Dobrý den , dnes při zapnutí Pc na mě začalo vyskakovat několik erorů : chybná bitová kopie. Našel jsem tu stejný problém který se řešil pomocí programu Combofix , tak jsem ho stáhl a postupoval podle rad uživatele JanH. odkaz zde : http://forum.viry.cz/viewtopic.php?f=13&t=81363 , po uvedeném restartování PC už žádný eror nevyskočil , ale pro jistotu vkládám log z Combofixu a prosím aby se na to někdo podíval a případně popsal další kroky , děkuji
ComboFix 12-12-02.01 - Administrator 03.12.2012 18:18:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1232 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\uidsave.dat
c:\documents and settings\Administrator\WINDOWS
C:\install.exe
c:\program files\_arh1
c:\program files\_arh1\_arh1\kokolok.txt
c:\program files\_arh1\_arh1\kust.txt
c:\program files\_arh1\_arh1\na1111111111111ki.bat
c:\program files\_arh1\_arh1\no111111111ri.vbs
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3ca605b94c6c1cba.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\62414bb7f3cfdbfa.fb
c:\windows\system32\Cache\63e3a432d3c29c90.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a0d69a628236f252.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ba48bfa828f5a77f.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f0b67b8fa39bc287.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\nspupdt.dll.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\tmp65A.tmp
c:\windows\system32\tmp65B.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\program files\SweetIM
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d3ec233-b92d-4187-a506-284127cfba2d}]
2012-10-10 02:45 1031240 ----a-w- c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{8d3ec233-b92d-4187-a506-284127cfba2d}"= "c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll" [2012-10-10 1031240]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{8d3ec233-b92d-4187-a506-284127cfba2d}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{5c0647de-0eee-4822-b211-a05a5bf316ab}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"SunJavaUpdateSched"="c:\program files\common files\java\java update\jusched.exe" [2011-06-09 254696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} - c:\documents and settings\Administrator\Data aplikací\DownTango4SToolbar\DownTango4SToolbar.dll
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~1\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-DATAMNGR - c:\progra~1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE
HKLM-Explorer_Run-3032 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}"=hex:51,66,7a,6c,4c,1d,3b,1b,e5,38,68,
a2,fe,3b,66,0b,a8,70,f1,ad,a4,47,79,8e
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,df,f4,
f2,2d,33,b2,5d,83,79,40,53,22,84,da,5c
.
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,35,1e,09,9d,ca,29,40,86,0c,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,35,1e,09,9d,ca,29,40,86,0c,77,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-12-03 18:31:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 666 486 272
Po spuštění: Volných bajtů: 257 957 933 056
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 30D238C7E39E13BB6939E425BE47CF6B
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
chybná bitová kopie
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: chybná bitová kopie
Proč spouštíte Combofix, utilitu uečenou odborníkům, bez kozultace s rádcem? Nečtete pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601
Otevřte poznámkový blok a zkopírujte do něj:
neznalá osoba si Combofixem může snadno zbořit systém.2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.
3. Zvláště utilitu ComboFix nespouštějte i když Vám mi poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\SweetIM
c:\documents and settings\All Users\Data aplikací\SweetIM
c:\program files\uTorrentControl_v2
c:\documents and settings\Administrator\Data aplikací\DownTango4SToolba
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"=-
[-HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{8d3ec233-b92d-4187-a506-284127cfba2d}]
[-HKEY_CLASSES_ROOT\wtb.Band.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5c0647de-0eee-4822-b211-a05a5bf316ab}]
[-HKEY_CLASSES_ROOT\wtb.Band]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"Sweetpacks Communicator"=-
Driver::
Skype C2C Service
Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
RegLock::
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\S-1-5-21-2052111302-2077806209-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: chybná bitová kopie
Dobrý den , dnes jsem provedl to co jste mi psal , přidávám log :
ComboFix 12-12-02.01 - Administrator 04.12.2012 16:34:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SweetIM
c:\program files\SweetIM\Communicator\mgcommon.dll
c:\program files\SweetIM\Communicator\mgcommunication.dll
c:\program files\SweetIM\Communicator\mgsimcommon.dll
c:\program files\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files\uTorrentControl_v2
c:\program files\uTorrentControl_v2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl_v2\ldrtbuTor.dll
c:\program files\uTorrentControl_v2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl_v2\prxtbuTor.dll
c:\program files\uTorrentControl_v2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl_v2\tbuTor.dll
c:\program files\uTorrentControl_v2\toolbar.cfg
c:\program files\uTorrentControl_v2\ToolbarContextMenu.xml
c:\program files\uTorrentControl_v2\uninstall.exe
c:\program files\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPE_C2C_SERVICE
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
BHO-{8d3ec233-b92d-4187-a506-284127cfba2d} - (no file)
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 16:45:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 15:45
ComboFix2.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 579 180 032
Po spuštění: Volných bajtů: 257 576 423 424
.
