Prosim poradte co mam delat, je to hodne neprijemne
Predem dekuji
Reset PC pri Tento Pocitac apod.
Reset PC pri Tento Pocitac apod.
Dobry den, mam problem. Kdyz dam spustit ikonu Tento Pocitac, tak se mi to nejdriv sekne a pak sam od sebe se mi resteuje pocitac(ovsem nekdy se to zapne, ale jen zridka). Nebo napr. kdyz spustim antivir a kontrolu PC, tak kdyz to zacne kontrolovat system32 tak to same, nejdriv se to sekne a pote se restartuje PC.
Prosim poradte co mam delat, je to hodne neprijemne
Predem dekuji
Prosim poradte co mam delat, je to hodne neprijemne
Predem dekuji
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
viewtopic.php?f=70&t=5119
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.--aplikuj raději v nouz. režimu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.--aplikuj raději v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Reset PC pri Tento Pocitac apod.
No je tady problem, vse jsem udelal a spustil ten test ale jak to najede na system32 tak se resetuje PC...takze nejde v zadnem antiviru udelat celej test 
nevim co s tim... 
nevim co s tim... -
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
Ani v nouzovém režimu?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
Jak píe Žbeky , po restartu držet klávesu F8 a vybrat stav nouze.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Reset PC pri Tento Pocitac apod.
Nee ani nouzovy rezim nepomuze pri testovani myslim system32/msfedit nebo neco takovyho se to sekne a restartuje...
-
Pic
- Moderátor
-
Guru Level 13
- Příspěvky: 23292
- Registrován: září 06
- Bydliště: Východní Čechy
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
Zkus místo stavu nouze vybrat poslední známá konfigurace, nebo tak nějak. Je v PC jedna paměť RAM, nebo dvě. Pokud dvě, nech vždy ve slotu nejblíže procesoru jen jednu z nich a zkus spustit PC. Pozor na statický el. náboj, ať si paměť nepoškodíš.
Přečti si pravidla tohoto fóra! Přečetl jsi si nejprve manuál? Piš tak, abychom Ti rozuměli! Na SZ neodpovídám na požadavky řešení Vašich problémů s PC!
Nic není dokonalé, ani člověk!
Nic není dokonalé, ani člověk!
Re: Reset PC pri Tento Pocitac apod.
Zřejmě špatné Windows v tomto případě mu nejspíše nepůjde poslední známá konfigurace ale bude muset znovu nainstalovat Windows.Pokud ani to nepomůže je chyba v Hardware(zkus třeba Slax dej si ho na flashdisk nebo cd a dej memtest a zjistíš jestli jsou špatné paměti).
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
Stáhni si tools:
http://www.edisk.cz/stahni/31509/tools.rar_4.4MB.html
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než jsou původní programy.
itr - RSIT
buss - DDS
VerTerm - Combofix
pokud ti pojede VerTerm, tak sem vlož z něho log.
Návod na Combofix(VerTerm):
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
http://www.edisk.cz/stahni/31509/tools.rar_4.4MB.html
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než jsou původní programy.
itr - RSIT
buss - DDS
VerTerm - Combofix
pokud ti pojede VerTerm, tak sem vlož z něho log.
Návod na Combofix(VerTerm):
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Reset PC pri Tento Pocitac apod.
