ComboFix 09-07-20.05 - Jama 21.07.2009 19:41.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1531 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jama\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Dvbpws.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_ksi32sk
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-21 do 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-21 15:21 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 15:21 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:21 . 2009-07-21 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 13:48 . 2009-07-21 08:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Trend Micro
2009-07-21 08:47 . 2009-07-21 08:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 08:19 . 2009-07-21 08:19 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-07-21 08:17 . 2009-07-21 08:17 -------- d-----w- c:\program files\Lavasoft
2009-07-20 13:39 . 2009-07-20 13:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-19 17:49 . 2009-07-19 17:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 17:48 . 2009-07-19 17:48 -------- d-----w- c:\program files\Java
2009-07-19 12:25 . 2009-07-19 12:25 -------- d-----w- c:\program files\EA Games
2009-07-19 09:26 . 2009-07-20 18:45 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 17:44 . 2008-11-21 20:58 16608 ----a-w- c:\windows\gdrv.sys
2009-07-21 15:20 . 2009-01-17 20:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-20 18:24 . 2009-04-25 11:58 -------- d-----w- c:\program files\Crimsonland
2009-07-19 22:35 . 2008-11-21 23:20 -------- d-----w- c:\program files\ESET
2009-07-19 20:59 . 2009-03-05 19:03 -------- d-----w- c:\program files\SeekeenSrch
2009-07-19 13:01 . 2009-01-17 20:48 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 13:01 . 2009-01-17 20:47 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-19 12:41 . 2009-01-17 20:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-19 12:41 . 2009-01-17 20:47 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-17 16:02 . 2009-04-26 16:02 -------- d-----w- c:\program files\Norton Security Scan
2009-06-22 17:41 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:41 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-06-21 10:23 . 2002-03-25 20:02 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-06-21 10:23 . 2008-11-21 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 10:11 . 2009-06-21 10:11 -------- d-----w- c:\program files\The Creative Assembly
2009-06-16 05:06 . 2008-11-21 23:55 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-15 20:28 . 2009-06-15 19:53 -------- d-----w- c:\program files\ICQ6.5
2009-06-15 19:54 . 2008-11-21 23:54 -------- d-----w- c:\program files\ICQ6
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-03-13 14:43 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:03 . 2008-11-22 00:26 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-06-21 08:53 . 2008-11-22 14:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Google Update"="c:\documents and settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-11-15 33792]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-21 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Jama\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\HRY\\RelicCOH.exe"=
"c:\\HRY\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\HRY\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 10:47 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [22.11.2008 13:08 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 22:58 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1029456]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [22.11.2008 12:47 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22.11.2008 12:46 167296]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21.11.2008 23:12 93696]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22.11.2008 12:48 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22.11.2008 13:06 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22.11.2008 12:47 10368]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [22.11.2008 12:43 9446]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 08:45]
2009-07-21 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-12-25 13:10]
2009-07-21 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-12-25 13:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-*{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-GEST - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jama\Data aplikací\Mozilla\Firefox\Profiles\rt0bvtdx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 19:45
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,f8,29,d3,de,8f,ab,e3,de,8b,67,e3,59,13,83,74,c8,45,8b,b1,f4,e9,06,
23,32,d2,5d,7a,b2,e7,8e,8c,2f,7c,16,bf,4b,a6,c4,0d,57,60,13,9a,69,7c,a8,23,\
"??"=hex:48,15,00,7a,cd,43,81,13,ed,65,d9,15,0a,e4,1b,56
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:72,07,47,83,1b,6a,9b,7c,3e,16,47,da,b6,c8,03,ad,fd,65,0c,6f,72,
1c,ed,af,73,d4,d0,86,ab,22,3b,68,a2,b2,e4,54,74,cf,46,39,02,77,11,67,07,93,\
"rkeysecu"=hex:58,56,a6,0c,4c,e7,f3,68,ad,a5,58,99,36,ed,10,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-21 19:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-21 17:48
Před spuštěním: Volných bajtů: 301 945 999 360
Po spuštění: Volných bajtů: 304 448 909 312
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
233
Zavirované PC + Vyřešeno
-
Fockewulfik
- nováček
- Příspěvky: 38
- Registrován: září 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirované PC + Vyřešeno
Se ani nedivím , že Ti to nejede, beru že tam máš antivir NOD32, ale jsou tam zbytky po Norton/Symantec, AVG..