- - End Of File - - 81BA75E11F81C980508DB4F5335A4FE4
ComboFix 12-12-02.01 - Administrator 04.12.2012 16:34:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SweetIM
c:\program files\SweetIM\Communicator\mgcommon.dll
c:\program files\SweetIM\Communicator\mgcommunication.dll
c:\program files\SweetIM\Communicator\mgsimcommon.dll
c:\program files\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files\uTorrentControl_v2
c:\program files\uTorrentControl_v2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl_v2\ldrtbuTor.dll
c:\program files\uTorrentControl_v2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl_v2\prxtbuTor.dll
c:\program files\uTorrentControl_v2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl_v2\tbuTor.dll
c:\program files\uTorrentControl_v2\toolbar.cfg
c:\program files\uTorrentControl_v2\ToolbarContextMenu.xml
c:\program files\uTorrentControl_v2\uninstall.exe
c:\program files\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPE_C2C_SERVICE
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-16 1111432]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
BHO-{8d3ec233-b92d-4187-a506-284127cfba2d} - (no file)
AddRemove-uTorrentControl_v2 Toolbar - c:\program files\uTorrentControl_v2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5908)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 16:45:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 15:45
ComboFix2.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 579 180 032
Po spuštění: Volných bajtů: 257 576 423 424
.
- - End Of File - - 81BA75E11F81C980508DB4F5335A4FE4
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: chybná bitová kopie
Ještě jednou spusťte CF tímto skriptem:
KillAll::
Folder::
c:\program files\Common Files\Spigot
Collect::
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"=-
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: chybná bitová kopie
ComboFix 12-12-02.01 - Administrator 04.12.2012 17:19:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1352 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth155.dll
c:\program files\Common Files\Spigot\Search Settings\wthx155.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.js
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xul
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 17:30:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 16:30
ComboFix2.txt 2012-12-04 15:45
ComboFix3.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 567 068 160
Po spuštění: Volných bajtů: 257 555 771 392
.
- - End Of File - - D730CCCE728BFCDAD9865DF69B0DCF3F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1352 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth155.dll
c:\program files\Common Files\Spigot\Search Settings\wthx155.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.js
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\listener.xul
c:\program files\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:37 . 2012-12-03 17:37 -------- d-----w- c:\program files\Common Files\Java
2012-12-03 17:37 . 2012-12-03 17:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-03 17:37 . 2012-12-03 17:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\program files\Java
2012-12-03 17:36 . 2012-12-03 17:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-12-03 17:13 . 2012-12-03 17:13 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-12-03 17:05 . 2012-12-03 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-03 16:59 . 2012-09-23 14:28 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 16:59 . 2012-09-23 14:28 5947392 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-01 09:28 . 2012-12-01 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Wargaming.net
2012-11-30 17:31 . 2012-11-30 17:31 -------- d-----w- C:\Games
2012-11-27 14:55 . 2012-11-27 14:55 -------- d-----w- c:\program files\arh
2012-11-26 17:07 . 2012-11-26 17:31 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Hamachi
2012-11-26 17:07 . 2012-11-26 17:07 -------- d-----w- c:\program files\Hamachi
2012-11-24 21:26 . 2012-12-01 09:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TrackMania
2012-11-24 21:23 . 2012-11-24 21:25 -------- d-----w- c:\program files\TmNationsForever
2012-11-24 15:56 . 2012-11-24 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\FlatOut Ultimate Carnage
2012-11-24 15:44 . 2012-11-24 15:44 -------- d-----w- c:\program files\Empire Interactive
2012-11-22 15:24 . 2012-11-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-13 16:47 . 2012-11-13 16:47 -------- d-----w- c:\program files\7-Zip
2012-11-12 22:53 . 2012-11-12 22:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2012-11-12 22:52 . 2012-11-13 16:47 -------- d-----w- c:\program files\TornTV.com
2012-11-12 17:00 . 2012-11-12 17:00 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:36 . 2011-06-05 14:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 17:07 . 2011-12-09 19:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-24 16:19 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 16:19 . 2009-08-18 10:24 19696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-24 08:54 . 2012-04-11 13:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 08:54 . 2011-05-15 13:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 15:46 . 2012-08-30 21:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 19:57 . 2004-08-17 12:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-17 12:49 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 14:28 . 2012-06-25 08:35 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-06-25 08:34 19103744 ----a-w- c:\windows\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-06-25 08:34 7446528 ----a-w- c:\windows\system32\nvcuda.dll
2012-09-23 14:28 . 2012-06-25 08:34 2578792 ----a-w- c:\windows\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-06-25 08:34 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-06-25 08:34 2376704 ----a-w- c:\windows\system32\nvapi.dll
