Vir v PC - nelze ani vygenerovat HJT log
Re: Vir v PC - nelze ani vygenerovat HJT log
tak sem to restartoval, soubor combofix.txt tam neni, primo na C mezi adresarema je ikona ComboFix a kdyz ji otevru, tak je tam stejny menu, jako kdyz otevru tento pocitac, navic internet uz na pc nejde...mel bych to combo v nouzovym zkusit znovu spustit? je to naky posahany.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC - nelze ani vygenerovat HJT log
není tam nkde složka qoobox? Tam by taky mohl být log. jinak můžeš to zkusit znovu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir v PC - nelze ani vygenerovat HJT log
je tam...
\Registry\Machine\System\CurrentControlSet\Services\vkquwexg
*******************
Script file located at: \??\C:\ComboFix\ComboDel.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\QooBox
*******************
Beginning to process script file:
File move operation C:\ComboFix\MT_netbt.sys.tmp|C:\WINDOWS\system32\drivers\netbt.sys completed successfully.
File move operation C:\WINDOWS\system32\drivers\netbt.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\netbt.sys.vir_ completed successfully.
File C:\ComboFix\netbt not found!
File move operation C:\ComboFix\netbt|C:\WINDOWS\system32\drivers\netbt.sys failed!
Could not process line:
C:\ComboFix\netbt|C:\WINDOWS\system32\drivers\netbt.sys
Status: 0xc0000034
Could not open file C:\WINDOWS\$NtUninstallKB63225$\1883323471 for move operation
File move operation C:\WINDOWS\$NtUninstallKB63225$\1883323471|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\1883323471.vir failed!
Could not process line:
C:\WINDOWS\$NtUninstallKB63225$\1883323471|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\1883323471.vir
Status: 0xc0000279
File move operation C:\WINDOWS\$NtUninstallKB63225$\681058718\loader.tlb|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\681058718\loader.tlb.vir completed successfully.
Program C:\WINDOWS\Regedit.exe" /s "C:\ComboFix\SW_NetBT.reg successfully set up to run once on reboot.
Program C:\ComboFix\CF23767.3XE" /c "C:\ComboFix\C.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
\Registry\Machine\System\CurrentControlSet\Services\vkquwexg
*******************
Script file located at: \??\C:\ComboFix\ComboDel.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\QooBox
*******************
Beginning to process script file:
File move operation C:\ComboFix\MT_netbt.sys.tmp|C:\WINDOWS\system32\drivers\netbt.sys completed successfully.
File move operation C:\WINDOWS\system32\drivers\netbt.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\netbt.sys.vir_ completed successfully.
File C:\ComboFix\netbt not found!
File move operation C:\ComboFix\netbt|C:\WINDOWS\system32\drivers\netbt.sys failed!
Could not process line:
C:\ComboFix\netbt|C:\WINDOWS\system32\drivers\netbt.sys
Status: 0xc0000034
Could not open file C:\WINDOWS\$NtUninstallKB63225$\1883323471 for move operation
File move operation C:\WINDOWS\$NtUninstallKB63225$\1883323471|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\1883323471.vir failed!
Could not process line:
C:\WINDOWS\$NtUninstallKB63225$\1883323471|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\1883323471.vir
Status: 0xc0000279
File move operation C:\WINDOWS\$NtUninstallKB63225$\681058718\loader.tlb|C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB63225$\681058718\loader.tlb.vir completed successfully.
Program C:\WINDOWS\Regedit.exe" /s "C:\ComboFix\SW_NetBT.reg successfully set up to run once on reboot.
