mam problem odysiel mi RSit pri spustani vihodi Autolt Error {line 1353 ..Error: subsript used with non-Array variable...
tu je log ..
Logfile of random's system information tool 1.07 (written by random/random)
Run by Kauboun at 2010-06-16 17:20:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 1023 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:43, on 16. 6. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\totalcmd\TOTALCMD.EXE
c:\RSIT.exe
C:\Program Files\trend micro\Kauboun.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\tbReal.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\tbReal.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\Kauboun\LOCALS~1\Temp\Qk1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\RpcAgentSrv.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
--
End of file - 12222 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1897051121-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1897051121-1801674531-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
RealoreStudios Toolbar - C:\Program Files\RealoreStudios\tbReal.dll [2009-11-09 2331672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
MP3 Rocket Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-08 1362320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-01-24 245760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-01-24 245760]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{D4027C7F-154A-4066-A1AD-4243D8127440} - MP3 Rocket Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-08 1362320]
{03fee850-0101-4e9e-b6d4-6fc74d3db360} - RealoreStudios Toolbar - C:\Program Files\RealoreStudios\tbReal.dll [2009-11-09 2331672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Lexmark 2200 Series"=C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=D:\Program Files\Steam\Steam.exe [2010-05-07 1238352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Documents and Settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
"M5T8QL3YW3"=C:\DOCUME~1\Kauboun\LOCALS~1\Temp\Qk1.exe []
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poprosim kontrolu mam tu nejaky bordel
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
ComboFix 10-06-15.04 - Kauboun . 06. 2010 19:42:12.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.524 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kauboun\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 15:20 . 2010-06-16 15:20 -------- d-----w- C:\rsit
2010-06-16 13:40 . 2009-11-17 08:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-16 13:39 . 2010-06-16 13:40 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-16 13:18 . 2010-06-16 13:12 824681 ----a-w- C:\RSIT.exe
2010-06-16 13:11 . 2010-06-16 15:21 -------- d-----w- c:\program files\trend micro
2010-06-14 13:16 . 2010-06-14 13:16 -------- d-----w- c:\program files\Conduit
2010-06-14 13:16 . 2010-06-14 13:28 -------- d-----w- c:\program files\RealoreStudios
2010-06-14 13:15 . 2010-06-14 13:27 -------- d-----w- c:\program files\Realore
2010-06-10 21:30 . 2010-06-10 21:30 54552 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-06 23:42 . 2010-06-07 20:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 23:41 . 2010-06-07 20:36 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 23:41 . 2010-06-06 23:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 23:41 . 2010-06-06 23:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-06 23:41 . 2010-06-06 23:41 -------- d-----w- c:\windows\system32\LogFiles
2010-06-06 23:29 . 2010-06-06 23:29 -------- d-----w- c:\program files\EA Games
2010-05-23 17:53 . 2010-05-24 05:31 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 11:26 . 2010-01-29 08:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 04:37 . 2010-01-23 13:39 -------- d-----w- c:\program files\ICQ7.0
2010-06-15 20:36 . 2010-06-15 20:37 2030592 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-15 03:55 . 2010-01-30 11:02 12582709 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-11 15:11 . 2010-05-05 20:32 -------- d-----w- c:\program files\Digsby
2010-06-10 18:55 . 2010-01-26 17:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 23:31 . 2010-06-09 06:50 44544 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-07 04:54 . 2010-06-07 12:31 380928 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-06-05 21:45 . 2010-02-17 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:14 . 2010-01-23 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 22:45 . 2010-06-02 22:46 1948160 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-05-29 21:52 . 2010-05-29 21:53 1939968 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-05-26 22:21 . 2010-05-27 05:32 1933824 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-22 00:05 . 2010-05-22 06:32 142336 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-05-21 13:31 . 2010-01-27 19:52 -------- d-----w- c:\program files\Vuze
2010-05-19 22:21 . 2010-05-20 04:48 1921536 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-05-19 20:48 . 2010-04-06 17:44 -------- d-----w- c:\program files\Microsoft Works