Tak zde je log z Combofixu:
ComboFix 10-02-12.01 - Martin 13.02.2010 0:47.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2726 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\VerTerm.exe
AV: avast! antivirus 4.8.1368 [VPS 100212-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Martin\Dokumenty\cc_20091017_202104.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.2.0.2880\Data\config.md
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.dat
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.0.0.610\Data\config.md
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome.manifest
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.0.0.610\FF\install.rdf
c:\program files\Media Access Startup\1.0.0.610\HPCommon.dll
c:\program files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\hppx.exe
c:\program files\Media Access Startup\1.0.0.610\unins000.dat
c:\program files\Media Access Startup\1.0.0.610\unins000.exe
c:\program files\Nice Prosper
c:\program files\Nice Prosper\CashBackAssistant\cfcpxlog.mx
c:\program files\Nice Prosper\CashBackAssistant\MatchingData.zd5
c:\program files\Nice Prosper\CashBackAssistant\setup.exe
c:\program files\Nice Prosper\CashBackAssistant\unins000.dat
c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
c:\windows\config.ini
c:\windows\Mafia
c:\windows\Mafia \uninstall.exe
c:\windows\Readme.txt
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp74.tmp
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-02-12 23:38 . 2010-02-12 23:40 -------- d-----w- C:\VerTerm8863V
2010-02-12 23:23 . 2010-02-12 23:23 -------- d-----w- C:\VerTerm
2010-01-28 14:07 . 2010-01-28 14:07 -------- d-----w- c:\program files\Microsoft Games
2010-01-26 22:49 . 2010-01-26 22:49 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2010-01-24 11:12 . 2007-05-31 22:47 7437824 ----a-w- c:\windows\system32\smfcore.dll
2010-01-24 11:12 . 2007-02-25 14:36 383238 ----a-w- c:\windows\system32\libmp3lame-0.dll
2010-01-23 08:14 . 2010-01-23 08:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 19:35 . 2010-01-20 19:35 -------- d-----w- C:\ProgramData
2010-01-20 19:34 . 2010-01-20 19:34 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\program files\Microsoft WSE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 23:51 . 2008-12-23 11:13 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 23:35 . 2010-01-08 23:09 -------- d-----w- c:\program files\Crawler
2010-02-12 07:20 . 2009-06-17 17:35 -------- d-----w- c:\program files\WinClamAVShield
2010-02-11 21:07 . 2009-06-18 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 21:18 . 2009-06-24 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 15:27 . 2008-12-23 09:57 -------- d-----w- c:\program files\uTorrent
2010-02-07 20:24 . 2009-01-23 15:14 1911 ----a-w- c:\windows\eReg.dat
2010-02-07 14:41 . 2009-05-05 17:38 -------- d-----w- c:\program files\Google
2010-02-05 17:22 . 2008-12-23 19:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-05 13:05 . 2008-12-23 19:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-26 22:49 . 2009-01-08 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 12:41 . 2009-01-30 18:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 11:37 . 2009-12-13 07:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 11:04 . 2010-01-11 11:04 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2010-01-08 23:37 . 2010-01-08 23:37 -------- d--h--w- c:\program files\Zero G Registry
2010-01-07 15:07 . 2009-06-18 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-18 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-10-20 21:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:44 . 2009-12-30 12:03 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-26 12:30 . 2009-12-26 12:30 -------- d-----w- c:\program files\Sony
2009-12-26 01:03 . 2008-12-22 19:44 -------- d-----w- c:\program files\Analog Devices
2009-12-24 17:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\BS_Player
2009-12-21 19:08 . 2006-10-20 21:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-22 18:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 23:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\Conduit
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 17:56 . 2009-02-09 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-10 17:56 . 2009-02-09 18:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 10:11 . 2006-10-20 21:30 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2005-03-02 20:14 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-10-20 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-10-20 21:32 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-12-22 22:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-22 22:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2008-12-22 22:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-22 22:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-22 22:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-22 22:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-12-06 12:59 . 2010-01-12 18:43 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
2009-08-31 15:55 . 2009-10-11 22:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 11:08 150768 ----a-w- c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-24 17:39 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-22 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-05-31 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-17 1783808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\Pure Codec\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"d:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2008 20:00 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2008 23:14 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2009 17:50 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2008 23:14 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.5.2009 17:29 55152]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [24.12.2008 19:12 90112]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.12.2008 22:32 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.12.2008 22:32 9856]
S2 gupdate1c9cda86c7b75c0;Služba Google Update (gupdate1c9cda86c7b75c0);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2009 18:39 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [30.12.2009 13:20 25832]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.6.2009 21:26 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:38]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///F:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - c:\program files\Family Toolbar\tbhelper.dll
BHO-{0C37B053-FD68-456a-82E1-D788EE342E6F} - c:\program files\Family Toolbar\tbcore3.dll
BHO-{D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - c:\program files\Family Toolbar\mhxpcomi.dll
Toolbar-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\Family Toolbar\tbcore3.dll
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\Family Toolbar\tbcore3.dll
HKCU-Run-WS9E3IQBKY - c:\windows\msd.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-CL08 & PL08 & GL & 2.GL & ČFL - d:\program files\EA Sports\FIFA 08\data\Uninstal.exe
AddRemove-CoD 2 čeština_is1 - d:\program files\Activision\Call of Duty 2\main\unins000.exe
AddRemove-Family Toolbar - c:\program files\Family Toolbar\ToolUninstall.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-yuPlay ęëčĺíň_is1 - d:\program files\Wings of prey\yuPlay\unins000.exe
AddRemove-{091ED936-E610-497D-B651-0E4BF73CE598}_is1 - c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.0.0.610\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
AddRemove-{C5A9382C-C87E-4A98-80FB-988F3D71FCEB}_is1 - c:\program files\Leawo\3GP Converter\unins000.exe
AddRemove-1 Bundesliga Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack.exe
AddRemove-1 Bundesliga Facepack V2 - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack V2.exe
AddRemove-1 Bundesliga Facepack V3 - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack V3.exe
AddRemove-1.+ 2. Bundesliga Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller 1.+2.