Program C:\ComboFix\CF23767.3XE" /c "C:\ComboFix\C.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC - nelze ani vygenerovat HJT log
To nní ono. udělej to znovu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir v PC - nelze ani vygenerovat HJT log
ComboFix 11-08-28.01 - Admin 28.08.2011 23:21:17.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2919 [GMT 2:00]
Spuštěný z: D:\Dokumenty\Download\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Admin\WINDOWS
C:\Program Files\TNod User & Password Finder\TNODUP.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Dokumenty\3A.doc
D:\Dokumenty\4A.doc
D:\Dokumenty\4B.doc
D:\Dokumenty\5A.doc
D:\Dokumenty\5B.doc
Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie C:\WINDOWS\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\system32\dllcache\wuauclt.exe
Nakažená kopie C:\WINDOWS\system32\FsUsbExService.Exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100347.Exe
Nakažená kopie C:\Program Files\ICQ6Toolbar\ICQ Service.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100346.exe
Nakažená kopie C:\Program Files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100345.exe
Nakažená kopie C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100344.exe
Nakažená kopie C:\Program Files\OO Software\Defrag\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100343.exe
Nakažená kopie c:\windows\system32\SearchIndexer.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100342.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_2898219e
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
2011-08-28 21:25:51 . 2010-07-29 07:50:16 238952 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-08-28 18:48:06 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-28 18:48:02 . 2011-08-28 18:48:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-28 18:48:02 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-28 18:00:17 . 2011-08-28 18:00:17 -------- d-----w- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-08-28 18:00:02 . 2011-08-28 18:00:02 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\logo_1.exe
2011-08-28 17:19:40 . 2011-08-28 17:19:39 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2011-08-28 17:19:39 . 2011-08-28 17:19:38 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2011-08-28 17:19:38 . 2011-08-28 17:19:37 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2011-08-28 17:19:36 . 2008-04-14 03:22:49 137216 ----a-w- C:\WINDOWS\system32\T.COM
2011-08-28 17:19:36 . 2008-04-14 03:22:42 147968 ----a-w- C:\WINDOWS\R.COM
2011-08-28 17:19:34 . 2011-08-28 17:19:34 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2011-08-28 17:19:30 . 2011-08-28 17:19:34 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-08-11 05:48:23 . 2011-06-24 14:10:39 139656 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-08-11 05:48:06 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-08-08 16:35:23 . 2011-08-21 05:31:39 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 16:35:23 . 2011-08-21 05:31:39 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-08-04 11:33:59 . 2011-08-04 11:34:00 -------- d-----w- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Deployment
2011-08-04 11:26:34 . 2011-08-04 11:27:48 -------- d-----w- C:\Program Files\Common Files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-15 13:29:31 . 2004-08-03 22:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2001-10-25 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-06-24 14:10:39 . 2009-07-01 09:34:27 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:31:31 . 2004-08-17 14:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:31:30 . 2004-08-17 14:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 18:31:30 . 2004-08-17 14:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 12:05:34 . 2004-08-17 14:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2004-08-17 14:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-06-06 11:35:21 . 2004-08-17 14:44:44 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-21 05:31:39 . 2011-05-06 21:07:49 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58:58 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-10 14:54:51 26624]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-31 01:49:54 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-17 00:04:26 2879488]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 08:49:18 131072]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 17:00:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 19:19:50 98304]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 12:31:54 311296]
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [2010-09-10 11:01:28 2771784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-16 07:34:18 274608]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Evoluent Mouse Manager.lnk - C:\WINDOWS\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe [2010-12-10 4286]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02:26 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\realplayer\\recordingmanager.exe"=
"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [1.7.2009 16:52:56 721904]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [28.4.2010 8:17:46 114984]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [28.8.2011 23:25:51 238952]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 20:58:25 246520]
R2 OODefragAgent;O&O Defrag Agent;C:\Program Files\OO Software\Defrag\oodag.exe [10.9.2010 13:01:42 2320712]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\WINDOWS\system32\drivers\EvoMouseDriverFilterHidUsb.sys [10.12.2010 11:00:43 22712]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [10.12.2010 11:00:05 20024]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [31.12.2009 11:28:00 36640]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43:40 810144]
S2 gupdate1ca6ed32b7b9b5a;Služba Google Update (gupdate1ca6ed32b7b9b5a);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 SaiH5509;SaiH5509;C:\WINDOWS\system32\drivers\SaiH5509.sys [2.7.2009 15:34:29 132232]
S3 SaiU5509;SaiU5509;C:\WINDOWS\system32\drivers\SaiU5509.sys [2.7.2009 15:34:33 28416]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
------- Doplňkový sken -------
uStart Page = hxxp://iws.asksearch.com/?cfg=2-347-0-...