2010-05-15 14:11 . 2010-04-11 09:41 -------- d-----w- c:\program files\Java
2010-05-14 17:34 . 2010-05-14 23:44 594944 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-05-10 06:03 . 2010-05-10 06:03 -------- d-----w- c:\program files\Easy MP3 Cutter
2010-05-09 21:09 . 2010-05-09 21:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-09 21:08 . 2010-05-09 21:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-04 21:19 . 2010-05-04 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-04 21:19 . 2010-01-26 17:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-03 05:36 . 2010-01-24 03:17 -------- d-----w- c:\program files\Opera
2010-04-22 00:47 . 2010-04-22 05:33 1826816 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-19 23:21 . 2010-01-24 00:35 -------- d-----w- c:\program files\ATI Technologies
2010-04-19 20:12 . 2010-04-19 20:12 -------- d-----w- c:\program files\Common Files\Control Panels
2010-04-19 20:11 . 2010-01-23 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 05:28 . 2010-04-19 05:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 05:28 . 2010-04-19 05:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 05:27 . 2010-01-30 17:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 05:27 . 2010-01-30 17:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-12 15:29 . 2010-05-15 14:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 09:54 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 09:54 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2009-11-09 16:38 2331672 ----a-w- c:\program files\RealoreStudios\tbReal.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\tbReal.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kauboun\\Plocha\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2010 19:19 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.1.2010 3:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2010 3:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 15:39 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23.1.2010 19:25 4408616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [23.1.2010 19:26 112936]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\RpcAgentSrv.exe [5.2.2010 10:16 98488]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23.1.2010 19:25 15656]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:20]
2010-06-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.digsby.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kauboun\Data aplikací\Mozilla\Firefox\Profiles\g8dvvh8l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-C6501Sound - c6501.cpl
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 19:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spfa.sys >>UNKNOWN [0x8658D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7620f28
\Driver\ACPI -> ACPI.sys @ 0xf73a8cb8
\Driver\atapi -> atapi.sys @ 0xf733db40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
user & kernel MBR OK
malicious code @ sector 0x950a600 size 0x2c3 !
PE file found in sector at 0x0950A600 !
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E7D1DFB-AFF7-D49F-442E-68437C0D08A8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iammgikkppkamldhop"=hex:6c,61,62,70,6f,6a,6e,63,62,6d,61,6d,6f,70,6d,62,6e,70,
6b,66,6b,6f,65,64,00,87
"hagaehmikjmnbcei"=hex:6c,61,62,70,6f,6a,6e,63,62,6d,61,6d,6f,70,6d,62,6e,70,
6b,66,6b,6f,65,64,00,87
"gannjcnlkjdfmg"=hex:61,63,6c,70,6d,67,61,6e,63,6d,6a,70,66,66,70,62,62,6a,6c,
69,64,6f,6b,65,6e,6b,6c,6f,61,65,62,68,68,6c,63,69,66,6b,6f,61,66,6d,69,6e,\
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,bc,62,3d,f6,90,ea,19,ed,76,53,62,f4,51,77,3c,0c,71,92,5f,8d,50,d5,
05,18,67,ce,6e,b0,cb,62,11,5b,ab,9f,3d,26,c1,0a,22,64,ee,68,32,a8,10,ad,dc,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Celkový čas: 2010-06-16 19:58:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-16 17:58
Před spuštěním: 2 592 735 232
Po spuštění: 4 254 232 576
- - End Of File - - 48B23EA85A19F8821EAFC40EB6E0955F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.524 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kauboun\Dokumenty\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 15:20 . 2010-06-16 15:20 -------- d-----w- C:\rsit
2010-06-16 13:40 . 2009-11-17 08:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-16 13:39 . 2010-06-16 13:40 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-16 13:18 . 2010-06-16 13:12 824681 ----a-w- C:\RSIT.exe
2010-06-16 13:11 . 2010-06-16 15:21 -------- d-----w- c:\program files\trend micro
2010-06-14 13:16 . 2010-06-14 13:16 -------- d-----w- c:\program files\Conduit
2010-06-14 13:16 . 2010-06-14 13:28 -------- d-----w- c:\program files\RealoreStudios
2010-06-14 13:15 . 2010-06-14 13:27 -------- d-----w- c:\program files\Realore