2012-09-23 14:28 . 2012-06-25 08:34 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-09-23 14:28 . 2010-12-19 15:32 4494208 ----a-w- c:\windows\system32\nv4_disp.dll
2012-09-23 14:28 . 2010-12-19 15:32 12557728 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-09-23 13:09 . 2012-06-25 08:36 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-09-23 13:09 . 2012-06-25 08:36 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-09-23 13:09 . 2012-06-25 08:36 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-09-23 13:09 . 2012-06-25 08:36 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-09-23 13:09 . 2012-06-25 08:36 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-09-23 13:09 . 2012-06-25 08:36 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-09-23 13:09 . 2012-06-25 08:36 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-09-23 13:09 . 2012-06-25 08:36 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-09-23 13:09 . 2012-06-25 08:36 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-09-23 13:09 . 2012-06-25 08:36 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-09-23 13:09 . 2012-06-25 08:36 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-09-23 13:09 . 2012-06-25 08:36 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-09-23 13:09 . 2012-06-25 08:36 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-09-23 13:04 . 2012-06-25 08:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-09-23 13:04 . 2012-06-25 08:36 15512424 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-23 13:04 . 2012-06-25 08:36 164200 ----a-w- c:\windows\system32\nvsvc32.exe
2012-09-23 13:04 . 2012-06-25 08:36 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-09-23 13:04 . 2012-06-25 08:36 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:21 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-11-07 8790904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-15 19967080]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"3032"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\NCSoft\\Lineage II\\System\\L2.bin"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\CProgram FilesCounter-Strike 1.6 Standalonehl.exe -game cstrike -steam\\hl.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\Mediabar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57285:TCP"= 57285:TCP:Pando Media Booster
"57285:UDP"= 57285:UDP:Pando Media Booster
"57519:TCP"= 57519:TCP:Pando Media Booster
"57519:UDP"= 57519:UDP:Pando Media Booster
"58760:TCP"= 58760:TCP:Pando Media Booster
"58760:UDP"= 58760:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2010 23:19 691696]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [15.8.2011 20:37 18544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 3:49 297168]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [23.12.2011 10:07 497496]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9.10.2012 15:44 799112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31.1.2012 15:02 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 269520]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [10.11.2012 16:46 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 27216]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 22:20 26984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.8.2011 20:35 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [6.5.2011 18:15 167264]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys --> c:\program files\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.12.2011 16:44 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.12.2011 16:44 8576]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKCtrl;TKCtrl;\??\c:\windows\system32\TKCtrl2k.sys --> c:\windows\system32\TKCtrl2k.sys [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D73C7D2F-2D1B-11E2-BE12-1C6F65C94026}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 10.0.111.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\isfm9jo5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-04 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 17:30:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 16:30
ComboFix2.txt 2012-12-04 15:45
ComboFix3.txt 2012-12-03 17:31
.
Před spuštěním: Volných bajtů: 257 567 068 160
Po spuštění: Volných bajtů: 257 555 771 392
.
- - End Of File - - D730CCCE728BFCDAD9865DF69B0DCF3F
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: chybná bitová kopie
Stáhněte a spusťte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 . Do bílého okna zkopírujte:
a klikněte na >Execute<. PC bude restartován.Files to delete:
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com
Folders to delete:
c:\documents and settings\All Users\Data aplikací\SweetIM
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run | 3032
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: chybná bitová kopie
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" not found!
Deletion of file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "c:\documents and settings\All Users\Data aplikací\SweetIM" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run|3032" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" not found!
Deletion of file "c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msrkuvoy.com" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "c:\documents and settings\All Users\Data aplikací\SweetIM" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run|3032" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: chybná bitová kopie
Soubor už tam nebyl, pouze klíč a jeden zbylý adresář. Vše smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: chybná bitová kopie
Dobrý den , vše už vypadá být vpořádku , děkuji za pomoc. Program Combofix mohu odstranit ?
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: chybná bitová kopie
Ano. Start>spustit>(napsat) combofix /uninstall>OK. Avenger smažte. Nemáte zač!Vojtěch píše:Program Combofix mohu odstranit ?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?