AddRemove-Arsenal Face Pack V.1 by Santups18 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-EPL Facepack v.3 by Haness - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-EPL Facepack V2 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-ETS CZ - c:\documents and settings\Martin\Dokumenty\Euro Truck Simulator\mod\Uninstal ETS CZ.exe
AddRemove-International Facepack V3 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-La Liga Facepack By Fifa-Evolution - c:\program files\EA Sports\Fifa 09\Uninstal.exe
AddRemove-Manchester United Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller Man U Facepack.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Martin\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 00:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8A6811F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> sfsync02.sys @ 0xba0e98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ce7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf4a21
SendHandler -> NDIS.sys @ 0xb9cd287b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,c5,8c,63,3b,da,9c,50,71,40,a3,0c,ab,0c,58,4a,2a,ae,7c,f5,98,35,4b,
a2,0f,9c,21,b0,ce,63,e8,02,b9,83,16,94,56,dd,b1,b9,12,62,da,b9,c1,8a,54,b0,\
"??"=hex:9c,03,de,c8,88,03,d5,45,31,e5,ca,c9,b4,6b,52,2d
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:69,38,f0,18,1b,6d,51,80,ea,60,d0,0b,4c,0c,d8,75,ff,54,30,6e,12,
38,7a,71,17,74,36,8c,32,42,ac,fc,62,fe,d8,fd,49,40,e9,97,92,41,ff,ce,b8,a4,\
"rkeysecu"=hex:02,74,7f,66,08,cf,68,03,73,10,5d,35,e3,e8,a3,44
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&17d1cf69&0&0000\LogConf]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&2a8b800e&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3316)
c:\windows\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-02-13 00:59:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-12 23:58
Před spuštěním: 3 935 264 768
Po spuštění: Volných bajtů: 12 455 911 424
- - End Of File - - 02B75A7CF4AD6356FD083738DC3D2CD2
ComboFix 10-02-12.01 - Martin 13.02.2010 0:47.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2726 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\VerTerm.exe
AV: avast! antivirus 4.8.1368 [VPS 100212-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Martin\Dokumenty\cc_20091017_202104.reg
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.2.0.2880\Data\config.md
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.dat
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.0.0.610\Data\config.md
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome.manifest
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.0.0.610\FF\install.rdf
c:\program files\Media Access Startup\1.0.0.610\HPCommon.dll
c:\program files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\hppx.exe
c:\program files\Media Access Startup\1.0.0.610\unins000.dat
c:\program files\Media Access Startup\1.0.0.610\unins000.exe
c:\program files\Nice Prosper
c:\program files\Nice Prosper\CashBackAssistant\cfcpxlog.mx
c:\program files\Nice Prosper\CashBackAssistant\MatchingData.zd5
c:\program files\Nice Prosper\CashBackAssistant\setup.exe
c:\program files\Nice Prosper\CashBackAssistant\unins000.dat
c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
c:\windows\config.ini
c:\windows\Mafia
c:\windows\Mafia \uninstall.exe
c:\windows\Readme.txt
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp74.tmp
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-02-12 23:38 . 2010-02-12 23:40 -------- d-----w- C:\VerTerm8863V
2010-02-12 23:23 . 2010-02-12 23:23 -------- d-----w- C:\VerTerm
2010-01-28 14:07 . 2010-01-28 14:07 -------- d-----w- c:\program files\Microsoft Games
2010-01-26 22:49 . 2010-01-26 22:49 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2010-01-24 11:12 . 2007-05-31 22:47 7437824 ----a-w- c:\windows\system32\smfcore.dll
2010-01-24 11:12 . 2007-02-25 14:36 383238 ----a-w- c:\windows\system32\libmp3lame-0.dll
2010-01-23 08:14 . 2010-01-23 08:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 19:35 . 2010-01-20 19:35 -------- d-----w- C:\ProgramData
2010-01-20 19:34 . 2010-01-20 19:34 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\program files\Microsoft WSE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 23:51 . 2008-12-23 11:13 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 23:35 . 2010-01-08 23:09 -------- d-----w- c:\program files\Crawler
2010-02-12 07:20 . 2009-06-17 17:35 -------- d-----w- c:\program files\WinClamAVShield
2010-02-11 21:07 . 2009-06-18 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 21:18 . 2009-06-24 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 15:27 . 2008-12-23 09:57 -------- d-----w- c:\program files\uTorrent
2010-02-07 20:24 . 2009-01-23 15:14 1911 ----a-w- c:\windows\eReg.dat
2010-02-07 14:41 . 2009-05-05 17:38 -------- d-----w- c:\program files\Google