2010-06-10 21:30 . 2010-06-10 21:30 54552 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-06 23:42 . 2010-06-07 20:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 23:41 . 2010-06-07 20:36 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 23:41 . 2010-06-06 23:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 23:41 . 2010-06-06 23:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-06 23:41 . 2010-06-06 23:41 -------- d-----w- c:\windows\system32\LogFiles
2010-06-06 23:29 . 2010-06-06 23:29 -------- d-----w- c:\program files\EA Games
2010-05-23 17:53 . 2010-05-24 05:31 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 11:26 . 2010-01-29 08:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 04:37 . 2010-01-23 13:39 -------- d-----w- c:\program files\ICQ7.0
2010-06-15 20:36 . 2010-06-15 20:37 2030592 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-15 03:55 . 2010-01-30 11:02 12582709 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-11 15:11 . 2010-05-05 20:32 -------- d-----w- c:\program files\Digsby
2010-06-10 18:55 . 2010-01-26 17:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 23:31 . 2010-06-09 06:50 44544 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-07 04:54 . 2010-06-07 12:31 380928 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-06-05 21:45 . 2010-02-17 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:14 . 2010-01-23 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 22:45 . 2010-06-02 22:46 1948160 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-05-29 21:52 . 2010-05-29 21:53 1939968 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-05-26 22:21 . 2010-05-27 05:32 1933824 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-22 00:05 . 2010-05-22 06:32 142336 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-05-21 13:31 . 2010-01-27 19:52 -------- d-----w- c:\program files\Vuze
2010-05-19 22:21 . 2010-05-20 04:48 1921536 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-05-19 20:48 . 2010-04-06 17:44 -------- d-----w- c:\program files\Microsoft Works
2010-05-15 14:11 . 2010-04-11 09:41 -------- d-----w- c:\program files\Java
2010-05-14 17:34 . 2010-05-14 23:44 594944 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-05-10 06:03 . 2010-05-10 06:03 -------- d-----w- c:\program files\Easy MP3 Cutter
2010-05-09 21:09 . 2010-05-09 21:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-09 21:08 . 2010-05-09 21:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-04 21:19 . 2010-05-04 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-04 21:19 . 2010-01-26 17:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-03 05:36 . 2010-01-24 03:17 -------- d-----w- c:\program files\Opera
2010-04-22 00:47 . 2010-04-22 05:33 1826816 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-19 23:21 . 2010-01-24 00:35 -------- d-----w- c:\program files\ATI Technologies
2010-04-19 20:12 . 2010-04-19 20:12 -------- d-----w- c:\program files\Common Files\Control Panels
2010-04-19 20:11 . 2010-01-23 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 05:28 . 2010-04-19 05:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 05:28 . 2010-04-19 05:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 05:27 . 2010-01-30 17:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 05:27 . 2010-01-30 17:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-12 15:29 . 2010-05-15 14:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 09:54 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 09:54 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2009-11-09 16:38 2331672 ----a-w- c:\program files\RealoreStudios\tbReal.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 15:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\tbReal.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kauboun\\Plocha\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2010 19:19 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.1.2010 3:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2010 3:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 15:39 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23.1.2010 19:25 4408616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [23.1.2010 19:26 112936]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\RpcAgentSrv.exe [5.2.2010 10:16 98488]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23.1.2010 19:25 15656]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:20]
2010-06-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 15:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.digsby.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kauboun\Data aplikací\Mozilla\Firefox\Profiles\g8dvvh8l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-C6501Sound - c6501.cpl
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 19:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spfa.sys >>UNKNOWN [0x8658D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7620f28
\Driver\ACPI -> ACPI.sys @ 0xf73a8cb8
\Driver\atapi -> atapi.sys @ 0xf733db40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
user & kernel MBR OK
malicious code @ sector 0x950a600 size 0x2c3 !
PE file found in sector at 0x0950A600 !