Nejprve odinstaluj:
Winferno
SeekeenSrch
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Nejprve odinstaluj:
Winferno
SeekeenSrch
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\Tasks\PCConfidential.job
c:\program files\Winferno\PC Confidential\PCConfidential.exe
c:\windows\Tasks\RPCReminder.job
c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe
c:\windows\system32\d3d9caps.dat
Folder::
c:\program files\SeekeenSrch
c:\program files\DAEMON Tools Toolbar
c:\program files\Norton Security Scan
c:\program files\AVG
c:\program files\Winferno
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Fockewulfik
- nováček
- Příspěvky: 38
- Registrován: září 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Zavirované PC +
ComboFix 09-07-20.05 - Jama 21.07.2009 20:31.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1521 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jama\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jama\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FILE ::
"c:\program files\Winferno\PC Confidential\PCConfidential.exe"
"c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\Tasks\PCConfidential.job"
"c:\windows\Tasks\RPCReminder.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AVG
c:\program files\AVG\AVG8\avg.snu.install_backup
c:\program files\AVG\AVG8\avg7api.dll.install_backup
c:\program files\AVG\AVG8\avgabout.dll.install_backup
c:\program files\AVG\AVG8\avgamnot.dll.install_backup
c:\program files\AVG\AVG8\avgapix.dll.install_backup
c:\program files\AVG\AVG8\avgatend.stp.install_backup
c:\program files\AVG\AVG8\avgatupd.stp.install_backup
c:\program files\AVG\AVG8\avgbat.bav.install_backup
c:\program files\AVG\AVG8\avgcclix.dll.install_backup
c:\program files\AVG\AVG8\avgcfgex.exe.install_backup
c:\program files\AVG\AVG8\avgcfgx.dll.install_backup
c:\program files\AVG\AVG8\avgclitx.dll.install_backup
c:\program files\AVG\AVG8\avgcmgr.exe.install_backup
c:\program files\AVG\AVG8\avgcorex.dll.install_backup
c:\program files\AVG\AVG8\avgcrlpx.dll.install_backup
c:\program files\AVG\AVG8\avgcsrvx.exe.install_backup
c:\program files\AVG\AVG8\avgdumpx.exe.install_backup
c:\program files\AVG\AVG8\avgfrw.exe.install_backup
c:\program files\AVG\AVG8\avginet.dll.install_backup
c:\program files\AVG\AVG8\avgiproxy.exe.install_backup
c:\program files\AVG\AVG8\avglngx.dll.install_backup
c:\program files\AVG\AVG8\avglogx.dll.install_backup
c:\program files\AVG\AVG8\avglvex.dll.install_backup
c:\program files\AVG\AVG8\avgmail.dll.install_backup
c:\program files\AVG\AVG8\avgmvflx.dll.install_backup
c:\program files\AVG\AVG8\avgnsx.exe.install_backup
c:\program files\AVG\AVG8\avgoff2k.dll.install_backup
c:\program files\AVG\AVG8\avgpp.dll.install_backup
c:\program files\AVG\AVG8\avgresf.dll.install_backup
c:\program files\AVG\AVG8\avgrsx.exe.install_backup
c:\program files\AVG\AVG8\avgsbfree_us.mht
c:\program files\AVG\AVG8\avgscanx.dll.install_backup
c:\program files\AVG\AVG8\avgscanx.exe.install_backup
c:\program files\AVG\AVG8\avgse.dll.install_backup
c:\program files\AVG\AVG8\avgsched.dll.install_backup
c:\program files\AVG\AVG8\avgsrmax.exe.install_backup
c:\program files\AVG\AVG8\avgsrmx.dll.install_backup
c:\program files\AVG\AVG8\avgssie.dll.install_backup
c:\program files\AVG\AVG8\AVGToolbarInstall.exe
c:\program files\AVG\AVG8\avgtray.exe.install_backup
c:\program files\AVG\AVG8\avgui.exe.install_backup
c:\program files\AVG\AVG8\avguiadv.dll.install_backup
c:\program files\AVG\AVG8\avguires.dll.install_backup
c:\program files\AVG\AVG8\avgupd.dll.install_backup
c:\program files\AVG\AVG8\avgupd.exe.install_backup
c:\program files\AVG\AVG8\avgvvx.dll.install_backup
c:\program files\AVG\AVG8\avgwd.dll.install_backup
c:\program files\AVG\AVG8\avgwdsvc.exe.install_backup
c:\program files\AVG\AVG8\avgwdwsc.dll.install_backup
c:\program files\AVG\AVG8\avgxch32.dll.install_backup
c:\program files\AVG\AVG8\avgxpl.dll.install_backup
c:\program files\AVG\AVG8\cf.dat.install_backup
c:\program files\AVG\AVG8\dfncfg.dat.install_backup
c:\program files\AVG\AVG8\Firefox\Components\avgssff.dll.install_backup
c:\program files\AVG\AVG8\Firefox\Components\ISearchShield.xpt.install_backup
c:\program files\AVG\AVG8\Firefox\chrome.manifest.install_backup
c:\program files\AVG\AVG8\Firefox\Chrome\searchshield.jar.install_backup
c:\program files\AVG\AVG8\Firefox\install.rdf.install_backup
c:\program files\AVG\AVG8\fixcfg.exe.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\block-doc.gif.install_backup
c:\program files\AVG\AVG8\Icons\blocked.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\box_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\caution.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\clock.gif.install_backup
c:\program files\AVG\AVG8\Icons\close.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_blocked.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_caution.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_close.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_safe.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_unknown.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_warning.gif.install_backup
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif.install_backup
c:\program files\AVG\AVG8\Icons\safe.gif.install_backup
c:\program files\AVG\AVG8\Icons\unknown.gif.install_backup
c:\program files\AVG\AVG8\Icons\warning.gif.install_backup
c:\program files\AVG\AVG8\ph.dat.install_backup
c:\program files\AVG\AVG8\sb.dat.install_backup
c:\program files\AVG\AVG8\sb.dat.xcd.install_backup
c:\program files\AVG\AVG8\sb2.dat.install_backup
c:\program files\AVG\AVG8\sc.dat.install_backup
c:\program files\AVG\AVG8\sc.dat.xcd.install_backup
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\autocomplete.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\avgapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\notifications.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgprogramversion.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome.manifest