2010-02-05 17:22 . 2008-12-23 19:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-05 13:05 . 2008-12-23 19:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-26 22:49 . 2009-01-08 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 12:41 . 2009-01-30 18:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 11:37 . 2009-12-13 07:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 11:04 . 2010-01-11 11:04 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2010-01-08 23:37 . 2010-01-08 23:37 -------- d--h--w- c:\program files\Zero G Registry
2010-01-07 15:07 . 2009-06-18 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-18 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-10-20 21:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:44 . 2009-12-30 12:03 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-26 12:30 . 2009-12-26 12:30 -------- d-----w- c:\program files\Sony
2009-12-26 01:03 . 2008-12-22 19:44 -------- d-----w- c:\program files\Analog Devices
2009-12-24 17:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\BS_Player
2009-12-21 19:08 . 2006-10-20 21:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-22 18:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 23:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\Conduit
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 17:56 . 2009-02-09 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-10 17:56 . 2009-02-09 18:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 10:11 . 2006-10-20 21:30 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2005-03-02 20:14 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-10-20 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-10-20 21:32 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-12-22 22:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-22 22:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2008-12-22 22:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-22 22:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-22 22:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-22 22:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-12-06 12:59 . 2010-01-12 18:43 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
2009-08-31 15:55 . 2009-10-11 22:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 11:08 150768 ----a-w- c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-24 17:39 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-22 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-05-31 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-17 1783808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\Pure Codec\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"d:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2008 20:00 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2008 23:14 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2009 17:50 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2008 23:14 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.5.2009 17:29 55152]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [24.12.2008 19:12 90112]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.12.2008 22:32 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.12.2008 22:32 9856]
S2 gupdate1c9cda86c7b75c0;Služba Google Update (gupdate1c9cda86c7b75c0);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2009 18:39 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [30.12.2009 13:20 25832]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.6.2009 21:26 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:38]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///F:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - c:\program files\Family Toolbar\tbhelper.dll
BHO-{0C37B053-FD68-456a-82E1-D788EE342E6F} - c:\program files\Family Toolbar\tbcore3.dll
BHO-{D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - c:\program files\Family Toolbar\mhxpcomi.dll
Toolbar-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\Family Toolbar\tbcore3.dll
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\Family Toolbar\tbcore3.dll
HKCU-Run-WS9E3IQBKY - c:\windows\msd.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-CL08 & PL08 & GL & 2.GL & ČFL - d:\program files\EA Sports\FIFA 08\data\Uninstal.exe
AddRemove-CoD 2 čeština_is1 - d:\program files\Activision\Call of Duty 2\main\unins000.exe
AddRemove-Family Toolbar - c:\program files\Family Toolbar\ToolUninstall.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-yuPlay ęëčĺíň_is1 - d:\program files\Wings of prey\yuPlay\unins000.exe
AddRemove-{091ED936-E610-497D-B651-0E4BF73CE598}_is1 - c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.0.0.610\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
AddRemove-{C5A9382C-C87E-4A98-80FB-988F3D71FCEB}_is1 - c:\program files\Leawo\3GP Converter\unins000.exe
AddRemove-1 Bundesliga Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack.exe
AddRemove-1 Bundesliga Facepack V2 - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack V2.exe
AddRemove-1 Bundesliga Facepack V3 - c:\program files\EA Sports\FIFA 09\Uninstaller 1 Bundesliga Facepack V3.exe
AddRemove-1.+ 2. Bundesliga Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller 1.+2.