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E7D1DFB-AFF7-D49F-442E-68437C0D08A8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iammgikkppkamldhop"=hex:6c,61,62,70,6f,6a,6e,63,62,6d,61,6d,6f,70,6d,62,6e,70,
6b,66,6b,6f,65,64,00,87
"hagaehmikjmnbcei"=hex:6c,61,62,70,6f,6a,6e,63,62,6d,61,6d,6f,70,6d,62,6e,70,
6b,66,6b,6f,65,64,00,87
"gannjcnlkjdfmg"=hex:61,63,6c,70,6d,67,61,6e,63,6d,6a,70,66,66,70,62,62,6a,6c,
69,64,6f,6b,65,6e,6b,6c,6f,61,65,62,68,68,6c,63,69,66,6b,6f,61,66,6d,69,6e,\
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,bc,62,3d,f6,90,ea,19,ed,76,53,62,f4,51,77,3c,0c,71,92,5f,8d,50,d5,
05,18,67,ce,6e,b0,cb,62,11,5b,ab,9f,3d,26,c1,0a,22,64,ee,68,32,a8,10,ad,dc,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Celkový čas: 2010-06-16 19:58:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-16 17:58
Před spuštěním: 2 592 735 232
Po spuštění: 4 254 232 576
- - End Of File - - 48B23EA85A19F8821EAFC40EB6E0955F
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
Regnull::
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E7D1DFB-AFF7-D49F-442E-68437C0D08A8}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
ok hotovo 
ComboFix 10-06-15.04 - Kauboun . 06. 2010 21:12:22.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.529 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kauboun\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kauboun\Dokumenty\Downloads\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 15:20 . 2010-06-16 15:20 -------- d-----w- C:\rsit
2010-06-16 13:40 . 2009-11-17 08:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-16 13:39 . 2010-06-16 13:40 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-16 13:18 . 2010-06-16 13:12 824681 ----a-w- C:\RSIT.exe
2010-06-16 13:11 . 2010-06-16 15:21 -------- d-----w- c:\program files\trend micro
2010-06-14 13:16 . 2010-06-14 13:16 -------- d-----w- c:\program files\Conduit
2010-06-14 13:16 . 2010-06-14 13:28 -------- d-----w- c:\program files\RealoreStudios
2010-06-14 13:15 . 2010-06-14 13:27 -------- d-----w- c:\program files\Realore
2010-06-10 21:30 . 2010-06-10 21:30 54552 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-06 23:42 . 2010-06-07 20:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 23:41 . 2010-06-07 20:36 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 23:41 . 2010-06-06 23:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 23:41 . 2010-06-06 23:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-06 23:41 . 2010-06-06 23:41 -------- d-----w- c:\windows\system32\LogFiles
2010-06-06 23:29 . 2010-06-06 23:29 -------- d-----w- c:\program files\EA Games
2010-05-23 17:53 . 2010-05-24 05:31 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 11:26 . 2010-01-29 08:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 04:37 . 2010-01-23 13:39 -------- d-----w- c:\program files\ICQ7.0
2010-06-15 20:36 . 2010-06-15 20:37 2030592 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-15 03:55 . 2010-01-30 11:02 12582709 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-11 15:11 . 2010-05-05 20:32 -------- d-----w- c:\program files\Digsby
2010-06-10 18:55 . 2010-01-26 17:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 23:31 . 2010-06-09 06:50 44544 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-07 04:54 . 2010-06-07 12:31 380928 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-06-05 21:45 . 2010-02-17 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:14 . 2010-01-23 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 22:45 . 2010-06-02 22:46 1948160 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-05-29 21:52 . 2010-05-29 21:53 1939968 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-05-26 22:21 . 2010-05-27 05:32 1933824 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-22 00:05 . 2010-05-22 06:32 142336 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-05-21 13:31 . 2010-01-27 19:52 -------- d-----w- c:\program files\Vuze
2010-05-19 22:21 . 2010-05-20 04:48 1921536 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-05-19 20:48 . 2010-04-06 17:44 -------- d-----w- c:\program files\Microsoft Works
2010-05-15 14:11 . 2010-04-11 09:41 -------- d-----w- c:\program files\Java
2010-05-14 17:34 . 2010-05-14 23:44 594944 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-05-10 06:03 . 2010-05-10 06:03 -------- d-----w- c:\program files\Easy MP3 Cutter
2010-05-09 21:09 . 2010-05-09 21:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-09 21:08 . 2010-05-09 21:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-04 21:19 . 2010-05-04 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-04 21:19 . 2010-01-26 17:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-03 05:36 . 2010-01-24 03:17 -------- d-----w- c:\program files\Opera
2010-04-22 00:47 . 2010-04-22 05:33 1826816 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-19 23:21 . 2010-01-24 00:35 -------- d-----w- c:\program files\ATI Technologies
2010-04-19 20:12 . 2010-04-19 20:12 -------- d-----w- c:\program files\Common Files\Control Panels
2010-04-19 20:11 . 2010-01-23 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 05:28 . 2010-04-19 05:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 05:28 . 2010-04-19 05:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 05:27 . 2010-01-30 17:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 05:27 . 2010-01-30 17:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-12 15:29 . 2010-05-15 14:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 09:54 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 09:54 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-06-16_17.52.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 19:09 . 2010-06-16 19:09 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2010-06-16 19:10 . 2010-06-16 19:10 16384 c:\windows\Temp\Perflib_Perfdata_1f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2009-11-09 16:38 2331672 ----a-w- c:\program files\RealoreStudios\tbReal.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\tbReal.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kauboun\\Plocha\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.1.2010 3:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2010 3:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 15:39 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23.1.2010 19:25 4408616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [23.1.2010 19:26 112936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2010 19:19 691696]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\RpcAgentSrv.exe [5.2.2010 10:16 98488]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23.1.2010 19:25 15656]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.digsby.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kauboun\Data aplikací\Mozilla\Firefox\Profiles\g8dvvh8l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 21:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,bc,62,3d,f6,90,ea,19,ed,76,53,62,f4,51,77,3c,0c,71,92,5f,8d,50,d5,
05,18,67,ce,6e,b0,cb,62,11,5b,ab,9f,3d,26,c1,0a,22,64,ee,68,32,a8,10,ad,dc,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-16 21:21:09
ComboFix-quarantined-files.txt 2010-06-16 19:21
ComboFix2.txt 2010-06-16 17:58
Před spuštěním: 4 245 004 288
Po spuštění: 4 230 565 888
- - End Of File - - 05AC098BFD6D66BE5DEFF81529D3A6F0
ComboFix 10-06-15.04 - Kauboun . 06. 2010 21:12:22.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.529 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kauboun\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kauboun\Dokumenty\Downloads\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 15:20 . 2010-06-16 15:20 -------- d-----w- C:\rsit
2010-06-16 13:40 . 2009-11-17 08:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-16 13:39 . 2010-06-16 13:40 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-16 13:18 . 2010-06-16 13:12 824681 ----a-w- C:\RSIT.exe
2010-06-16 13:11 . 2010-06-16 15:21 -------- d-----w- c:\program files\trend micro
2010-06-14 13:16 . 2010-06-14 13:16 -------- d-----w- c:\program files\Conduit
2010-06-14 13:16 . 2010-06-14 13:28 -------- d-----w- c:\program files\RealoreStudios
2010-06-14 13:15 . 2010-06-14 13:27 -------- d-----w- c:\program files\Realore
2010-06-10 21:30 . 2010-06-10 21:30 54552 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-06 23:42 . 2010-06-07 20:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 23:41 . 2010-06-07 20:36 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 23:41 . 2010-06-06 23:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 23:41 . 2010-06-06 23:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-06 23:41 . 2010-06-06 23:41 -------- d-----w- c:\windows\system32\LogFiles
2010-06-06 23:29 . 2010-06-06 23:29 -------- d-----w- c:\program files\EA Games
2010-05-23 17:53 . 2010-05-24 05:31 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 11:26 . 2010-01-29 08:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 04:37 . 2010-01-23 13:39 -------- d-----w- c:\program files\ICQ7.0
2010-06-15 20:36 . 2010-06-15 20:37 2030592 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-06-15 03:55 . 2010-01-30 11:02 12582709 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-11 15:11 . 2010-05-05 20:32 -------- d-----w- c:\program files\Digsby
2010-06-10 18:55 . 2010-01-26 17:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 23:31 . 2010-06-09 06:50 44544 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-06-07 04:54 . 2010-06-07 12:31 380928 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-06-05 21:45 . 2010-02-17 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 17:14 . 2010-01-23 16:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 22:45 . 2010-06-02 22:46 1948160 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-05-29 21:52 . 2010-05-29 21:53 1939968 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-05-26 22:21 . 2010-05-27 05:32 1933824 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-22 00:05 . 2010-05-22 06:32 142336 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-05-21 13:31 . 2010-01-27 19:52 -------- d-----w- c:\program files\Vuze
2010-05-19 22:21 . 2010-05-20 04:48 1921536 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-05-19 20:48 . 2010-04-06 17:44 -------- d-----w- c:\program files\Microsoft Works
2010-05-15 14:11 . 2010-04-11 09:41 -------- d-----w- c:\program files\Java
2010-05-14 17:34 . 2010-05-14 23:44 594944 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-05-10 06:03 . 2010-05-10 06:03 -------- d-----w- c:\program files\Easy MP3 Cutter
2010-05-09 21:09 . 2010-05-09 21:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-09 21:08 . 2010-05-09 21:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-04 21:19 . 2010-05-04 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-04 21:19 . 2010-01-26 17:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-03 05:36 . 2010-01-24 03:17 -------- d-----w- c:\program files\Opera
2010-04-22 00:47 . 2010-04-22 05:33 1826816 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-19 23:21 . 2010-01-24 00:35 -------- d-----w- c:\program files\ATI Technologies
2010-04-19 20:12 . 2010-04-19 20:12 -------- d-----w- c:\program files\Common Files\Control Panels
2010-04-19 20:11 . 2010-01-23 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 05:28 . 2010-04-19 05:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 05:28 . 2010-04-19 05:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 05:27 . 2010-01-30 17:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 05:27 . 2010-01-30 17:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-12 15:29 . 2010-05-15 14:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-29 09:54 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 09:54 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-06-16_17.52.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 19:09 . 2010-06-16 19:09 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2010-06-16 19:10 . 2010-06-16 19:10 16384 c:\windows\Temp\Perflib_Perfdata_1f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2009-11-09 16:38 2331672 ----a-w- c:\program files\RealoreStudios\tbReal.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\tbReal.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Kauboun\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kauboun\\Plocha\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.1.2010 3:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2010 3:44 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.1.2010 15:39 246520]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23.1.2010 19:25 4408616]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:15 1021256]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [23.1.2010 19:26 112936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2010 19:19 691696]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\RpcAgentSrv.exe [5.2.2010 10:16 98488]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23.1.2010 19:25 15656]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.digsby.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kauboun\Data aplikací\Mozilla\Firefox\Profiles\g8dvvh8l.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 21:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-73586283-1897051121-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,bc,62,3d,f6,90,ea,19,ed,76,53,62,f4,51,77,3c,0c,71,92,5f,8d,50,d5,
05,18,67,ce,6e,b0,cb,62,11,5b,ab,9f,3d,26,c1,0a,22,64,ee,68,32,a8,10,ad,dc,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-16 21:21:09
ComboFix-quarantined-files.txt 2010-06-16 19:21
ComboFix2.txt 2010-06-16 17:58
Před spuštěním: 4 245 004 288
Po spuštění: 4 230 565 888
- - End Of File - - 05AC098BFD6D66BE5DEFF81529D3A6F0
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
diki moc prosimta ked budes mat cas mozes mi mrknut aj na notebook? ten je natom horsie 
http://www.viry.cz/forum/viewtopic.php?f=13&t=101968 
prosimta ked budes mat cas mozes mi mrknut aj na notebook? ten je natom horsie http://www.viry.cz/forum/viewtopic.php?f=13&t=101968 -
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu mam tu nejaky bordel
Nemáte zač. Váš NTB řeší kolega Roli. Tady není zvykem bez dovolení lézt do cizích topic.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?