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 81.200.55.78 81.200.48.12
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\jcsvl8c2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-TNOD UP - C:\Program Files\TNod User & Password Finder\TNODUP.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2919 [GMT 2:00]
Spuštěný z: D:\Dokumenty\Download\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Admin\WINDOWS
C:\Program Files\TNod User & Password Finder\TNODUP.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Dokumenty\3A.doc
D:\Dokumenty\4A.doc
D:\Dokumenty\4B.doc
D:\Dokumenty\5A.doc
D:\Dokumenty\5B.doc
Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie C:\WINDOWS\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\system32\dllcache\wuauclt.exe
Nakažená kopie C:\WINDOWS\system32\FsUsbExService.Exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100347.Exe
Nakažená kopie C:\Program Files\ICQ6Toolbar\ICQ Service.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100346.exe
Nakažená kopie C:\Program Files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100345.exe
Nakažená kopie C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100344.exe
Nakažená kopie C:\Program Files\OO Software\Defrag\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100343.exe
Nakažená kopie c:\windows\system32\SearchIndexer.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100342.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_2898219e
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
2011-08-28 21:25:51 . 2010-07-29 07:50:16 238952 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-08-28 18:48:06 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-28 18:48:02 . 2011-08-28 18:48:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-28 18:48:02 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-28 18:00:17 . 2011-08-28 18:00:17 -------- d-----w- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-08-28 18:00:02 . 2011-08-28 18:00:02 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\logo_1.exe
2011-08-28 17:19:40 . 2011-08-28 17:19:39 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2011-08-28 17:19:39 . 2011-08-28 17:19:38 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2011-08-28 17:19:38 . 2011-08-28 17:19:37 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2011-08-28 17:19:36 . 2008-04-14 03:22:49 137216 ----a-w- C:\WINDOWS\system32\T.COM
2011-08-28 17:19:36 . 2008-04-14 03:22:42 147968 ----a-w- C:\WINDOWS\R.COM
2011-08-28 17:19:34 . 2011-08-28 17:19:34 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2011-08-28 17:19:30 . 2011-08-28 17:19:34 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-08-11 05:48:23 . 2011-06-24 14:10:39 139656 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-08-11 05:48:06 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-08-08 16:35:23 . 2011-08-21 05:31:39 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 16:35:23 . 2011-08-21 05:31:39 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-08-04 11:33:59 . 2011-08-04 11:34:00 -------- d-----w- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Deployment
2011-08-04 11:26:34 . 2011-08-04 11:27:48 -------- d-----w- C:\Program Files\Common Files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-15 13:29:31 . 2004-08-03 22:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2001-10-25 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-06-24 14:10:39 . 2009-07-01 09:34:27 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:31:31 . 2004-08-17 14:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:31:30 . 2004-08-17 14:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 18:31:30 . 2004-08-17 14:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 12:05:34 . 2004-08-17 14:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2004-08-17 14:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-06-06 11:35:21 . 2004-08-17 14:44:44 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-21 05:31:39 . 2011-05-06 21:07:49 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58:58 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-10 14:54:51 26624]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-31 01:49:54 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-17 00:04:26 2879488]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 08:49:18 131072]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 17:00:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 19:19:50 98304]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 12:31:54 311296]
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [2010-09-10 11:01:28 2771784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-16 07:34:18 274608]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Evoluent Mouse Manager.lnk - C:\WINDOWS\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe [2010-12-10 4286]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02:26 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\realplayer\\recordingmanager.exe"=
"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [1.7.2009 16:52:56 721904]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [28.4.2010 8:17:46 114984]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [28.8.2011 23:25:51 238952]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 20:58:25 246520]
R2 OODefragAgent;O&O Defrag Agent;C:\Program Files\OO Software\Defrag\oodag.exe [10.9.2010 13:01:42 2320712]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\WINDOWS\system32\drivers\EvoMouseDriverFilterHidUsb.sys [10.12.2010 11:00:43 22712]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [10.12.2010 11:00:05 20024]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [31.12.2009 11:28:00 36640]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43:40 810144]
S2 gupdate1ca6ed32b7b9b5a;Služba Google Update (gupdate1ca6ed32b7b9b5a);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 SaiH5509;SaiH5509;C:\WINDOWS\system32\drivers\SaiH5509.sys [2.7.2009 15:34:29 132232]
S3 SaiU5509;SaiU5509;C:\WINDOWS\system32\drivers\SaiU5509.sys [2.7.2009 15:34:33 28416]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
------- Doplňkový sken -------
uStart Page = hxxp://iws.asksearch.com/?cfg=2-347-0-...