AddRemove-Arsenal Face Pack V.1 by Santups18 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-EPL Facepack v.3 by Haness - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-EPL Facepack V2 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-ETS CZ - c:\documents and settings\Martin\Dokumenty\Euro Truck Simulator\mod\Uninstal ETS CZ.exe
AddRemove-International Facepack V3 - c:\program files\EA Sports\FIFA 09\Uninstal.exe
AddRemove-La Liga Facepack By Fifa-Evolution - c:\program files\EA Sports\Fifa 09\Uninstal.exe
AddRemove-Manchester United Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller Man U Facepack.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Martin\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 00:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8A6811F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> sfsync02.sys @ 0xba0e98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ce7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf4a21
SendHandler -> NDIS.sys @ 0xb9cd287b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,c5,8c,63,3b,da,9c,50,71,40,a3,0c,ab,0c,58,4a,2a,ae,7c,f5,98,35,4b,
a2,0f,9c,21,b0,ce,63,e8,02,b9,83,16,94,56,dd,b1,b9,12,62,da,b9,c1,8a,54,b0,\
"??"=hex:9c,03,de,c8,88,03,d5,45,31,e5,ca,c9,b4,6b,52,2d
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:69,38,f0,18,1b,6d,51,80,ea,60,d0,0b,4c,0c,d8,75,ff,54,30,6e,12,
38,7a,71,17,74,36,8c,32,42,ac,fc,62,fe,d8,fd,49,40,e9,97,92,41,ff,ce,b8,a4,\
"rkeysecu"=hex:02,74,7f,66,08,cf,68,03,73,10,5d,35,e3,e8,a3,44
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&17d1cf69&0&0000\LogConf]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&2a8b800e&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3316)
c:\windows\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-02-13 00:59:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-12 23:58
Před spuštěním: 3 935 264 768
Po spuštění: Volných bajtů: 12 455 911 424
- - End Of File - - 02B75A7CF4AD6356FD083738DC3D2CD2
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Reset PC pri Tento Pocitac apod.
Odinstaluj Crawler Toolbar
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\system32\smfcore.dll
c:\windows\system32\libmp3lame-0.dll
Vlož sem pak odkazy na stránky s výsledky.
////////////////////////
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Folder::
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
Registry::
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
Firefox::
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\system32\smfcore.dll
c:\windows\system32\libmp3lame-0.dll
Vlož sem pak odkazy na stránky s výsledky.
////////////////////////
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Reset PC pri Tento Pocitac apod.
Tady je log z Verterm:
ComboFix 10-02-12.01 - Martin 13.02.2010 14:57:15.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2780 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\VerTerm.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Crawler\ctbr.dll
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 01:05 . 2010-02-13 01:05 -------- d-----w- c:\windows\system32\Nagasoft
2010-02-12 23:38 . 2010-02-12 23:40 -------- d-----w- C:\VerTerm8863V
2010-02-12 23:23 . 2010-02-12 23:23 -------- d-----w- C:\VerTerm
2010-01-28 14:07 . 2010-01-28 14:07 -------- d-----w- c:\program files\Microsoft Games
2010-01-24 11:12 . 2007-05-31 22:47 7437824 ----a-w- c:\windows\system32\smfcore.dll
2010-01-24 11:12 . 2007-02-25 14:36 383238 ----a-w- c:\windows\system32\libmp3lame-0.dll
2010-01-23 08:14 . 2010-01-23 08:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 19:35 . 2010-01-20 19:35 -------- d-----w- C:\ProgramData
2010-01-20 19:34 . 2010-01-20 19:34 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\program files\Microsoft WSE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 14:01 . 2010-01-08 23:09 -------- d-----w- c:\program files\Crawler
2010-02-13 08:56 . 2009-06-17 17:35 -------- d-----w- c:\program files\WinClamAVShield
2010-02-12 23:51 . 2008-12-23 11:13 -------- d-----w- c:\program files\ICQ6.5
2010-02-11 21:07 . 2009-06-18 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 21:18 . 2009-06-24 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 15:27 . 2008-12-23 09:57 -------- d-----w- c:\program files\uTorrent
2010-02-07 20:24 . 2009-01-23 15:14 1911 ----a-w- c:\windows\eReg.dat
2010-02-07 14:41 . 2009-05-05 17:38 -------- d-----w- c:\program files\Google
2010-02-05 17:22 . 2008-12-23 19:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-05 13:05 . 2008-12-23 19:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-26 22:49 . 2009-01-08 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 12:41 . 2009-01-30 18:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 11:37 . 2009-12-13 07:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 11:04 . 2010-01-11 11:04 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2010-01-08 23:37 . 2010-01-08 23:37 -------- d--h--w- c:\program files\Zero G Registry
2010-01-07 15:07 . 2009-06-18 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-18 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-10-20 21:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:44 . 2009-12-30 12:03 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-26 12:30 . 2009-12-26 12:30 -------- d-----w- c:\program files\Sony
2009-12-26 01:03 . 2008-12-22 19:44 -------- d-----w- c:\program files\Analog Devices
2009-12-24 17:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\BS_Player
2009-12-21 19:08 . 2006-10-20 21:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-22 18:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 23:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\Conduit
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 17:56 . 2009-02-09 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-10 17:56 . 2009-02-09 18:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 10:11 . 2006-10-20 21:30 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2005-03-02 20:14 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-10-20 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-10-20 21:32 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-12-22 22:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-22 22:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2008-12-22 22:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-22 22:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-22 22:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-22 22:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-12-06 12:59 . 2010-01-12 18:43 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
2009-08-31 15:55 . 2009-10-11 22:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-12_23.53.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-13 13:56 . 2010-02-13 13:56 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
+ 2010-02-13 13:56 . 2010-02-13 13:56 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2010-02-13 01:05 . 2010-02-13 01:07 37665 c:\windows\system32\Nagasoft\Uninstall.exe
+ 2007-04-30 04:31 . 2007-04-30 04:31 65536 c:\windows\system32\Nagasoft\Codecs\cook.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 77889 c:\windows\system32\Nagasoft\Codecs\atrc.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 278528 c:\windows\system32\pncrt.dll
- 2007-10-10 10:28 . 2007-10-10 10:28 278528 c:\windows\system32\pncrt.dll
+ 2009-02-10 04:38 . 2009-02-10 04:38 147456 c:\windows\system32\Nagasoft\GifShower.dll
+ 2009-02-24 05:58 . 2009-02-24 05:58 151552 c:\windows\system32\Nagasoft\FFVJPlayer.exe
+ 2008-07-30 10:03 . 2008-07-30 10:03 106496 c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 553036 c:\windows\system32\Nagasoft\Codecs\raac.dll
+ 2008-04-22 01:39 . 2008-04-22 01:39 286720 c:\windows\system32\Nagasoft\Codecs\drvc.dll