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\after_install.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\After_uninstall.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\avgtbapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\customwrapper.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\partFiles.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\statusindicator.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\config.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\contexthtml.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\custom.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\ex\marquee.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\about.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_style.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_background.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_main.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_style.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie8footer.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie8header.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_powered_by_yahoo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tbapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_error.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\htmlwindow.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\bubbles.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\cache.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\cookie.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\directory.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dns.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dom.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dragdrop.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\file.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\chevron.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\include.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\loader.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\log.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\mutex.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\newtab.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\pass.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\prefs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\privacy.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\refreshControl.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\registry.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\resources.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searches.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchplugin.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchProvs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\settings.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\splitter.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\stats.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\tabs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\translation.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\update.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updatecontrol.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updateext.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updater.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updates.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\utils.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\visibility.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\wrapper.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xml.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlconfig.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlitems.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mail.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mime.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\pop3.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\rss.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\ticker.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\xmlitemsex.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\overlay.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\overlay.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\searchProviders.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\contexthtml.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\dragdrop.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\gripper.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\chevron.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoAbout.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoGoButton.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoHomepage.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoNoProtection.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoOptions.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtection.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSS.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoTrash.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoUpdate.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\logo.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\logo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\overlay.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\searchProvider.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\settings_icon.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\slider.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\spWiki.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\spYahoo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\install.rdf
c:\program files\AVG\AVG8\Toolbar\Firefox\sp.xml
c:\program files\AVG\AVG8\Toolbar\IE8Lib.dll
c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe
c:\program files\AVG\AVG8\updatecomps.bak
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\BilBDRes.dll
c:\program files\Norton Security Scan\symbos.exe
c:\program files\Winferno