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 81.200.55.78 81.200.48.12
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\jcsvl8c2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-TNOD UP - C:\Program Files\TNod User & Password Finder\TNODUP.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC - nelze ani vygenerovat HJT log
Ten log není celý
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir v PC - nelze ani vygenerovat HJT log
teď sem měl pocit, že vše proběhlo jak mělo...celkově ten adresář comba na C: má kolem 30mega a je tam spousta souborů a jedinej nazev ComboFix v txt. sem zkopiroval...takže znovu? to snad už ne, nemůže se něco stát?
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Vir v PC - nelze ani vygenerovat HJT log
Znovu sem zkopíruj obsah toho Combofix.txt, ale pokračuj od toho, kde jsi skončil výše. Celý log se nevejde do jednoho tématu a je třeba jej rozdělit na více odpovědí
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Vir v PC - nelze ani vygenerovat HJT log
Hele, Buď sem na tohle fakt analfabet nebo je to opravdu všechno, pokud chceš mohu ti poslat ten textak na mejl, abys mi věřil...
Re: Vir v PC - nelze ani vygenerovat HJT log
v tom qoboxu slozce, je soubor combofix=quaranted=files v txt. ale tam je toho taky malo.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Vir v PC - nelze ani vygenerovat HJT log
Ten ne.
C:\Combofix.txt ----vlož sem zkopírovaný celý log na několikrát , když se nevejde.
C:\Combofix.txt ----vlož sem zkopírovaný celý log na několikrát , když se nevejde.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Vir v PC - nelze ani vygenerovat HJT log
Celý sem to projel a překontroloval s tim textakem a je to opravdu jen tohle, pripadne mohu poslat soubor na mail...ale vsim sem si, ze
ve windowsu se mi po odinstalaci eset smart security, nastavila automaticky brana firewallu od windowsu a to bylo zrejme zaply
behem praci combafixu v nouzovym rezimu, nemuze to bejt ten důvod, ze porad neco chybi? jsem v tomhle opravdu laik.
ComboFix 11-08-28.01 - Admin 28.08.2011 23:21:17.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2919 [GMT 2:00]
Spuštěný z: D:\Dokumenty\Download\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Admin\WINDOWS
C:\Program Files\TNod User & Password Finder\TNODUP.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Dokumenty\3A.doc
D:\Dokumenty\4A.doc
D:\Dokumenty\4B.doc
D:\Dokumenty\5A.doc
D:\Dokumenty\5B.doc
Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie C:\WINDOWS\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\system32\dllcache\wuauclt.exe
Nakažená kopie C:\WINDOWS\system32\FsUsbExService.Exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100347.Exe
Nakažená kopie C:\Program Files\ICQ6Toolbar\ICQ Service.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100346.exe
Nakažená kopie C:\Program Files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100345.exe
Nakažená kopie C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100344.exe
Nakažená kopie C:\Program Files\OO Software\Defrag\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100343.exe
Nakažená kopie c:\windows\system32\SearchIndexer.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100342.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_2898219e
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
2011-08-28 21:25:51 . 2010-07-29 07:50:16 238952 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-08-28 18:48:06 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-28 18:48:02 . 2011-08-28 18:48:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-28 18:48:02 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-28 18:00:17 . 2011-08-28 18:00:17 -------- d-----w- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-08-28 18:00:02 . 2011-08-28 18:00:02 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\logo_1.exe
2011-08-28 17:19:40 . 2011-08-28 17:19:39 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2011-08-28 17:19:39 . 2011-08-28 17:19:38 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2011-08-28 17:19:38 . 2011-08-28 17:19:37 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2011-08-28 17:19:36 . 2008-04-14 03:22:49 137216 ----a-w- C:\WINDOWS\system32\T.COM
2011-08-28 17:19:36 . 2008-04-14 03:22:42 147968 ----a-w- C:\WINDOWS\R.COM
2011-08-28 17:19:34 . 2011-08-28 17:19:34 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2011-08-28 17:19:30 . 2011-08-28 17:19:34 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-08-11 05:48:23 . 2011-06-24 14:10:39 139656 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-08-11 05:48:06 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-08-08 16:35:23 . 2011-08-21 05:31:39 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 16:35:23 . 2011-08-21 05:31:39 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-08-04 11:33:59 . 2011-08-04 11:34:00 -------- d-----w- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Deployment
2011-08-04 11:26:34 . 2011-08-04 11:27:48 -------- d-----w- C:\Program Files\Common Files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-15 13:29:31 . 2004-08-03 22:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2001-10-25 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-06-24 14:10:39 . 2009-07-01 09:34:27 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:31:31 . 2004-08-17 14:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:31:30 . 2004-08-17 14:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 18:31:30 . 2004-08-17 14:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 12:05:34 . 2004-08-17 14:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2004-08-17 14:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-06-06 11:35:21 . 2004-08-17 14:44:44 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-21 05:31:39 . 2011-05-06 21:07:49 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58:58 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-10 14:54:51 26624]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-31 01:49:54 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-17 00:04:26 2879488]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 08:49:18 131072]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 17:00:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 19:19:50 98304]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 12:31:54 311296]
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [2010-09-10 11:01:28 2771784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-16 07:34:18 274608]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Evoluent Mouse Manager.lnk - C:\WINDOWS\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe [2010-12-10 4286]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02:26 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\realplayer\\recordingmanager.exe"=
"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [1.7.2009 16:52:56 721904]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [28.4.2010 8:17:46 114984]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [28.8.2011 23:25:51 238952]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 20:58:25 246520]
R2 OODefragAgent;O&O Defrag Agent;C:\Program Files\OO Software\Defrag\oodag.exe [10.9.2010 13:01:42 2320712]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\WINDOWS\system32\drivers\EvoMouseDriverFilterHidUsb.sys [10.12.2010 11:00:43 22712]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [10.12.2010 11:00:05 20024]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [31.12.2009 11:28:00 36640]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43:40 810144]
S2 gupdate1ca6ed32b7b9b5a;Služba Google Update (gupdate1ca6ed32b7b9b5a);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 SaiH5509;SaiH5509;C:\WINDOWS\system32\drivers\SaiH5509.sys [2.7.2009 15:34:29 132232]
S3 SaiU5509;SaiU5509;C:\WINDOWS\system32\drivers\SaiU5509.sys [2.7.2009 15:34:33 28416]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
------- Doplňkový sken -------
uStart Page = hxxp://iws.asksearch.com/?cfg=2-347-0-...
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 81.200.55.78 81.200.48.12
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\jcsvl8c2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-TNOD UP - C:\Program Files\TNod User & Password Finder\TNODUP.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
ve windowsu se mi po odinstalaci eset smart security, nastavila automaticky brana firewallu od windowsu a to bylo zrejme zaply
behem praci combafixu v nouzovym rezimu, nemuze to bejt ten důvod, ze porad neco chybi? jsem v tomhle opravdu laik.
ComboFix 11-08-28.01 - Admin 28.08.2011 23:21:17.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2919 [GMT 2:00]
Spuštěný z: D:\Dokumenty\Download\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Admin\WINDOWS
C:\Program Files\TNod User & Password Finder\TNODUP.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Dokumenty\3A.doc
D:\Dokumenty\4A.doc
D:\Dokumenty\4B.doc
D:\Dokumenty\5A.doc
D:\Dokumenty\5B.doc
Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it :)
Nakažená kopie C:\WINDOWS\system32\wuauclt.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\system32\dllcache\wuauclt.exe
Nakažená kopie C:\WINDOWS\system32\FsUsbExService.Exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100347.Exe
Nakažená kopie C:\Program Files\ICQ6Toolbar\ICQ Service.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100346.exe
Nakažená kopie C:\Program Files\Java\jre6\bin\jqs.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100345.exe
Nakažená kopie C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100344.exe
Nakažená kopie C:\Program Files\OO Software\Defrag\oodag.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100343.exe
Nakažená kopie c:\windows\system32\SearchIndexer.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{485B8E24-EB16-4F66-BBB4-6936D2B96CC5}\RP699\A0100342.exe
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_2898219e
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-28 )))))))))))))))))))))))))))))))
2011-08-28 21:25:51 . 2010-07-29 07:50:16 238952 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-08-28 19:14:25 . 2008-04-13 19:21:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-08-28 18:48:06 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-28 18:48:02 . 2011-08-28 18:48:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-28 18:48:02 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-28 18:00:17 . 2011-08-28 18:00:17 -------- d-----w- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2011-08-28 18:00:02 . 2011-08-28 18:00:02 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2011-08-28 17:22:09 . 2011-08-28 17:22:09 -------- d---a-w- C:\WINDOWS\logo_1.exe