+ 2009-09-24 02:59 . 2009-09-24 02:59 1695368 c:\windows\system32\Nagasoft\vjocx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 11:08 150768 ----a-w- c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-22 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-05-31 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-17 1783808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\Pure Codec\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"d:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2008 23:14 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2009 17:50 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2008 23:14 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.5.2009 17:29 55152]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [24.12.2008 19:12 90112]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.12.2008 22:32 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.12.2008 22:32 9856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2008 20:00 691696]
S2 gupdate1c9cda86c7b75c0;Služba Google Update (gupdate1c9cda86c7b75c0);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2009 18:39 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [30.12.2009 13:20 25832]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.6.2009 21:26 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:38]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///F:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Manchester United Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller Man U Facepack.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 15:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,c5,8c,63,3b,da,9c,50,71,40,a3,0c,ab,0c,58,4a,2a,ae,7c,f5,98,35,4b,
a2,0f,9c,21,b0,ce,63,e8,02,b9,83,16,94,56,dd,b1,b9,12,62,da,b9,c1,8a,54,b0,\
"??"=hex:9c,03,de,c8,88,03,d5,45,31,e5,ca,c9,b4,6b,52,2d
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:69,38,f0,18,1b,6d,51,80,ea,60,d0,0b,4c,0c,d8,75,ff,54,30,6e,12,
38,7a,71,17,74,36,8c,32,42,ac,fc,62,fe,d8,fd,49,40,e9,97,92,41,ff,ce,b8,a4,\
"rkeysecu"=hex:02,74,7f,66,08,cf,68,03,73,10,5d,35,e3,e8,a3,44
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&17d1cf69&0&0000\LogConf]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&2a8b800e&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2010-02-13 15:02:57
ComboFix-quarantined-files.txt 2010-02-13 14:02
ComboFix2.txt 2010-02-12 23:59
Před spuštěním: Volných bajtů: 12 438 495 232
Po spuštění: Volných bajtů: 12 452 880 384
- - End Of File - - 2818219E93EE5E7676508B49B1A7AB62
odkazy z virus total:
http://www.virustotal.com/cs/analisis/d ... 1266070279
http://www.virustotal.com/cs/analisis/1 ... 1266070467
ComboFix 10-02-12.01 - Martin 13.02.2010 14:57:15.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2780 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\VerTerm.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Crawler\ctbr.dll
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP\WiseCustomCalla.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 01:05 . 2010-02-13 01:05 -------- d-----w- c:\windows\system32\Nagasoft
2010-02-12 23:38 . 2010-02-12 23:40 -------- d-----w- C:\VerTerm8863V
2010-02-12 23:23 . 2010-02-12 23:23 -------- d-----w- C:\VerTerm
2010-01-28 14:07 . 2010-01-28 14:07 -------- d-----w- c:\program files\Microsoft Games
2010-01-24 11:12 . 2007-05-31 22:47 7437824 ----a-w- c:\windows\system32\smfcore.dll
2010-01-24 11:12 . 2007-02-25 14:36 383238 ----a-w- c:\windows\system32\libmp3lame-0.dll
2010-01-23 08:14 . 2010-01-23 08:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 19:35 . 2010-01-20 19:35 -------- d-----w- C:\ProgramData
2010-01-20 19:34 . 2010-01-20 19:34 -------- d-----w- c:\program files\Electronic Arts
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\program files\Microsoft WSE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 14:01 . 2010-01-08 23:09 -------- d-----w- c:\program files\Crawler
2010-02-13 08:56 . 2009-06-17 17:35 -------- d-----w- c:\program files\WinClamAVShield
2010-02-12 23:51 . 2008-12-23 11:13 -------- d-----w- c:\program files\ICQ6.5
2010-02-11 21:07 . 2009-06-18 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-09 21:18 . 2009-06-24 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-09 15:27 . 2008-12-23 09:57 -------- d-----w- c:\program files\uTorrent
2010-02-07 20:24 . 2009-01-23 15:14 1911 ----a-w- c:\windows\eReg.dat
2010-02-07 14:41 . 2009-05-05 17:38 -------- d-----w- c:\program files\Google
2010-02-05 17:22 . 2008-12-23 19:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-05 13:05 . 2008-12-23 19:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-26 22:49 . 2009-01-08 19:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 12:41 . 2009-01-30 18:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 11:37 . 2009-12-13 07:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 11:04 . 2010-01-11 11:04 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2010-01-08 23:37 . 2010-01-08 23:37 -------- d--h--w- c:\program files\Zero G Registry
2010-01-07 15:07 . 2009-06-18 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-18 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-10-20 21:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:44 . 2009-12-30 12:03 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-26 12:30 . 2009-12-26 12:30 -------- d-----w- c:\program files\Sony
2009-12-26 01:03 . 2008-12-22 19:44 -------- d-----w- c:\program files\Analog Devices
2009-12-24 17:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\BS_Player
2009-12-21 19:08 . 2006-10-20 21:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-22 18:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 23:39 . 2009-12-16 23:39 -------- d-----w- c:\program files\Conduit
