastGood
2010-01-20 18:21 . 2010-01-20 18:21 16384 ----atw- c:\temp\Perflib_Perfdata_734.dat
2010-01-20 18:20 . 2010-01-20 18:20 16384 ----atw- c:\temp\Perflib_Perfdata_590.dat
2010-01-19 14:53 . 2010-01-19 21:59 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 22:03 . 2005-12-20 20:02 -------- d-----w- c:\program files\Skype
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_19.44.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-09-13 14:56 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-01-20 18:22 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-01-20 18:22 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2003-09-13 14:56 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2001-10-25 13:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2001-10-25 13:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 43352 c:\windows\LastGood\system32\wups2.dll
+ 2010-01-20 18:22 . 2007-07-30 17:18 33624 c:\windows\LastGood\system32\wups.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 53080 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-01-20 18:22 . 2007-07-30 17:19 92504 c:\windows\LastGood\system32\cdm.dll
+ 2004-08-03 11:59 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-03 11:58 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-03 12:00 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-03 11:59 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-03 11:58 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-03 12:00 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 203096 c:\windows\LastGood\system32\wuweb.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 325976 c:\windows\LastGood\system32\wucltui.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 549720 c:\windows\LastGood\system32\wuapi.dll
+ 2003-09-13 14:56 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2003-09-13 14:56 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 1712984 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\petr\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\petr\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\helca\Data aplikací\Mozilla\Firefox\Profiles\dnm1yjn5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 19:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-20 19:37:26
ComboFix-quarantined-files.txt 2010-01-20 18:37
ComboFix2.txt 2010-01-20 09:25
ComboFix3.txt 2010-01-19 19:46
Před spuštěním: 80 920 576
Po spuštění: 436 330 496
- - End Of File - - DC8B730563FEF629397E3E6915E1FEC3
ComboFix 10-01-19.08 - helca 20.01.2010 19:28:34.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.512.204 [GMT 1:00]
Spuštěný z: c:\documents and settings\helca\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\owulox.reg
c:\documents and settings\petr\Data aplikacˇ\cukesu.vbs
c:\documents and settings\petr\Data aplikacˇ\icixavy.bat
c:\documents and settings\petr\Data aplikacˇ\zykibodij.inf
c:\documents and settings\petr\Local Settings\Data aplikacˇ\oxokice.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 18:22 . 2010-01-20 18:25 -------- d-----w- c:\windows\LastGood
2010-01-20 18:21 . 2010-01-20 18:21 16384 ----atw- c:\temp\Perflib_Perfdata_734.dat
2010-01-20 18:20 . 2010-01-20 18:20 16384 ----atw- c:\temp\Perflib_Perfdata_590.dat
2010-01-19 14:53 . 2010-01-19 21:59 -------- d-----w- c:\program files\RustCZ
2010-01-18 21:46 . 2010-01-18 22:31 -------- d-----w- c:\program files\trend micro
2010-01-18 21:46 . 2010-01-18 21:46 -------- d-----w- C:\rsit
2010-01-17 16:36 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-01-10 20:40 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_2
2010-01-10 20:24 . 2010-01-19 19:43 -------- d-----w- c:\temp\_ir_tmpfnt_1
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 22:03 . 2005-12-20 20:02 -------- d-----w- c:\program files\Skype
2010-01-19 19:43 . 2009-06-27 17:54 -------- d-----w- c:\program files\ICQ6.5
2010-01-18 21:01 . 2003-09-13 15:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 21:00 . 2008-12-18 17:47 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-18 20:42 . 2007-01-26 22:50 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2010-01-10 20:59 . 2006-03-10 12:27 -------- d-----w- c:\program files\Java
2010-01-10 19:58 . 2001-10-25 13:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 19:58 . 2001-10-25 13:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 19:50 . 2004-10-18 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 16:48 . 2005-05-08 09:56 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:48 . 2004-02-13 15:17 -------- d-----w- c:\program files\PowerArchiver
2009-12-26 16:47 . 2006-06-16 22:51 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 23:54 . 2004-12-05 21:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2003-12-11 22:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2003-12-11 22:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-01 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-01 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2004-11-14 23:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2005-02-23 22:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2003-12-11 22:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2004-12-05 21:58 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_19.44.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-09-13 14:56 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-01-20 18:22 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-01-20 18:22 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2003-09-13 14:56 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2001-10-25 13:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2001-10-25 13:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 43352 c:\windows\LastGood\system32\wups2.dll
+ 2010-01-20 18:22 . 2007-07-30 17:18 33624 c:\windows\LastGood\system32\wups.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 53080 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-01-20 18:22 . 2007-07-30 17:19 92504 c:\windows\LastGood\system32\cdm.dll
+ 2004-08-03 11:59 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-03 11:58 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-03 12:00 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-03 11:59 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-03 11:58 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-03 12:00 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 203096 c:\windows\LastGood\system32\wuweb.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 325976 c:\windows\LastGood\system32\wucltui.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 549720 c:\windows\LastGood\system32\wuapi.dll
+ 2003-09-13 14:56 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2003-09-13 14:56 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-01-20 18:22 . 2007-07-30 17:19 1712984 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"avast!"="d:\program files\Avast4\ashDisp.exe" [2009-11-24 81000]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-01-31 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\CZDC++\\CZDCPlusPlus.exe"=
"c:\\Program Files\\WinCommander\\WINCMD32.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\hry\\Need for Speed Underground 2\\speed2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11.3.2006 18:58 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 21:04 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21.9.2004 18:40 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 21:04 20560]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.1.2010 17:36 11520]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11.3.2006 18:58 158720]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [21.9.2004 18:40 28672]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\petr\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\petr\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: {2563624B-C22C-46D3-BBCE-D7F791BE2FE8} = 10.12.32.3,10.12.17.1
FF - ProfilePath - c:\documents and settings\helca\Data aplikací\Mozilla\Firefox\Profiles\dnm1yjn5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 19:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\?????%[??????'[??'[??'[??????????????%[??%[??'[??'[$?????%[??????????????%[????????<?%[???w????(????$?w???w?????$?w ??w??%[????????d???V?&[??%[??'[d???-?&[^3%[??&[b??wTJ%[?)%[?)%[htinst.I????*1%[H?'[d??????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Celkový čas: 2010-01-20 19:37:26
ComboFix-quarantined-files.txt 2010-01-20 18:37
ComboFix2.txt 2010-01-20 09:25
ComboFix3.txt 2010-01-19 19:46
Před spuštěním: 80 920 576
Po spuštění: 436 330 496
- - End Of File - - DC8B730563FEF629397E3E6915E1FEC3
Re: Prosím o pomoc s "Chyba při načítání souboru cpcp.cpo"
takze aj tam bol bordel, teraz by mal byt OK
doporucujem este doinstalovat ServicePack3
doporucujem este doinstalovat ServicePack3
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?