2011-08-28 17:19:40 . 2011-08-28 17:19:39 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2011-08-28 17:19:39 . 2011-08-28 17:19:38 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2011-08-28 17:19:38 . 2011-08-28 17:19:37 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2011-08-28 17:19:36 . 2008-04-14 03:22:49 137216 ----a-w- C:\WINDOWS\system32\T.COM
2011-08-28 17:19:36 . 2008-04-14 03:22:42 147968 ----a-w- C:\WINDOWS\R.COM
2011-08-28 17:19:34 . 2011-08-28 17:19:34 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2011-08-28 17:19:30 . 2011-08-28 17:19:34 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-08-11 05:48:23 . 2011-06-24 14:10:39 139656 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-08-11 05:48:06 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-08-08 16:35:23 . 2011-08-21 05:31:39 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 16:35:23 . 2011-08-21 05:31:39 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-08-04 11:33:59 . 2011-08-04 11:34:00 -------- d-----w- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Deployment
2011-08-04 11:26:34 . 2011-08-04 11:27:48 -------- d-----w- C:\Program Files\Common Files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-15 13:29:31 . 2004-08-03 22:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 . 2001-10-25 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys
2011-06-24 14:10:39 . 2009-07-01 09:34:27 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-23 18:31:31 . 2004-08-17 14:49:22 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-06-23 18:31:30 . 2004-08-17 14:49:30 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-06-23 18:31:30 . 2004-08-17 14:49:10 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 12:05:34 . 2004-08-17 14:44:08 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-06-20 17:44:52 . 2004-08-17 14:49:22 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-06-06 11:35:21 . 2004-08-17 14:44:44 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-08-21 05:31:39 . 2011-05-06 21:07:49 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58:58 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51:30 3911776 ----a-w- C:\Program Files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "C:\Program Files\uTorrentBar\tbuTor.dll" [2010-12-09 11:51:30 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 10:58:58 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-11-10 14:54:51 26624]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-31 01:49:54 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-17 00:04:26 2879488]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 08:49:18 131072]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 17:00:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 19:19:50 98304]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 12:31:54 311296]
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [2010-09-10 11:01:28 2771784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2010-11-16 07:34:18 274608]
"SmartSoft PDF Printer (demo) Agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe" [2007-10-22 07:45:26 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Evoluent Mouse Manager.lnk - C:\WINDOWS\Installer\{AD6E0AE0-DADF-480E-82AE-4CDA6035D341}\_BBBCF44DDE3DA1E118ADB6.exe [2010-12-10 4286]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
path=C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02:26 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\java.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Addon.exe"=
"C:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\realplayer\\recordingmanager.exe"=
"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [1.7.2009 16:52:56 721904]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [28.4.2010 8:17:46 114984]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [28.8.2011 23:25:51 238952]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 20:58:25 246520]
R2 OODefragAgent;O&O Defrag Agent;C:\Program Files\OO Software\Defrag\oodag.exe [10.9.2010 13:01:42 2320712]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\WINDOWS\system32\drivers\EvoMouseDriverFilterHidUsb.sys [10.12.2010 11:00:43 22712]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [10.12.2010 11:00:05 20024]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [31.12.2009 11:28:00 36640]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2.7.2010 12:43:40 810144]
S2 gupdate1ca6ed32b7b9b5a;Služba Google Update (gupdate1ca6ed32b7b9b5a);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys --> C:\WINDOWS\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [26.11.2009 22:00:56 133104]
S3 SaiH5509;SaiH5509;C:\WINDOWS\system32\drivers\SaiH5509.sys [2.7.2009 15:34:29 132232]
S3 SaiU5509;SaiU5509;C:\WINDOWS\system32\drivers\SaiU5509.sys [2.7.2009 15:34:33 28416]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
Obsah adresáře 'Naplánované úlohy'
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 20:00:56 . 2009-11-26 20:00:53]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
2011-08-28 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1708537768-682003330-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33:50 . 2010-11-05 10:33:50]
------- Doplňkový sken -------
uStart Page = hxxp://iws.asksearch.com/?cfg=2-347-0-...
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 81.200.55.78 81.200.48.12
FF - ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\jcsvl8c2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-TNOD UP - C:\Program Files\TNod User & Password Finder\TNODUP.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů