prosím o pomoc
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
nejdou xp :(
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
nejdou xp :(
Dobrej potřeboval bych nutnou pomoc , pustím pc po chvilce se přihlásím a najede mi jen plocha bez ikon , bez panelů atd jediné co můžu je pustit pár programů přes správce úloh , polovina mě vyhlásí s hláškou "Microsoft C++ Runtime library -> R60002 . floating point support not loaded"
prosím o pomoc
prosím o pomoc
Re: nejdou xp :(
log z RSIT nejde udělat , hodí chybu !
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: nejdou xp :(
Zdravim, obnov system cez spravcu uloh.
do okna skopiruj tento prikaz
do okna skopiruj tento prikaz
ak to budes mat tak napis.%Systemroot%/system32/restore/rstrui.exe
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: nejdou xp :(
stalo se a bez výsledku..
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: nejdou xp :(
Bez vysledku??
No skus to este raz a vyber taky datum ked este system korektne fungoval.
Ale skus obnovu v nudzovom rezime.
A potom napis
No skus to este raz a vyber taky datum ked este system korektne fungoval.
Ale skus obnovu v nudzovom rezime.
A potom napis
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: nejdou xp :(
tak sem to vrátil o 5 dní a jde to , co s tim ted ?
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: nejdou xp :(
PROSIM CITAJTE POZORNE NAVOD!!!,
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Re: nejdou xp :(
ComboFix 11-03-07.07 - Administrator 08.03.2011 17:49:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.675 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Local
c:\documents and settings\Administrator\Data aplikací\PriceGong
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_POWERMANAGER
-------\Service_PowerManager
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-08 do 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-08 15:54 . 2011-03-08 15:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-08 11:25 . 2011-03-08 11:25 -------- d-----w- C:\rsit
2011-03-07 14:28 . 2011-03-07 14:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-03-07 14:28 . 2011-03-07 14:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-07 14:28 . 2011-03-08 15:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 22:02 . 2011-03-06 22:02 -------- d-----w- C:\gPotato.eu
2011-03-06 20:36 . 2011-03-08 13:48 -------- d-----w- C:\allods
2011-03-03 18:10 . 2011-03-08 15:54 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2011-03-03 18:09 . 2011-03-08 15:54 -------- d-----w- c:\program files\Hamachi
2011-03-03 10:22 . 2011-03-08 15:54 -------- d-----w- c:\program files\EACOM
2011-03-03 10:21 . 2011-03-03 10:21 -------- d-----w- c:\program files\EA SPORTS
2011-03-02 16:52 . 2011-03-02 17:10 6846 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\pagefile.sys
2011-03-01 13:28 . 2011-03-01 13:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\PowerChallenge
2011-03-01 13:28 . 2011-03-01 13:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PowerChallenge
2011-03-01 12:58 . 2011-03-01 12:58 -------- d-----w- C:\Dynamix
2011-03-01 12:14 . 2011-03-01 12:14 -------- d-----w- c:\windows\system32\AGEIA
2011-03-01 12:14 . 2011-03-01 12:14 -------- d-----w- c:\program files\AGEIA Technologies
2011-03-01 12:12 . 2011-03-01 12:12 -------- d-----w- c:\program files\TK Digtal
2011-03-01 11:06 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-01 11:06 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-01 11:06 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-01 11:06 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-02-24 11:30 . 2011-02-24 11:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\id Software
2011-02-24 11:28 . 2011-02-24 11:50 -------- d-----w- c:\program files\id Software
2011-02-13 19:28 . 2011-02-13 19:28 3044864 ----a-w- c:\windows\system32\drivers\KnightMetal.exe
2011-02-13 18:05 . 2009-03-30 11:00 261392 ----a-w- C:\AutoItx3.dll
2011-02-10 17:38 . 2011-02-28 11:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\WMTools Downloaded Files
2011-02-07 08:24 . 2011-02-07 08:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoYoGames
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 16:30 . 2010-12-14 13:28 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-02 14:21 . 2011-02-05 23:26 2449409 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Launcher2.exe
2011-03-02 13:53 . 2011-02-05 23:26 692736 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\usnscv.exe
2011-03-02 13:53 . 2011-02-05 23:26 379904 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ntldr.dll
2011-02-27 21:50 . 2010-12-14 13:07 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-27 21:50 . 2010-12-14 13:06 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-25 08:27 . 2010-12-14 13:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-25 08:26 . 2010-12-14 13:06 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-24 11:51 . 2010-12-14 13:07 22328 ----a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-05 23:51 . 2011-02-05 23:26 322560 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\$000000.tmp
2011-01-06 21:35 . 2010-12-28 21:21 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-06 21:35 . 2010-12-28 21:21 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 06:23 . 2001-10-25 12:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-12-28 19:33 . 2010-12-28 19:06 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-28 19:33 . 2010-12-28 19:05 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-28 19:33 . 2010-12-28 19:05 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-12-20 22:27 . 2010-12-20 22:27 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\ARJ.PIF
2010-12-11 12:02 . 2010-12-11 12:02 315392 ----a-w- c:\windows\HideWin.exe
.
.
------- Sigcheck -------
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2001-10-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-12-19 1835106]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HRY\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\HRY\\torentor\\uTorrent.exe"=
"c:\\HRY\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\HRY\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=
"c:\\HRY\\Steam\\steamapps\\jarous1337\\day of defeat source\\hl2.exe"=
"c:\\HRY\\Steam\\steamapps\\jarous1337\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58442:TCP"= 58442:TCP:Pando Media Booster
"58442:UDP"= 58442:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
"6914:TCP"= 6914:TCP:League of Legends Launcher
"6914:UDP"= 6914:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 18:32 20104]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.4.2010 10:43 147563]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [22.1.2011 3:21 2304]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6.4.2010 18:32 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 18:33 25864]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 18:32 23048]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6.4.2010 18:32 25992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\garena\safedrv.sys --> c:\hry\garena\safedrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SkyShield;SkyShield;\??\c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys --> c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = hxxp://googleads.g.doubleclick.net/aclk?sa=l&ai=B1CfKodEFTZiaNYzS_AbMze3-D73dpscBAAAAEAEg18zpDzgAUNCOur_6_____wFYo43-xw9gzMnngewGsgEWZW1iZWRkZWQuZ2FyZW5hbm93LmNvbboBCTQ2OHg2MF9hc8gBAtoBLmh0dHA6Ly9lbWJlZGRlZC5nYXJlbmFub3cuY29tL2FkMi9sb2JieV9hZC5waHCpAtpvEW00n6k-wAIC4AIA6gITY2xpZW50X2xvYmJ5XzQ2OHg2MPgC9NEekAOMBpgDsAmoAwHIAxXQBJBO4AQB&num=0&sig=AGiWqtx6dmwi6wKfvHpNPVsYFdzLCXKlhQ&client=ca-pub-3822388043281682&adurl=http://www.garena.com/~club/&nm=4&clkt=1297&jca=9894
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\62gqtdlb.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: YoYo Games InstantPlay: yyginstantplay@yoyogames.com - %profile%\extensions\yyginstantplay@yoyogames.com
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 17:56
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?U?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Celkový čas: 2011-03-08 18:00:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-08 17:00
.
Před spuštěním: Volných bajtů: 66 319 556 608
Po spuštění: Volných bajtů: 68 762 955 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - 38EB67CA63684DC657BC24F594C1D17F
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.675 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Local
c:\documents and settings\Administrator\Data aplikací\PriceGong
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Data aplikací\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_POWERMANAGER
-------\Service_PowerManager
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-08 do 2011-03-08 )))))))))))))))))))))))))))))))
.
.
2011-03-08 15:54 . 2011-03-08 15:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-08 11:25 . 2011-03-08 11:25 -------- d-----w- C:\rsit
2011-03-07 14:28 . 2011-03-07 14:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-03-07 14:28 . 2011-03-07 14:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-07 14:28 . 2011-03-08 15:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 22:02 . 2011-03-06 22:02 -------- d-----w- C:\gPotato.eu
2011-03-06 20:36 . 2011-03-08 13:48 -------- d-----w- C:\allods
2011-03-03 18:10 . 2011-03-08 15:54 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2011-03-03 18:09 . 2011-03-08 15:54 -------- d-----w- c:\program files\Hamachi
2011-03-03 10:22 . 2011-03-08 15:54 -------- d-----w- c:\program files\EACOM
2011-03-03 10:21 . 2011-03-03 10:21 -------- d-----w- c:\program files\EA SPORTS
2011-03-02 16:52 . 2011-03-02 17:10 6846 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\pagefile.sys
2011-03-01 13:28 . 2011-03-01 13:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\PowerChallenge
2011-03-01 13:28 . 2011-03-01 13:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PowerChallenge
2011-03-01 12:58 . 2011-03-01 12:58 -------- d-----w- C:\Dynamix
2011-03-01 12:14 . 2011-03-01 12:14 -------- d-----w- c:\windows\system32\AGEIA
2011-03-01 12:14 . 2011-03-01 12:14 -------- d-----w- c:\program files\AGEIA Technologies
2011-03-01 12:12 . 2011-03-01 12:12 -------- d-----w- c:\program files\TK Digtal
2011-03-01 11:06 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-01 11:06 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-01 11:06 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-01 11:06 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-02-24 11:30 . 2011-02-24 11:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\id Software
2011-02-24 11:28 . 2011-02-24 11:50 -------- d-----w- c:\program files\id Software
2011-02-13 19:28 . 2011-02-13 19:28 3044864 ----a-w- c:\windows\system32\drivers\KnightMetal.exe
2011-02-13 18:05 . 2009-03-30 11:00 261392 ----a-w- C:\AutoItx3.dll
2011-02-10 17:38 . 2011-02-28 11:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\WMTools Downloaded Files
2011-02-07 08:24 . 2011-02-07 08:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\YoYoGames
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 16:30 . 2010-12-14 13:28 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-02 14:21 . 2011-02-05 23:26 2449409 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Launcher2.exe
2011-03-02 13:53 . 2011-02-05 23:26 692736 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\usnscv.exe
2011-03-02 13:53 . 2011-02-05 23:26 379904 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\ntldr.dll
2011-02-27 21:50 . 2010-12-14 13:07 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-27 21:50 . 2010-12-14 13:06 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-25 08:27 . 2010-12-14 13:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-25 08:26 . 2010-12-14 13:06 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-24 11:51 . 2010-12-14 13:07 22328 ----a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-05 23:51 . 2011-02-05 23:26 322560 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\$000000.tmp
2011-01-06 21:35 . 2010-12-28 21:21 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-06 21:35 . 2010-12-28 21:21 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 06:23 . 2001-10-25 12:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-12-28 19:33 . 2010-12-28 19:06 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-28 19:33 . 2010-12-28 19:05 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-28 19:33 . 2010-12-28 19:05 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-12-20 22:27 . 2010-12-20 22:27 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\UC.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\RAR.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\LHA.PIF
2010-12-17 06:56 . 2010-12-21 13:52 545 ----a-w- c:\windows\ARJ.PIF
2010-12-11 12:02 . 2010-12-11 12:02 315392 ----a-w- c:\windows\HideWin.exe
.
.
------- Sigcheck -------
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2001-10-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-12-19 1835106]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HRY\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\HRY\\torentor\\uTorrent.exe"=
"c:\\HRY\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\HRY\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=
"c:\\HRY\\Steam\\steamapps\\jarous1337\\day of defeat source\\hl2.exe"=
"c:\\HRY\\Steam\\steamapps\\jarous1337\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58442:TCP"= 58442:TCP:Pando Media Booster
"58442:UDP"= 58442:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
"6914:TCP"= 6914:TCP:League of Legends Launcher
"6914:UDP"= 6914:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6.4.2010 18:32 20104]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.4.2010 10:43 147563]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [22.1.2011 3:21 2304]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6.4.2010 18:32 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6.4.2010 18:33 25864]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6.4.2010 18:32 23048]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6.4.2010 18:32 25992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\garena\safedrv.sys --> c:\hry\garena\safedrv.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SkyShield;SkyShield;\??\c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys --> c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = hxxp://googleads.g.doubleclick.net/aclk?sa=l&ai=B1CfKodEFTZiaNYzS_AbMze3-D73dpscBAAAAEAEg18zpDzgAUNCOur_6_____wFYo43-xw9gzMnngewGsgEWZW1iZWRkZWQuZ2FyZW5hbm93LmNvbboBCTQ2OHg2MF9hc8gBAtoBLmh0dHA6Ly9lbWJlZGRlZC5nYXJlbmFub3cuY29tL2FkMi9sb2JieV9hZC5waHCpAtpvEW00n6k-wAIC4AIA6gITY2xpZW50X2xvYmJ5XzQ2OHg2MPgC9NEekAOMBpgDsAmoAwHIAxXQBJBO4AQB&num=0&sig=AGiWqtx6dmwi6wKfvHpNPVsYFdzLCXKlhQ&client=ca-pub-3822388043281682&adurl=http://www.garena.com/~club/&nm=4&clkt=1297&jca=9894
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\62gqtdlb.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: YoYo Games InstantPlay: yyginstantplay@yoyogames.com - %profile%\extensions\yyginstantplay@yoyogames.com
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 17:56
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?U?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Celkový čas: 2011-03-08 18:00:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-08 17:00
.
Před spuštěním: Volných bajtů: 66 319 556 608
Po spuštění: Volných bajtů: 68 762 955 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - 38EB67CA63684DC657BC24F594C1D17F
-
stell
- VIP in memoriam
- Příspěvky: 5175
- Registrován: 09 pro 2007 09:27
- Bydliště: SK-REVUCA
- Kontaktovat uživatele:
Re: nejdou xp :(
Otestuj na
WWW.VIRUSTOTAL.COM
Subory, a linky z testov vloz sem.
WWW.VIRUSTOTAL.COM
Subory, a linky z testov vloz sem.
c:\documents and settings\Administrator\Plocha\myko\SkyShield.sys
c:\windows\system32\drivers\KnightMetal.exe
C:\AutoItx3.dll
c:\documents and settings\Administrator\Local Settings\Data aplikací\ntldr.dll
c:\documents and settings\Administrator\Local Settings\Data aplikací\usnscv.exe
c:\documents and settings\Administrator\Local Settings\Data aplikací\Launcher2.exe
c:\windows\system32\PnkBstrB.xtr
c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
c:\documents and settings\Administrator\Local Settings\Data aplikací\$000000.tmp
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
C:\gPotato.eu
C:\allods
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Přispějete na provoz fóra?