c:\program files\Winferno\PC Confidential\DeleteIndex.exe
c:\program files\Winferno\PC Confidential\Graphics\HandPoint.ico
c:\program files\Winferno\PC Confidential\PCCL.DLL
c:\program files\Winferno\PC Confidential\PCConfidential.exe
c:\program files\Winferno\PC Confidential\PCConfidential.chm
c:\program files\Winferno\PC Confidential\PCCST.exe
c:\program files\Winferno\PC Confidential\unins000.dat
c:\program files\Winferno\PC Confidential\unins000.exe
c:\program files\Winferno\PC Confidential\WinCMR.dll
c:\program files\Winferno\PC Confidential\WinfernoSoftware.url
c:\windows\system32\d3d9caps.dat
c:\windows\Tasks\PCConfidential.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-21 do 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-21 15:21 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 15:21 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:21 . 2009-07-21 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 13:48 . 2009-07-21 08:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Trend Micro
2009-07-21 08:47 . 2009-07-21 08:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 08:19 . 2009-07-21 08:19 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-07-21 08:17 . 2009-07-21 08:17 -------- d-----w- c:\program files\Lavasoft
2009-07-19 17:49 . 2009-07-19 17:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 17:48 . 2009-07-19 17:48 -------- d-----w- c:\program files\Java
2009-07-19 12:25 . 2009-07-19 12:25 -------- d-----w- c:\program files\EA Games
2009-07-19 09:26 . 2009-07-20 18:45 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 18:36 . 2008-11-21 20:58 16608 ----a-w- c:\windows\gdrv.sys
2009-07-20 18:24 . 2009-04-25 11:58 -------- d-----w- c:\program files\Crimsonland
2009-07-19 22:35 . 2008-11-21 23:20 -------- d-----w- c:\program files\ESET
2009-07-19 13:01 . 2009-01-17 20:48 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 13:01 . 2009-01-17 20:47 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-19 12:41 . 2009-01-17 20:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-19 12:41 . 2009-01-17 20:47 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-22 17:41 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:41 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-06-21 10:23 . 2002-03-25 20:02 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-06-21 10:23 . 2008-11-21 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 10:11 . 2009-06-21 10:11 -------- d-----w- c:\program files\The Creative Assembly
2009-06-16 05:06 . 2008-11-21 23:55 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-15 20:28 . 2009-06-15 19:53 -------- d-----w- c:\program files\ICQ6.5
2009-06-15 19:54 . 2008-11-21 23:54 -------- d-----w- c:\program files\ICQ6
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-03-13 14:43 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:03 . 2008-11-22 00:26 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-06-21 08:53 . 2008-11-22 14:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-21_17.45.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 18:36 . 2009-07-21 18:36 16384 c:\windows\temp\Perflib_Perfdata_598.dat
+ 2009-07-21 18:36 . 2009-07-21 18:36 16384 c:\windows\temp\Perflib_Perfdata_550.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Google Update"="c:\documents and settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-11-15 33792]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-21 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Jama\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\HRY\\RelicCOH.exe"=
"c:\\HRY\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\HRY\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 10:47 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [22.11.2008 13:08 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 22:58 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1029456]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [22.11.2008 12:47 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22.11.2008 12:46 167296]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21.11.2008 23:12 93696]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22.11.2008 12:48 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22.11.2008 13:06 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22.11.2008 12:47 10368]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [22.11.2008 12:43 9446]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 08:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\combofix\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 20:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,f8,29,d3,de,8f,ab,e3,de,8b,67,e3,59,13,83,74,c8,45,8b,b1,f4,e9,06,
23,32,d2,5d,7a,b2,e7,8e,8c,2f,7c,16,bf,4b,a6,c4,0d,57,60,13,9a,69,7c,a8,23,\
"??"=hex:48,15,00,7a,cd,43,81,13,ed,65,d9,15,0a,e4,1b,56
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:72,07,47,83,1b,6a,9b,7c,3e,16,47,da,b6,c8,03,ad,fd,65,0c,6f,72,
1c,ed,af,73,d4,d0,86,ab,22,3b,68,a2,b2,e4,54,74,cf,46,39,02,77,11,67,07,93,\
"rkeysecu"=hex:58,56,a6,0c,4c,e7,f3,68,ad,a5,58,99,36,ed,10,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-21 20:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-21 18:40
ComboFix2.txt 2009-07-21 17:48
Před spuštěním: Volných bajtů: 304 420 495 360
Po spuštění: Volných bajtů: 304 379 117 568
491
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1521 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jama\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jama\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FILE ::
"c:\program files\Winferno\PC Confidential\PCConfidential.exe"
"c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\Tasks\PCConfidential.job"
"c:\windows\Tasks\RPCReminder.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AVG
c:\program files\AVG\AVG8\avg.snu.install_backup
c:\program files\AVG\AVG8\avg7api.dll.install_backup
c:\program files\AVG\AVG8\avgabout.dll.install_backup
c:\program files\AVG\AVG8\avgamnot.dll.install_backup
c:\program files\AVG\AVG8\avgapix.dll.install_backup
c:\program files\AVG\AVG8\avgatend.stp.install_backup
c:\program files\AVG\AVG8\avgatupd.stp.install_backup
c:\program files\AVG\AVG8\avgbat.bav.install_backup
c:\program files\AVG\AVG8\avgcclix.dll.install_backup
c:\program files\AVG\AVG8\avgcfgex.exe.install_backup
c:\program files\AVG\AVG8\avgcfgx.dll.install_backup
c:\program files\AVG\AVG8\avgclitx.dll.install_backup
c:\program files\AVG\AVG8\avgcmgr.exe.install_backup
c:\program files\AVG\AVG8\avgcorex.dll.install_backup
c:\program files\AVG\AVG8\avgcrlpx.dll.install_backup
c:\program files\AVG\AVG8\avgcsrvx.exe.install_backup
c:\program files\AVG\AVG8\avgdumpx.exe.install_backup
c:\program files\AVG\AVG8\avgfrw.exe.install_backup
c:\program files\AVG\AVG8\avginet.dll.install_backup
c:\program files\AVG\AVG8\avgiproxy.exe.install_backup
c:\program files\AVG\AVG8\avglngx.dll.install_backup
c:\program files\AVG\AVG8\avglogx.dll.install_backup
c:\program files\AVG\AVG8\avglvex.dll.install_backup
c:\program files\AVG\AVG8\avgmail.dll.install_backup
c:\program files\AVG\AVG8\avgmvflx.dll.install_backup
c:\program files\AVG\AVG8\avgnsx.exe.install_backup
c:\program files\AVG\AVG8\avgoff2k.dll.install_backup
c:\program files\AVG\AVG8\avgpp.dll.install_backup
c:\program files\AVG\AVG8\avgresf.dll.install_backup
c:\program files\AVG\AVG8\avgrsx.exe.install_backup
c:\program files\AVG\AVG8\avgsbfree_us.mht
c:\program files\AVG\AVG8\avgscanx.dll.install_backup
c:\program files\AVG\AVG8\avgscanx.exe.install_backup
c:\program files\AVG\AVG8\avgse.dll.install_backup
c:\program files\AVG\AVG8\avgsched.dll.install_backup
c:\program files\AVG\AVG8\avgsrmax.exe.install_backup
c:\program files\AVG\AVG8\avgsrmx.dll.install_backup
c:\program files\AVG\AVG8\avgssie.dll.install_backup
c:\program files\AVG\AVG8\AVGToolbarInstall.exe
c:\program files\AVG\AVG8\avgtray.exe.install_backup
c:\program files\AVG\AVG8\avgui.exe.install_backup
c:\program files\AVG\AVG8\avguiadv.dll.install_backup
c:\program files\AVG\AVG8\avguires.dll.install_backup
c:\program files\AVG\AVG8\avgupd.dll.install_backup
c:\program files\AVG\AVG8\avgupd.exe.install_backup
c:\program files\AVG\AVG8\avgvvx.dll.install_backup
c:\program files\AVG\AVG8\avgwd.dll.install_backup
c:\program files\AVG\AVG8\avgwdsvc.exe.install_backup
c:\program files\AVG\AVG8\avgwdwsc.dll.install_backup
c:\program files\AVG\AVG8\avgxch32.dll.install_backup
c:\program files\AVG\AVG8\avgxpl.dll.install_backup
c:\program files\AVG\AVG8\cf.dat.install_backup
c:\program files\AVG\AVG8\dfncfg.dat.install_backup
c:\program files\AVG\AVG8\Firefox\Components\avgssff.dll.install_backup
c:\program files\AVG\AVG8\Firefox\Components\ISearchShield.xpt.install_backup
c:\program files\AVG\AVG8\Firefox\chrome.manifest.install_backup
c:\program files\AVG\AVG8\Firefox\Chrome\searchshield.jar.install_backup
c:\program files\AVG\AVG8\Firefox\install.rdf.install_backup
c:\program files\AVG\AVG8\fixcfg.exe.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\block-doc.gif.install_backup
c:\program files\AVG\AVG8\Icons\blocked.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\box_top_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\caution.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_gray.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_green.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_orange.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_red.gif.install_backup
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif.install_backup
c:\program files\AVG\AVG8\Icons\clock.gif.install_backup
c:\program files\AVG\AVG8\Icons\close.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_blocked.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_caution.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_close.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_safe.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_unknown.gif.install_backup
c:\program files\AVG\AVG8\Icons\icons_warning.gif.install_backup
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif.install_backup
c:\program files\AVG\AVG8\Icons\safe.gif.install_backup
c:\program files\AVG\AVG8\Icons\unknown.gif.install_backup
c:\program files\AVG\AVG8\Icons\warning.gif.install_backup
c:\program files\AVG\AVG8\ph.dat.install_backup
c:\program files\AVG\AVG8\sb.dat.install_backup
c:\program files\AVG\AVG8\sb.dat.xcd.install_backup
c:\program files\AVG\AVG8\sb2.dat.install_backup
c:\program files\AVG\AVG8\sc.dat.install_backup
c:\program files\AVG\AVG8\sc.dat.xcd.install_backup
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\autocomplete.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\avgapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\notifications.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgprogramversion.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.xpt
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome.manifest
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\after_install.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\After_uninstall.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\avgtbapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\customwrapper.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\partFiles.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\avg\statusindicator.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\config.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\contexthtml.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\custom.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\ex\marquee.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\about.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_style.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_background.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_main.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_style.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie8footer.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie8header.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_powered_by_yahoo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\tbapi.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_error.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\htmlwindow.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\bubbles.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\cache.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\cookie.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\directory.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dns.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dom.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\dragdrop.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\file.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\chevron.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\include.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\loader.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\log.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\mutex.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\newtab.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\pass.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\prefs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\privacy.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\refreshControl.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\registry.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\resources.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searches.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchplugin.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchProvs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\settings.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\splitter.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\stats.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\tabs.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\translation.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\update.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updatecontrol.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updateext.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updater.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\updates.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\utils.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\visibility.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\wrapper.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xml.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlconfig.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlitems.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mail.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mime.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\pop3.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\rss.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\ticker.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\libsex\xmlitemsex.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\overlay.js
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\overlay.xul
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\content\searchProviders.xml
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\contexthtml.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\dragdrop.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\gripper.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\chevron.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoAbout.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoGoButton.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoHomepage.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoNoProtection.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoOptions.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtection.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSS.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoTrash.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\icoUpdate.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\logo.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\logo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\overlay.css
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\searchProvider.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\settings_icon.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\slider.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\spWiki.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\spYahoo.png
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\install.rdf
c:\program files\AVG\AVG8\Toolbar\Firefox\sp.xml
c:\program files\AVG\AVG8\Toolbar\IE8Lib.dll
c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe
c:\program files\AVG\AVG8\updatecomps.bak
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\BilBDRes.dll
c:\program files\Norton Security Scan\symbos.exe
c:\program files\Winferno
c:\program files\Winferno\PC Confidential\DeleteIndex.exe
c:\program files\Winferno\PC Confidential\Graphics\HandPoint.ico
c:\program files\Winferno\PC Confidential\PCCL.DLL
c:\program files\Winferno\PC Confidential\PCConfidential.exe
c:\program files\Winferno\PC Confidential\PCConfidential.chm
c:\program files\Winferno\PC Confidential\PCCST.exe
c:\program files\Winferno\PC Confidential\unins000.dat
c:\program files\Winferno\PC Confidential\unins000.exe
c:\program files\Winferno\PC Confidential\WinCMR.dll
c:\program files\Winferno\PC Confidential\WinfernoSoftware.url
c:\windows\system32\d3d9caps.dat
c:\windows\Tasks\PCConfidential.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-21 do 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-21 15:21 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 15:21 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:21 . 2009-07-21 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 13:48 . 2009-07-21 08:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Trend Micro
2009-07-21 08:47 . 2009-07-21 08:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 08:19 . 2009-07-21 08:19 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-07-21 08:17 . 2009-07-21 08:17 -------- d-----w- c:\program files\Lavasoft
2009-07-19 17:49 . 2009-07-19 17:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 17:48 . 2009-07-19 17:48 -------- d-----w- c:\program files\Java
2009-07-19 12:25 . 2009-07-19 12:25 -------- d-----w- c:\program files\EA Games
2009-07-19 09:26 . 2009-07-20 18:45 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 18:36 . 2008-11-21 20:58 16608 ----a-w- c:\windows\gdrv.sys
2009-07-20 18:24 . 2009-04-25 11:58 -------- d-----w- c:\program files\Crimsonland
2009-07-19 22:35 . 2008-11-21 23:20 -------- d-----w- c:\program files\ESET
2009-07-19 13:01 . 2009-01-17 20:48 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 13:01 . 2009-01-17 20:47 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-19 12:41 . 2009-01-17 20:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-19 12:41 . 2009-01-17 20:47 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-22 17:41 . 2001-10-25 14:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:41 . 2001-10-25 14:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-06-21 10:23 . 2002-03-25 20:02 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-06-21 10:23 . 2008-11-21 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 10:11 . 2009-06-21 10:11 -------- d-----w- c:\program files\The Creative Assembly
2009-06-16 05:06 . 2008-11-21 23:55 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-15 20:28 . 2009-06-15 19:53 -------- d-----w- c:\program files\ICQ6.5
2009-06-15 19:54 . 2008-11-21 23:54 -------- d-----w- c:\program files\ICQ6
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-03-13 14:43 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:03 . 2008-11-22 00:26 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-06-21 08:53 . 2008-11-22 14:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-21_17.45.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 18:36 . 2009-07-21 18:36 16384 c:\windows\temp\Perflib_Perfdata_598.dat
+ 2009-07-21 18:36 . 2009-07-21 18:36 16384 c:\windows\temp\Perflib_Perfdata_550.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Google Update"="c:\documents and settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-11-15 33792]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-21 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Jama\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\HRY\\RelicCOH.exe"=
"c:\\HRY\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\HRY\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.7.2009 10:47 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [22.11.2008 13:08 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 22:58 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19.1.2009 16:35 1029456]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [22.11.2008 12:47 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22.11.2008 12:46 167296]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [21.11.2008 23:12 93696]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22.11.2008 12:48 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22.11.2008 13:06 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22.11.2008 12:47 10368]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [22.11.2008 12:43 9446]
.
Obsah adresáře 'Naplánované úlohy'
2009-07-21 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 08:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\combofix\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 20:37
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,f8,29,d3,de,8f,ab,e3,de,8b,67,e3,59,13,83,74,c8,45,8b,b1,f4,e9,06,
23,32,d2,5d,7a,b2,e7,8e,8c,2f,7c,16,bf,4b,a6,c4,0d,57,60,13,9a,69,7c,a8,23,\
"??"=hex:48,15,00,7a,cd,43,81,13,ed,65,d9,15,0a,e4,1b,56
[HKEY_USERS\S-1-5-21-2025429265-179605362-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:72,07,47,83,1b,6a,9b,7c,3e,16,47,da,b6,c8,03,ad,fd,65,0c,6f,72,
1c,ed,af,73,d4,d0,86,ab,22,3b,68,a2,b2,e4,54,74,cf,46,39,02,77,11,67,07,93,\
"rkeysecu"=hex:58,56,a6,0c,4c,e7,f3,68,ad,a5,58,99,36,ed,10,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-21 20:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-21 18:40
ComboFix2.txt 2009-07-21 17:48
Před spuštěním: Volných bajtů: 304 420 495 360
Po spuštění: Volných bajtů: 304 379 117 568
491
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirované PC +
Takže to pročisti a vlož sem ještě nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Fockewulfik
- nováček
- Příspěvky: 38
- Registrován: září 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Zavirované PC +
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:09, on 21.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9886 bytes
Scan saved at 21:00:09, on 21.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jama\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9886 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirované PC +
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
Kód: Vybrat vše
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: (no name) - *{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Fockewulfik
- nováček
- Příspěvky: 38
- Registrován: září 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Zavirované PC +
Na tohle moc nejsem... Jak fixnout??? 
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirované PC +
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Fockewulfik
- nováček
- Příspěvky: 38
- Registrován: září 08
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Zavirované PC +
Velice Vám děkuji za vynaloženou námahu a ztracený čas na záchraně PC. Vše už šlape jak má... Nevím jak poděkovat, prostě : Díky moc!!!!!!!! 
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Zavirované PC +
Nemáš zač , jsi vždy vítán!!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů