Prosím o kontrolu logu počítač je pomalý procesor na 100%

Zpráva

maco111 · #1 Příspěvek od **maco111** » 27 úno 2010 16:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:27, on 27. 2. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hijack\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2418376
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S161.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Sprejmi z &BitSpiritom - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C54D66-FC49-49F4-B095-02ADBBD6E9EB}: NameServer = 195.146.132.58,195.146.128.60
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9ad377a114ff2) (gupdate1c9ad377a114ff2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11252 bytes

#2 Příspěvek od **Caroprd111** » 27 úno 2010 17:22

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 27 úno 2010 17:26

Odinstalujte Spybot - Search & Destroy a Ad-Aware

Obrázek

Napište, které z toolbarů (lišt) můžeme smazat.

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Obrázek

Přečtěte si pravidla fóra a dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

Obrázek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

maco111 · #4 Příspěvek od **maco111** » 27 úno 2010 17:47

Napište, které z toolbarů (lišt) můžeme smazat
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

ako a kde sa to zmazáva?

#5 Příspěvek od **Caroprd111** » 27 úno 2010 17:54

To smažu já, až dáte log z ComboFixu.

maco111 · #6 Příspěvek od **maco111** » 27 úno 2010 18:10

RSTI log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-27 18:06:43
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:57, on 27. 2. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Dokumenty\Preberanie\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijack\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2418376
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S161.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Sprejmi z &BitSpiritom - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C54D66-FC49-49F4-B095-02ADBBD6E9EB}: NameServer = 195.146.132.58,195.146.128.60
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9ad377a114ff2) (gupdate1c9ad377a114ff2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10665 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-05-01 1150976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-22 284040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
PageRage Toolbar - C:\Program Files\PageRage\tbPage.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll [2009-11-20 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-05-01 1150976]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-22 284040]
{9565115d-c7d6-46d3-bd63-b67b481a4368} - PageRage Toolbar - C:\Program Files\PageRage\tbPage.dll [2009-11-09 2331672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"nwiz"=nwiz.exe /install []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-07 1838592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-07 282624]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-07 68856]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31b7e740-067d-11df-87e0-000c7642d1f7}]
shell\AutoRun\command - M:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c439cfbc-6879-11dd-80b6-5254ab2b83a3}]
shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdaf435a-efe2-11de-8783-000c7642d1f7}]
shell\AutoRun\command - Launcher.exe

======List of files/folders created in the last 1 months======

2021-12-03 15:13:28 ----D---- C:\Program Files\ESET
2010-02-27 18:06:43 ----D---- C:\rsit
2010-02-27 16:48:23 ----D---- C:\Program Files\Hijack

======List of files/folders modified in the last 1 months======

2010-02-27 18:07:50 ----D---- C:\WINDOWS\Temp
2010-02-27 18:06:18 ----D---- C:\WINDOWS\Prefetch
2010-02-27 17:50:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-27 17:50:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 17:48:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-27 17:48:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-27 17:48:08 ----D---- C:\WINDOWS
2010-02-27 17:47:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-02-27 17:47:49 ----D---- C:\WINDOWS\system32\drivers
2010-02-27 17:47:44 ----RD---- C:\Program Files
2010-02-27 17:47:39 ----D---- C:\WINDOWS\system32
2010-02-27 17:45:02 ----SHD---- C:\WINDOWS\Installer
2010-02-27 15:37:08 ----A---- C:\WINDOWS\wincmd.ini
2010-02-27 10:16:05 ----D---- C:\WINDOWS\system32\config
2010-02-27 08:17:17 ----D---- C:\WINDOWS\Debug
2010-02-26 15:31:09 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 11:57:12 ----D---- C:\WINDOWS\addins
2010-02-26 11:48:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 11:45:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-21 09:31:14 ----SHD---- C:\System Volume Information
2010-02-21 09:31:14 ----D---- C:\WINDOWS\system32\Restore
2010-02-08 15:38:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-06 13:56:15 ----D---- C:\Program Files\Google
2010-01-29 12:38:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 10368]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2005-01-10 11264]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 aljbaudu;aljbaudu; C:\WINDOWS\system32\drivers\aljbaudu.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 atubukuw;atubukuw; C:\WINDOWS\system32\drivers\atubukuw.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-14 25544]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 Isaaudk1c;Isaaudk1c; C:\WINDOWS\system32\drivers\Isaaudk1c.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-20 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-16 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 gupdate1c9ad377a114ff2;Služba Google Update (gupdate1c9ad377a114ff2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-07 1838592]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-06 306432]

-----------------EOF-----------------

#7 Příspěvek od **Caroprd111** » 27 úno 2010 18:12

OK, ještě ten ComboFix.

maco111 · #8 Příspěvek od **maco111** » 27 úno 2010 19:46

ComboFix 10-02-27.03 - Administrator . 02. 2010 19:00:51.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.260 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\mi2.exe
c:\windows\system32\MSPRPSK.DLL

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2021-12-03 14:13 . 2008-03-01 11:05 -------- d-----w- c:\program files\ESET
2010-02-27 17:06 . 2010-02-27 17:08 -------- d-----w- C:\rsit
2010-02-27 15:48 . 2010-02-27 17:07 -------- d-----w- c:\program files\Hijack
2010-02-26 10:48 . 2010-02-27 18:26 792064 ----a-w- c:\windows\system32\drivers\duaywrtr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:50 . 2007-06-28 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-27 16:48 . 2008-02-25 12:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-06 12:56 . 2008-08-07 06:15 -------- d-----w- c:\program files\Google
2010-01-09 15:20 . 2009-12-23 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-12-23 15:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-23 15:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 20:06 . 2008-02-25 13:05 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-06 20:06 . 2008-02-25 13:05 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-06 12:10 . 2010-01-06 12:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-01-06 12:10 . 2010-01-06 12:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-06 12:10 . 2010-01-06 12:10 -------- d-----w- c:\program files\Synaptics
2010-01-06 11:31 . 2010-01-06 11:31 0 ----a-w- c:\windows\system32\SETBA2.tmp
2010-01-06 11:31 . 2010-01-06 11:31 0 ----a-w- c:\windows\system32\SETBA0.tmp
2010-01-06 11:30 . 2010-01-06 11:30 1310720 ----a-w- c:\windows\system32\SETB9E.tmp
2010-01-06 11:29 . 2010-01-06 11:29 -------- d-----w- c:\program files\VIA
2008-08-07 06:16 . 2008-08-07 06:16 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [BU]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-22 13:38 284040 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\PageRage\tbPage.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-11-20 19:16 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 1838592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 282624]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 29184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [7. 12. 2006 17:08 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [7. 12. 2006 17:08 4608]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10. 6. 2008 16:24 222968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23. 12. 2009 16:55 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23. 12. 2009 16:55 19160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15. 1. 2008 13:11 685816]
S2 gupdate1c9ad377a114ff2;Služba Google Update (gupdate1c9ad377a114ff2);c:\program files\Google\Update\GoogleUpdate.exe [25. 3. 2009 11:50 133104]
S4 Isaaudk1c;Isaaudk1c; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - duaywrtr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 10:49]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 10:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2418376
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Sprejmi z &BitSpiritom - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {54C54D66-FC49-49F4-B095-02ADBBD6E9EB} = 195.146.132.58,195.146.128.60
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=2&q=
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 19:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\duaywrtr]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f6,0b,57,8e,13,bb,b2,94,d3,a2,96,30,c6,56,d7,31,90,0a,37,f0,11,
7a,a6,b9,48,0b,8b,c4,77,45,c7,10,91,03,d1,12,76,98,c4,c0,50,2b,e1,d6,d6,d9,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f6,0b,57,8e,13,bb,b2,94,d3,a2,96,30,c6,56,d7,31,90,0a,37,f0,11,
7a,a6,b9,48,0b,8b,c4,77,45,c7,10,91,03,d1,12,76,98,c4,c0,50,2b,e1,d6,d6,d9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3160)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\program files\Microsoft Office\Office12\1051\GrooveIntlResource.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
.
Completion time: 2010-02-27 19:41:39
ComboFix-quarantined-files.txt 2010-02-27 18:41

Pre-Run: 6 137 380 864
Post-Run: 6 102 745 088

- - End Of File - - 5664684385D3D9E368FE413899732456

#9 Příspěvek od **Caroprd111** » 27 úno 2010 19:57

Pokud nemáte, přesuňte Combofix na plochu

otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
ICQ Service
Isaaudk1c

File::
c:\windows\system32\SETBA2.tmp
c:\windows\system32\SETBA0.tmp
c:\windows\system32\SETB9E.tmp
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\windows\system32\drivers\duaywrtr.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

Folder::
c:\program files\AskSearch
C:\Program Files\ICQ6Toolbar

uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\mfc40u.dll
c:\windows\system32\dllcache\mfc40u.dll
C:\WINDOWS\system32\drivers\aljbaudu.sys
C:\WINDOWS\system32\drivers\atubukuw.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

maco111 · #10 Příspěvek od **maco111** » 28 úno 2010 10:37

Návštěvník
Návštěvník

Registrován: včera, 16:55
Příspěvky: 5
ComboFix 10-02-27.04 - Administrator . 02. 2010 9:47.3.1 - x86
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

FILE ::
"c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\winesm32.exe"
"c:\windows\system32\drivers\duaywrtr.sys"
"c:\windows\system32\SETB9E.tmp"
"c:\windows\system32\SETBA0.tmp"
"c:\windows\system32\SETBA2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\program files\AskSearch
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\system32\drivers\duaywrtr.sys
c:\windows\system32\SETB9E.tmp
c:\windows\system32\SETBA0.tmp
c:\windows\system32\SETBA2.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
-------\Service_Isaaudk1c
-------\Legacy_duaywrtr
-------\Service_duaywrtr

((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2021-12-03 14:13 . 2008-03-01 11:05 -------- d-----w- c:\program files\ESET
2010-02-27 17:06 . 2010-02-27 17:08 -------- d-----w- C:\rsit
2010-02-27 15:48 . 2010-02-27 17:07 -------- d-----w- c:\program files\Hijack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:50 . 2007-06-28 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-27 16:48 . 2008-02-25 12:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-06 12:56 . 2008-08-07 06:15 -------- d-----w- c:\program files\Google
2010-01-09 15:20 . 2009-12-23 15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-12-23 15:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-23 15:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 20:06 . 2008-02-25 13:05 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-06 20:06 . 2008-02-25 13:05 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-06 12:10 . 2010-01-06 12:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-01-06 12:10 . 2010-01-06 12:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-06 12:10 . 2010-01-06 12:10 -------- d-----w- c:\program files\Synaptics
2010-01-06 11:29 . 2010-01-06 11:29 -------- d-----w- c:\program files\VIA
2008-08-07 06:16 . 2008-08-07 06:16 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-09-20 12:00 . 15AFB5576C32CC292E5DD469D96B4909 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\PageRage\tbPage.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-11-20 19:16 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPage.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 1838592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 282624]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15. 1. 2008 13:11 685816]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [7. 12. 2006 17:08 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [7. 12. 2006 17:08 4608]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23. 12. 2009 16:55 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23. 12. 2009 16:55 19160]
S2 gupdate1c9ad377a114ff2;Služba Google Update (gupdate1c9ad377a114ff2);c:\program files\Google\Update\GoogleUpdate.exe [25. 3. 2009 11:50 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 10:49]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 10:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2418376
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Sprejmi z &BitSpiritom - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {54C54D66-FC49-49F4-B095-02ADBBD6E9EB} = 195.146.132.58,195.146.128.60
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\c3e1pl9k.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 10:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823681E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf859afc3
\Driver\ACPI -> ACPI.sys @ 0xf83ebcb8
\Driver\atapi -> 0x823681e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf815bba0
PacketIndicateHandler -> NDIS.sys @ 0xf814aa0b
SendHandler -> NDIS.sys @ 0xf815eb31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f6,0b,57,8e,13,bb,b2,94,d3,a2,96,30,c6,56,d7,31,90,0a,37,f0,11,
7a,a6,b9,48,0b,8b,c4,77,45,c7,10,91,03,d1,12,76,98,c4,c0,50,2b,e1,d6,d6,d9,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f6,0b,57,8e,13,bb,b2,94,d3,a2,96,30,c6,56,d7,31,90,0a,37,f0,11,
7a,a6,b9,48,0b,8b,c4,77,45,c7,10,91,03,d1,12,76,98,c4,c0,50,2b,e1,d6,d6,d9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-02-28 10:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 09:21
ComboFix2.txt 2010-02-27 18:41

Pre-Run: 6 080 507 904
Post-Run: 6 042 865 664

- - End Of File - - 84009EAAFBA7FA2EB22531443AE3E135

Ohlásit tento příspěvek

#11 Příspěvek od **Caroprd111** » 28 úno 2010 10:39

OK, ještě ten virustotal.

maco111 · #12 Příspěvek od **maco111** » 28 úno 2010 14:49

File size: 924432 bytes
MD5 : 15afb5576c32cc292e5dd469d96b4909
SHA1 : edcb7731cd6c367916a01f2402587138e34dc4cb
SHA256: 3a4bb70ab6f02bceed8913228df0abad040cbe8dd6763e905b0d061c30f429f9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC4D3
timedatestamp.....: 0x3BA5C1FF (Mon Sep 17 11:27:27 2001)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x94177 0x94200 6.49 1d5473684e1a237360251f1b19f8943b
.rdata 0x96000 0x2CDEC 0x2CE00 4.76 4a6e45519fa6dd12b536b55982df7c2e
.data 0xC3000 0x8FE8 0x4A00 4.80 265a9933dbe0b2bcc694e0c3f7c58847
.idata 0xCC000 0x303A 0x3200 5.94 33539e05e61e174c240c169fd980d1fd
.rsrc 0xD0000 0x9D5C 0x9E00 3.83 b2e199c11465fedc7c646c6a53c2c7ca
.reloc 0xDA000 0xEAF0 0xEC00 6.56 f6083cf6117f36e5d40a3bb251dbfe71

( 4 imports )

> gdi32.dll: GetTextMetricsW, GetTextExtentPointW, CreateCompatibleDC, ExtTextOutW, StretchDIBits, CreateSolidBrush, DeleteDC, SaveDC, CreateCompatibleBitmap, GetStockObject, GetBkColor, RestoreDC, GetNearestColor, GetPolyFillMode, GetTextColor, GetStretchBltMode, GetROP2, GetTextAlign, GetBkMode, GetWindowExtEx, DeleteObject, GetViewportExtEx, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, MoveToEx, GetCharWidthW, GetCurrentPositionEx, GetTextExtentPointA, Escape, GetDeviceCaps, SetWindowOrgEx, GetWindowOrgEx, GetViewportOrgEx, IntersectClipRect, PtVisible, RectVisible, DeleteMetaFile, CloseMetaFile, GetClipBox, CreatePatternBrush, CreateBitmap, PatBlt, Rectangle, UnrealizeObject, CreateRectRgnIndirect, CreateDCW, BitBlt, CreateFontIndirectW, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, OffsetWindowOrgEx, SelectClipRgn, ExcludeClipRect, OffsetClipRgn, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, GetObjectType, PlayMetaFileRecord, EnumMetaFile, PlayMetaFile, ExtCreatePen, CreateHatchBrush, CreateDIBPatternBrushPt, GetMapMode, CombineRgn, SetRectRgn, DPtoLP, AbortDoc, EndDoc, EndPage, StartPage, SetAbortProc, LPtoDP, SetBrushOrgEx, CopyMetaFileW, CreateMetaFileW, RealizePalette, GetPaletteEntries, CreatePalette, GetPixel, EnumFontFamiliesW, SetMapMode, CreatePen, TextOutW, SelectObject, GetObjectW, SetBkColor, StartDocW, SetTextColor, GetTextFaceW, SelectPalette
> kernel32.dll: GetCurrentThread, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetStringTypeExW, GetShortPathNameW, GetModuleFileNameW, GlobalSize, GetThreadLocale, GlobalLock, GlobalReAlloc, GlobalUnlock, GlobalFree, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetFileAttributesW, GlobalAlloc, InterlockedIncrement, WideCharToMultiByte, MultiByteToWideChar, LocalFree, FormatMessageW, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalAlloc, InitializeCriticalSection, TlsAlloc, DeleteCriticalSection, GlobalHandle, TlsFree, LeaveCriticalSection, EnterCriticalSection, TlsGetValue, TlsSetValue, LocalReAlloc, GetVersion, WaitForSingleObject, CreateSemaphoreW, GetProcAddress, InterlockedDecrement, ReleaseMutex, lstrcpyW, WaitForMultipleObjects, GetCurrentThreadId, lstrcatW, LockResource, LoadResource, FindResourceW, GlobalAddAtomW, GlobalGetAtomNameW, MulDiv, GetProfileIntW, LoadLibraryA, VirtualProtect, SizeofResource, GetProcessVersion, lstrcmpW, GlobalFlags, GetTempFileNameW, GetDiskFreeSpaceW, LocalUnlock, LocalLock, GetTempPathW, SearchPathW, SetEvent, ResumeThread, SetThreadPriority, SuspendThread, IsBadStringPtrW, GlobalDeleteAtom, SetErrorMode, GetPrivateProfileIntW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetCurrentDirectoryW, GetTickCount, GetUserDefaultLCID, IsDBCSLeadByte, lstrcpyA, GetModuleHandleA, DisableThreadLibraryCalls, lstrcatA, GetSystemDirectoryA, Sleep, LoadLibraryW, MoveFileW, FreeLibrary, DeleteFileW, LockFile, SetEndOfFile, UnlockFile, SetFilePointer, CloseHandle, FlushFileBuffers, CreateFileW, WriteFile, ReadFile, lstrlenA, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpA, OutputDebugStringW, IsBadStringPtrA, IsBadReadPtr, IsBadWritePtr, GetLastError, ReleaseSemaphore, SetLastError, lstrcpynW, lstrcmpiW, CreateEventW, CreateMutexW
> msvcrt40.dll: memcmp, calloc, _adjust_fdiv, _initterm, _terminate@@YAXXZ, _except_handler3, _onexit, __dllonexit, __1type_info@@UAE@XZ, _wcsnicmp, _itow, _wcsicmp, wcsncpy, _ltow, _ultow, fabs, floor, modf, labs, _ftol, wcsncmp, _wcsdup, __CxxFrameHandler, _CxxThrowException, __p___wargv, __p___argc, _beginthreadex, _endthreadex, __p___mb_cur_max, _isctype, __p__pctype, _expand, strcpy, strlen, wcscpy, wcstod, swprintf, wcstol, wcstoul, abs, _EH_prolog, _msize, _purecall, wcsftime, localtime, gmtime, time, mktime, _wtoi, iswctype, wcslen, vswprintf, wcsstr, wcsrchr, wcscspn, wcsspn, _wcsrev, wcspbrk, wcschr, wcscmp, realloc, fclose, fflush, fseek, ftell, fgetws, fputws, fwrite, fread, clearerr, _open_osfhandle, _fdopen, __doserrno, _get_osfhandle, memset, abort, free, malloc, memmove, memcpy
> user32.dll: IntersectRect, SetCapture, CharUpperW, GetSystemMetrics, CharLowerW, UnhookWindowsHookEx, MsgWaitForMultipleObjects, RegisterWindowMessageW, SetWindowPos, SetWindowLongW, GetWindowLongW, GetWindowRect, GetWindow, GetMessagePos, GetMessageTime, CallWindowProcW, RemovePropW, GetPropW, SendMessageW, SetForegroundWindow, GetForegroundWindow, GetLastActivePopup, SetPropW, SetWindowsHookExW, CallNextHookEx, CreateWindowExW, DestroyWindow, DefWindowProcW, GetKeyState, GetDlgCtrlID, GetWindowTextW, GetWindowTextLengthW, GetDlgItem, GetWindowPlacement, SetWindowPlacement, TrackPopupMenu, GetMenu, GetMenuItemID, GetSubMenu, GetMenuItemCount, RegisterClassW, GetClassInfoW, WinHelpW, GetCapture, GetScrollInfo, GetParent, IsChild, EnableWindow, IsWindowEnabled, GetTopWindow, SetScrollPos, GetScrollPos, SetScrollRange, GetScrollRange, ShowScrollBar, SetScrollInfo, ScrollWindow, ScreenToClient, IsWindowVisible, EndDeferWindowPos, CopyRect, BeginDeferWindowPos, GetClientRect, DeferWindowPos, EqualRect, AdjustWindowRectEx, SetFocus, IsWindow, SetActiveWindow, GetFocus, PeekMessageW, DispatchMessageW, GetSysColor, MapWindowPoints, SystemParametersInfoW, SendDlgItemMessageA, UpdateWindow, PostMessageW, LoadIconW, SetRectEmpty, LoadAcceleratorsW, TranslateAcceleratorW, ReleaseCapture, SetCursor, GetDesktopWindow, ShowWindow, GetActiveWindow, DestroyMenu, LoadMenuW, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, IsIconic, BringWindowToTop, MessageBoxA, LoadCursorW, wsprintfW, WaitMessage, GetCursorPos, GetWindowThreadProcessId, WindowFromPoint, TranslateMessage, GetMessageW, ClientToScreen, DefFrameProcW, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, RedrawWindow, LoadBitmapW, InflateRect, PtInRect, ReleaseDC, InvertRect, GetWindowDC, OffsetRect, FillRect, SetTimer, KillTimer, SetRect, GetDC, IsZoomed, SetParent, IsRectEmpty, AppendMenuW, DeleteMenu, GetSystemMenu, GetDCEx, LockWindowUpdate, GetTabbedTextExtentA, DrawTextW, GrayStringW, DrawFocusRect, CreateDialogIndirectParamW, EndDialog, GetNextDlgTabItem, wvsprintfW, GetAsyncKeyState, MapDialogRect, GetDialogBaseUnits, BeginPaint, EndPaint, TabbedTextOutW, GetClassNameW, SetWindowTextW, CheckDlgButton, CheckRadioButton, GetDlgItemInt, GetDlgItemTextW, SendDlgItemMessageW, SetDlgItemInt, SetDlgItemTextW, IsDlgButtonChecked, ScrollWindowEx, IsDialogMessageW, MoveWindow, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuW, GetMenuState, GetMenuCheckMarkDimensions, DestroyIcon, SetCursorPos, DestroyCursor, GetTabbedTextExtentW, IsClipboardFormatAvailable, MessageBeep, RemoveMenu, SetMessageQueue, ValidateRect, PostQuitMessage, UnregisterClassW, ShowOwnedPopups, MessageBoxW, InsertMenuW, GetMenuStringW, RegisterClipboardFormatW, ClipCursor, CopyAcceleratorTableW, InSendMessage, PostThreadMessageW, CreateMenu, CountClipboardFormats, CharNextW, GetNextDlgGroupItem, DrawEdge, EnumChildWindows, FrameRect, LoadStringW

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
ssdeep: 24576:4otXEjpgumxd7Ggli1uFD5KvG12b/KZShsiwGFcsd2s0KQNziouPs8:ZXUgumX7/iIFDQvtP
PEiD : -
RDS : NSRL Reference Data Set
-

maco111 · #13 Příspěvek od **maco111** » 28 úno 2010 15:00

File size: 924432 bytes
MD5...: 15afb5576c32cc292e5dd469d96b4909
SHA1..: edcb7731cd6c367916a01f2402587138e34dc4cb
SHA256: 3a4bb70ab6f02bceed8913228df0abad040cbe8dd6763e905b0d061c30f429f9
ssdeep: 24576:4otXEjpgumxd7Ggli1uFD5KvG12b/KZShsiwGFcsd2s0KQNziouPs8:ZXU
gumX7/iIFDQvtP
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc4d3
timedatestamp.....: 0x3ba5c1ff (Mon Sep 17 09:27:27 2001)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x94177 0x94200 6.49 1d5473684e1a237360251f1b19f8943b
.rdata 0x96000 0x2cdec 0x2ce00 4.76 4a6e45519fa6dd12b536b55982df7c2e
.data 0xc3000 0x8fe8 0x4a00 4.80 265a9933dbe0b2bcc694e0c3f7c58847
.idata 0xcc000 0x303a 0x3200 5.94 33539e05e61e174c240c169fd980d1fd
.rsrc 0xd0000 0x9d5c 0x9e00 3.83 b2e199c11465fedc7c646c6a53c2c7ca
.reloc 0xda000 0xeaf0 0xec00 6.56 f6083cf6117f36e5d40a3bb251dbfe71

( 4 imports )
> MSVCRT40.dll: memcmp, calloc, _adjust_fdiv, _initterm, _terminate@@YAXXZ, _except_handler3, _onexit, __dllonexit, __1type_info@@UAE@XZ, _wcsnicmp, _itow, _wcsicmp, wcsncpy, _ltow, _ultow, fabs, floor, modf, labs, _ftol, wcsncmp, _wcsdup, __CxxFrameHandler, _CxxThrowException, __p___wargv, __p___argc, _beginthreadex, _endthreadex, __p___mb_cur_max, _isctype, __p__pctype, _expand, strcpy, strlen, wcscpy, wcstod, swprintf, wcstol, wcstoul, abs, _EH_prolog, _msize, _purecall, wcsftime, localtime, gmtime, time, mktime, _wtoi, iswctype, wcslen, vswprintf, wcsstr, wcsrchr, wcscspn, wcsspn, _wcsrev, wcspbrk, wcschr, wcscmp, realloc, fclose, fflush, fseek, ftell, fgetws, fputws, fwrite, fread, clearerr, _open_osfhandle, _fdopen, __doserrno, _get_osfhandle, memset, abort, free, malloc, memmove, memcpy
> KERNEL32.dll: GetCurrentThread, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetStringTypeExW, GetShortPathNameW, GetModuleFileNameW, GlobalSize, GetThreadLocale, GlobalLock, GlobalReAlloc, GlobalUnlock, GlobalFree, GetFileSize, GetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetFileAttributesW, GlobalAlloc, InterlockedIncrement, WideCharToMultiByte, MultiByteToWideChar, LocalFree, FormatMessageW, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalAlloc, InitializeCriticalSection, TlsAlloc, DeleteCriticalSection, GlobalHandle, TlsFree, LeaveCriticalSection, EnterCriticalSection, TlsGetValue, TlsSetValue, LocalReAlloc, GetVersion, WaitForSingleObject, CreateSemaphoreW, GetProcAddress, InterlockedDecrement, ReleaseMutex, lstrcpyW, WaitForMultipleObjects, GetCurrentThreadId, lstrcatW, LockResource, LoadResource, FindResourceW, GlobalAddAtomW, GlobalGetAtomNameW, MulDiv, GetProfileIntW, LoadLibraryA, VirtualProtect, SizeofResource, GetProcessVersion, lstrcmpW, GlobalFlags, GetTempFileNameW, GetDiskFreeSpaceW, LocalUnlock, LocalLock, GetTempPathW, SearchPathW, SetEvent, ResumeThread, SetThreadPriority, SuspendThread, IsBadStringPtrW, GlobalDeleteAtom, SetErrorMode, GetPrivateProfileIntW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetCurrentDirectoryW, GetTickCount, GetUserDefaultLCID, IsDBCSLeadByte, lstrcpyA, GetModuleHandleA, DisableThreadLibraryCalls, lstrcatA, GetSystemDirectoryA, Sleep, LoadLibraryW, MoveFileW, FreeLibrary, DeleteFileW, LockFile, SetEndOfFile, UnlockFile, SetFilePointer, CloseHandle, FlushFileBuffers, CreateFileW, WriteFile, ReadFile, lstrlenA, GetCurrentProcess, DuplicateHandle, lstrlenW, lstrcmpA, OutputDebugStringW, IsBadStringPtrA, IsBadReadPtr, IsBadWritePtr, GetLastError, ReleaseSemaphore, SetLastError, lstrcpynW, lstrcmpiW, CreateEventW, CreateMutexW
> GDI32.dll: GetTextMetricsW, GetTextExtentPointW, CreateCompatibleDC, ExtTextOutW, StretchDIBits, CreateSolidBrush, DeleteDC, SaveDC, CreateCompatibleBitmap, GetStockObject, GetBkColor, RestoreDC, GetNearestColor, GetPolyFillMode, GetTextColor, GetStretchBltMode, GetROP2, GetTextAlign, GetBkMode, GetWindowExtEx, DeleteObject, GetViewportExtEx, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, MoveToEx, GetCharWidthW, GetCurrentPositionEx, GetTextExtentPointA, Escape, GetDeviceCaps, SetWindowOrgEx, GetWindowOrgEx, GetViewportOrgEx, IntersectClipRect, PtVisible, RectVisible, DeleteMetaFile, CloseMetaFile, GetClipBox, CreatePatternBrush, CreateBitmap, PatBlt, Rectangle, UnrealizeObject, CreateRectRgnIndirect, CreateDCW, BitBlt, CreateFontIndirectW, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, OffsetWindowOrgEx, SelectClipRgn, ExcludeClipRect, OffsetClipRgn, LineTo, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, ArcTo, SetArcDirection, PolyDraw, PolylineTo, SetColorAdjustment, PolyBezierTo, GetClipRgn, CreateRectRgn, SelectClipPath, ExtSelectClipRgn, GetObjectType, PlayMetaFileRecord, EnumMetaFile, PlayMetaFile, ExtCreatePen, CreateHatchBrush, CreateDIBPatternBrushPt, GetMapMode, CombineRgn, SetRectRgn, DPtoLP, AbortDoc, EndDoc, EndPage, StartPage, SetAbortProc, LPtoDP, SetBrushOrgEx, CopyMetaFileW, CreateMetaFileW, RealizePalette, GetPaletteEntries, CreatePalette, GetPixel, EnumFontFamiliesW, SetMapMode, CreatePen, TextOutW, SelectObject, GetObjectW, SetBkColor, StartDocW, SetTextColor, GetTextFaceW, SelectPalette
> USER32.dll: IntersectRect, SetCapture, CharUpperW, GetSystemMetrics, CharLowerW, UnhookWindowsHookEx, MsgWaitForMultipleObjects, RegisterWindowMessageW, SetWindowPos, SetWindowLongW, GetWindowLongW, GetWindowRect, GetWindow, GetMessagePos, GetMessageTime, CallWindowProcW, RemovePropW, GetPropW, SendMessageW, SetForegroundWindow, GetForegroundWindow, GetLastActivePopup, SetPropW, SetWindowsHookExW, CallNextHookEx, CreateWindowExW, DestroyWindow, DefWindowProcW, GetKeyState, GetDlgCtrlID, GetWindowTextW, GetWindowTextLengthW, GetDlgItem, GetWindowPlacement, SetWindowPlacement, TrackPopupMenu, GetMenu, GetMenuItemID, GetSubMenu, GetMenuItemCount, RegisterClassW, GetClassInfoW, WinHelpW, GetCapture, GetScrollInfo, GetParent, IsChild, EnableWindow, IsWindowEnabled, GetTopWindow, SetScrollPos, GetScrollPos, SetScrollRange, GetScrollRange, ShowScrollBar, SetScrollInfo, ScrollWindow, ScreenToClient, IsWindowVisible, EndDeferWindowPos, CopyRect, BeginDeferWindowPos, GetClientRect, DeferWindowPos, EqualRect, AdjustWindowRectEx, SetFocus, IsWindow, SetActiveWindow, GetFocus, PeekMessageW, DispatchMessageW, GetSysColor, MapWindowPoints, SystemParametersInfoW, SendDlgItemMessageA, UpdateWindow, PostMessageW, LoadIconW, SetRectEmpty, LoadAcceleratorsW, TranslateAcceleratorW, ReleaseCapture, SetCursor, GetDesktopWindow, ShowWindow, GetActiveWindow, DestroyMenu, LoadMenuW, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, IsIconic, BringWindowToTop, MessageBoxA, LoadCursorW, wsprintfW, WaitMessage, GetCursorPos, GetWindowThreadProcessId, WindowFromPoint, TranslateMessage, GetMessageW, ClientToScreen, DefFrameProcW, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, RedrawWindow, LoadBitmapW, InflateRect, PtInRect, ReleaseDC, InvertRect, GetWindowDC, OffsetRect, FillRect, SetTimer, KillTimer, SetRect, GetDC, IsZoomed, SetParent, IsRectEmpty, AppendMenuW, DeleteMenu, GetSystemMenu, GetDCEx, LockWindowUpdate, GetTabbedTextExtentA, DrawTextW, GrayStringW, DrawFocusRect, CreateDialogIndirectParamW, EndDialog, GetNextDlgTabItem, wvsprintfW, GetAsyncKeyState, MapDialogRect, GetDialogBaseUnits, BeginPaint, EndPaint, TabbedTextOutW, GetClassNameW, SetWindowTextW, CheckDlgButton, CheckRadioButton, GetDlgItemInt, GetDlgItemTextW, SendDlgItemMessageW, SetDlgItemInt, SetDlgItemTextW, IsDlgButtonChecked, ScrollWindowEx, IsDialogMessageW, MoveWindow, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuW, GetMenuState, GetMenuCheckMarkDimensions, DestroyIcon, SetCursorPos, DestroyCursor, GetTabbedTextExtentW, IsClipboardFormatAvailable, MessageBeep, RemoveMenu, SetMessageQueue, ValidateRect, PostQuitMessage, UnregisterClassW, ShowOwnedPopups, MessageBoxW, InsertMenuW, GetMenuStringW, RegisterClipboardFormatW, ClipCursor, CopyAcceleratorTableW, InSendMessage, PostThreadMessageW, CreateMenu, CountClipboardFormats, CharNextW, GetNextDlgGroupItem, DrawEdge, EnumChildWindows, FrameRect, LoadStringW

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)

maco111 · #14 Příspěvek od **maco111** » 28 úno 2010 15:07

Tie posledné dva súbory mi píše že už neexistujú

Počítač mi už funguje v pohode ďakujem za pomoc.

Nevieš mi odporučiť nejaký program aby sa mi podobné veci nestávali

Dík.

#15 Příspěvek od **Caroprd111** » 28 úno 2010 15:12

Z toho Virustotalu mi pošlete odkaz, tohle jsou jen informace o souboru.

VIRY.CZ

Prosím o kontrolu logu počítač je pomalý procesor na 100%

Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%

Re: Prosím o kontrolu logu počítač je pomalý procesor na 100%