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 17:56 . 2009-02-09 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-10 17:56 . 2009-02-09 18:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-09 10:11 . 2006-10-20 21:30 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2005-03-02 20:14 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-10-20 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2006-10-20 21:32 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-12-22 22:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-12-22 22:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2008-12-22 22:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-22 22:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-22 22:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-12-22 22:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-12-06 12:59 . 2010-01-12 18:43 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
2009-08-31 15:55 . 2009-10-11 22:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-12_23.53.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-13 13:56 . 2010-02-13 13:56 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
+ 2010-02-13 13:56 . 2010-02-13 13:56 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2010-02-13 01:05 . 2010-02-13 01:07 37665 c:\windows\system32\Nagasoft\Uninstall.exe
+ 2007-04-30 04:31 . 2007-04-30 04:31 65536 c:\windows\system32\Nagasoft\Codecs\cook.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 77889 c:\windows\system32\Nagasoft\Codecs\atrc.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 278528 c:\windows\system32\pncrt.dll
- 2007-10-10 10:28 . 2007-10-10 10:28 278528 c:\windows\system32\pncrt.dll
+ 2009-02-10 04:38 . 2009-02-10 04:38 147456 c:\windows\system32\Nagasoft\GifShower.dll
+ 2009-02-24 05:58 . 2009-02-24 05:58 151552 c:\windows\system32\Nagasoft\FFVJPlayer.exe
+ 2008-07-30 10:03 . 2008-07-30 10:03 106496 c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
+ 2008-07-21 02:30 . 2008-07-21 02:30 553036 c:\windows\system32\Nagasoft\Codecs\raac.dll
+ 2008-04-22 01:39 . 2008-04-22 01:39 286720 c:\windows\system32\Nagasoft\Codecs\drvc.dll
+ 2009-09-24 02:59 . 2009-09-24 02:59 1695368 c:\windows\system32\Nagasoft\vjocx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 11:08 150768 ----a-w- c:\documents and settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2009-09-22 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-05-31 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-17 1783808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\Pure Codec\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"d:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
"d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"d:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2008 23:14 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.6.2009 17:50 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2008 23:14 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.5.2009 17:29 55152]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [24.12.2008 19:12 90112]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [22.12.2008 22:32 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [22.12.2008 22:32 9856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.12.2008 20:00 691696]
S2 gupdate1c9cda86c7b75c0;Služba Google Update (gupdate1c9cda86c7b75c0);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2009 18:39 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [30.12.2009 13:20 25832]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 17:08 533360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.6.2009 21:26 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:38]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 17:39]
2010-02-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///F:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\v0m0jmnh.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Manchester United Facepack - c:\program files\EA Sports\FIFA 09\Uninstaller Man U Facepack.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 15:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,c5,8c,63,3b,da,9c,50,71,40,a3,0c,ab,0c,58,4a,2a,ae,7c,f5,98,35,4b,
a2,0f,9c,21,b0,ce,63,e8,02,b9,83,16,94,56,dd,b1,b9,12,62,da,b9,c1,8a,54,b0,\
"??"=hex:9c,03,de,c8,88,03,d5,45,31,e5,ca,c9,b4,6b,52,2d
[HKEY_USERS\S-1-5-21-1614895754-308236825-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:69,38,f0,18,1b,6d,51,80,ea,60,d0,0b,4c,0c,d8,75,ff,54,30,6e,12,
38,7a,71,17,74,36,8c,32,42,ac,fc,62,fe,d8,fd,49,40,e9,97,92,41,ff,ce,b8,a4,\
"rkeysecu"=hex:02,74,7f,66,08,cf,68,03,73,10,5d,35,e3,e8,a3,44
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&17d1cf69&0&0000\LogConf]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0458&Pid_009c&Col01\6&2a8b800e&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2010-02-13 15:02:57
ComboFix-quarantined-files.txt 2010-02-13 14:02
ComboFix2.txt 2010-02-12 23:59
Před spuštěním: Volných bajtů: 12 438 495 232
Po spuštění: Volných bajtů: 12 452 880 384
- - End Of File - - 2818219E93EE5E7676508B49B1A7AB62
odkazy z virus total:
http://www.virustotal.com/cs/analisis/d ... 1266070279
http://www.virustotal.com/cs/analisis/1 ... 1266070467
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti