HJT kontrola logu - vyskakující reklamní bannery v IE9

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Orcus » 14 led 2014 23:21

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Reklama
Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 15 led 2014 00:32

ComboFix 14-01-14.02 - Komár 14.01.2014 23:47:50.6.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3024.1858 [GMT 1:00]
Spuštěný z: c:\users\Komßr\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SEC8354.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-14 do 2014-01-14 )))))))))))))))))))))))))))))))
.
.
2014-01-14 23:07 . 2014-01-14 23:07 -------- d-----w- c:\users\KOMR~2\AppData\Local\temp
2014-01-14 23:07 . 2014-01-14 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-14 15:16 . 2014-01-14 15:16 -------- d-----w- c:\windows\ERUNT
2014-01-13 16:24 . 2014-01-14 14:41 -------- d-----w- C:\AdwCleaner
2014-01-11 23:14 . 2014-01-12 00:43 46640 ----a-w- c:\windows\system32\msln.exe
2014-01-11 20:42 . 2014-01-11 20:42 -------- d-----w- c:\users\Komár\AppData\Local\NPE
2014-01-11 17:17 . 2014-01-14 19:22 -------- d-----w- c:\program files\maucampo
2014-01-11 17:15 . 2014-01-11 17:16 -------- d-----w- c:\programdata\Astroburn Lite
2014-01-09 14:40 . 2014-01-09 14:49 -------- d-----w- c:\windows\system32\MRT
2014-01-09 14:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-09 14:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-09 14:30 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2014-01-09 14:29 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-09 14:28 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-01-09 14:19 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2014-01-09 14:19 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-01-09 14:15 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-07 12:18 . 2014-01-07 12:18 -------- d-----w- c:\program files\Common Files\Citrix
2014-01-02 08:55 . 2013-01-27 12:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-14 21:32 . 2014-01-13 17:02 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 35968 ----a-w- c:\windows\system32\drivers\winusb.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 43392 ----a-w- c:\windows\system32\drivers\winhv.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 7424 ----a-w- c:\windows\system32\drivers\WHFLTR2K.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 12800 ----a-w- c:\windows\system32\drivers\vpcuxd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 40704 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 175360 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 76288 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 284672 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 6016 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53120 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 74752 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 21504 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 148864 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 5120 ----a-w- c:\windows\system32\drivers\SSPORT.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 310272 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 311808 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2010-10-12 14:33 . 2014-01-02 08:56 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 16:15 . 2014-01-02 08:56 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 14:37 . 2014-01-02 08:56 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 14:35 . 2014-01-02 08:56 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 14:34 . 2014-01-02 08:56 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 14:32 . 2014-01-02 08:56 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 14:35 . 2014-01-02 08:56 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 14:34 . 2014-01-02 08:56 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 10:42 . 2014-01-02 08:56 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 14:37 . 2014-01-02 08:56 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 10:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 10:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Gadwin PrintScreen"="c:\program files\Gadwin PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2011-11-22 1363984]
"Akamai NetSession Interface"="c:\users\Komár\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-09 495708]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"EPSON_UD_START"="c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" [2010-11-02 341416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-04 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-04 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-04 172568]
"uni mouse driver"="c:\program files\Hama mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\program files\Hama mouse driver\wh_exec.exe" [2010-10-04 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 15:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 14:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 14:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 acpials;Filtr zařízení ALS Sensor;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2010-05-06 569728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-02-03 13224]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-10 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1501000.012\SYMDS.SYS [2013-09-10 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1501000.012\SYMEFA.SYS [2013-09-27 935512]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx86.sys [2013-12-18 1098968]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [2013-09-26 127064]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
S1 IDSVix86;IDSVix86;c:\program files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140113.001\IDSvix86.sys [2013-12-13 394456]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [2013-09-27 206936]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1501000.012\SYMNETS.SYS [2013-09-26 446552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2009-03-03 81920]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-23 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-23 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [2010-11-02 98304]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-10-08 275696]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-04-23 5120]
S2 Update maucampo;Update maucampo;c:\program files\maucampo\updatemaucampo.exe [2014-01-10 97048]
S2 Util maucampo;Util maucampo;c:\program files\maucampo\bin\utilmaucampo.exe [2014-01-11 97048]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2010-11-02 17664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 108120]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 56408279
*Deregistered* - 56408279
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-21 08:15]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-21 08:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: jihovychod.cz\mail
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Komár\AppData\Roaming\Mozilla\Firefox\Profiles\ah70w0qq.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
AddRemove-HijackThis - c:\users\Komár\Documents\6-ostatní\1-programy\HijackThis\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.1.0.18"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(15296)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
Celkový čas: 2014-01-15 00:15:32
ComboFix-quarantined-files.txt 2014-01-14 23:15
.
Před spuštěním: Volných bajtů: 10 382 778 368
Po spuštění: 9 949 073 408
.
- - End Of File - - F49709A501DC3DF671085E74ABCACEEC
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod jaro3 » 15 led 2014 09:43

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Nemáš málo volného místa na disku?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 06 úno 2014 10:33

ComboFix 14-02-05.02 - Komár 06.02.2014 10:00:30.7.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3024.1781 [GMT 1:00]
Spuštěný z: c:\users\Komßr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Komßr\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-06 do 2014-02-06 )))))))))))))))))))))))))))))))
.
.
2014-02-03 11:19 . 2014-02-03 11:19 -------- d-----w- c:\users\Komár\AppData\Roaming\SolidDocuments
2014-01-14 15:16 . 2014-01-14 15:16 -------- d-----w- c:\windows\ERUNT
2014-01-13 16:24 . 2014-01-14 14:41 -------- d-----w- C:\AdwCleaner
2014-01-11 23:14 . 2014-01-12 00:43 46640 ----a-w- c:\windows\system32\msln.exe
2014-01-11 20:42 . 2014-01-11 20:42 -------- d-----w- c:\users\Komár\AppData\Local\NPE
2014-01-11 17:17 . 2014-01-25 12:50 -------- d-----w- c:\program files\maucampo
2014-01-11 17:15 . 2014-01-11 17:16 -------- d-----w- c:\programdata\Astroburn Lite
2014-01-09 14:40 . 2014-01-09 14:49 -------- d-----w- c:\windows\system32\MRT
2014-01-09 14:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-09 14:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-09 14:30 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2014-01-09 14:29 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-09 14:28 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-01-09 14:19 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2014-01-09 14:19 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-01-09 14:15 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-07 12:18 . 2014-01-07 12:18 -------- d-----w- c:\program files\Common Files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 08:27 . 2013-02-11 08:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 08:27 . 2013-02-11 08:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-14 21:32 . 2014-01-13 17:02 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 35968 ----a-w- c:\windows\system32\drivers\winusb.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 43392 ----a-w- c:\windows\system32\drivers\winhv.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 7424 ----a-w- c:\windows\system32\drivers\WHFLTR2K.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 12800 ----a-w- c:\windows\system32\drivers\vpcuxd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 40704 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 175360 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 76288 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 284672 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 6016 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-14 21:32 . 2014-01-13 17:02 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 53120 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys.bak
2014-01-14 21:32 . 2014-01-13 17:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 74752 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 21504 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 148864 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 5120 ----a-w- c:\windows\system32\drivers\SSPORT.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 310272 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 311808 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-14 21:31 . 2014-01-13 17:02 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-14 21:31 . 2014-01-13 17:02 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2010-10-12 14:33 . 2014-01-02 08:56 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 16:15 . 2014-01-02 08:56 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 14:37 . 2014-01-02 08:56 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 14:35 . 2014-01-02 08:56 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 14:34 . 2014-01-02 08:56 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 14:32 . 2014-01-02 08:56 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 14:35 . 2014-01-02 08:56 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 14:34 . 2014-01-02 08:56 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 10:42 . 2014-01-02 08:56 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 14:37 . 2014-01-02 08:56 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 10:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 10:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Gadwin PrintScreen"="c:\program files\Gadwin PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2011-11-22 1363984]
"Akamai NetSession Interface"="c:\users\Komár\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-09 495708]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"EPSON_UD_START"="c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" [2010-11-02 341416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-04 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-04 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-04 172568]
"uni mouse driver"="c:\program files\Hama mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\program files\Hama mouse driver\wh_exec.exe" [2010-10-04 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 18:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 15:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 14:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 14:21 1500160 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 acpials;Filtr zařízení ALS Sensor;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2010-05-06 569728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-02-03 13224]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-10 1343400]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1501000.012\SYMDS.SYS [2013-09-10 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1501000.012\SYMEFA.SYS [2013-09-27 935512]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [2013-12-18 1098968]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [2013-09-26 127064]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
S1 IDSVix86;IDSVix86;c:\program files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.002\IDSvix86.sys [2014-01-21 394456]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [2013-09-27 206936]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1501000.012\SYMNETS.SYS [2013-09-26 446552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2009-03-03 81920]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-23 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-23 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [2010-11-02 98304]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-10-08 275696]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-04-23 5120]
S2 Update maucampo;Update maucampo;c:\program files\maucampo\updatemaucampo.exe [2014-02-05 80152]
S2 Util maucampo;Util maucampo;c:\program files\maucampo\bin\utilmaucampo.exe [2014-02-05 80152]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2010-11-02 17664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 108120]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-21 08:15]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-21 08:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: jihovychod.cz\mail
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Komár\AppData\Roaming\Mozilla\Firefox\Profiles\ah70w0qq.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.1.0.18"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4180)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Celkový čas: 2014-02-06 10:16:33
ComboFix-quarantined-files.txt 2014-02-06 09:16
ComboFix2.txt 2014-01-14 23:15
.
Před spuštěním: Volných bajtů: 13 568 000 000
Po spuštění: Volných bajtů: 13 237 460 992
.
- - End Of File - - 2C3FFDD1BACE0A10B228C1AAE6603938
A36C5E4F47E84449FF07ED3517B43A31

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 06 úno 2014 10:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:19, on 6.2.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hama mouse driver\mouse_driver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadwin PrintScreen\PrintScreen.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Users\Komár\Documents\6-ostatní\01-programy\Hledání spywaru, malwaru\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EPSON_UD_START] "C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" -UDCONNECT
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [uni mouse driver] "C:\Program Files\Hama mouse driver\mouse_driver.exe" /hide
O4 - HKLM\..\Run: [uni mouse driver tilt] "C:\Program Files\Hama mouse driver\wh_exec.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Redirector] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Komár\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Update maucampo - Unknown owner - C:\Program Files\maucampo\updatemaucampo.exe
O23 - Service: Util maucampo - Unknown owner - C:\Program Files\maucampo\bin\utilmaucampo.exe

--
End of file - 15648 bytes

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 06 úno 2014 13:31

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-06 10:49:03
-----------------------------
10:49:03.171 OS Version: Windows 6.1.7601 Service Pack 1
10:49:03.171 Number of processors: 2 586 0x1706
10:49:03.186 ComputerName: KOMÁR-PC UserName: Komár
10:49:09.442 Initialize success
10:49:22.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:49:22.510 Disk 0 Vendor: SAMSUNG_ 2AA0 Size: 190782MB BusType: 8
10:49:22.681 Disk 0 MBR read successfully
10:49:22.681 Disk 0 MBR scan
10:49:22.697 Disk 0 Windows 7 default MBR code
10:49:22.697 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
10:49:22.697 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 274432
10:49:22.712 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 188599 MB offset 4468736
10:49:22.712 Disk 0 scanning sectors +390719488
10:49:22.775 Disk 0 scanning C:\Windows\system32\drivers
10:50:07.796 Service scanning
10:50:11.852 Service BHDrvx86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys **LOCKED** 5
10:50:13.366 Service ccSet_NIS C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys **LOCKED** 5
10:50:18.030 Service IDSVix86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.002\IDSvix86.sys **LOCKED** 5
10:50:22.757 Service NAVENG C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVENG.SYS **LOCKED** 5
10:50:22.851 Service NAVEX15 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVEX15.SYS **LOCKED** 5
10:50:27.967 Service SRTSPX C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS **LOCKED** 5
10:50:28.591 Service SymDS C:\Windows\system32\drivers\NIS\1501000.012\SYMDS.SYS **LOCKED** 5
10:50:28.732 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
10:50:28.825 Service SymIRON C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS **LOCKED** 5
10:50:28.919 Service SymNetS C:\Windows\System32\Drivers\NIS\1501000.012\SYMNETS.SYS **LOCKED** 5
10:50:34.379 Modules scanning
10:50:55.299 Disk 0 trace - called modules:
10:50:55.314 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
10:50:55.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870cc400]
10:50:55.330 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866ea028]
10:50:55.330 Scan finished successfully
10:51:19.931 Disk 0 MBR has been saved successfully to "C:\Users\Komár\Desktop\MBR.dat"
10:51:19.931 The log file has been saved successfully to "C:\Users\Komár\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-06 10:52:47
-----------------------------
10:52:47.864 OS Version: Windows 6.1.7601 Service Pack 1
10:52:47.864 Number of processors: 2 586 0x1706
10:52:47.864 ComputerName: KOMÁR-PC UserName: Komár
10:52:50.298 Initialize success
10:53:01.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:53:01.899 Disk 0 Vendor: SAMSUNG_ 2AA0 Size: 190782MB BusType: 8
10:53:02.055 Disk 0 MBR read successfully
10:53:02.055 Disk 0 MBR scan
10:53:02.070 Disk 0 Windows 7 default MBR code
10:53:02.070 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
10:53:02.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 274432
10:53:02.086 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 188599 MB offset 4468736
10:53:02.102 Disk 0 scanning sectors +390719488
10:53:02.148 Disk 0 scanning C:\Windows\system32\drivers
10:53:40.884 Service scanning
10:53:43.663 Service BHDrvx86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys **LOCKED** 5
10:53:44.663 Service ccSet_NIS C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys **LOCKED** 5
10:53:49.920 Service IDSVix86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.002\IDSvix86.sys **LOCKED** 5
10:53:55.879 Service NAVENG C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVENG.SYS **LOCKED** 5
10:53:55.973 Service NAVEX15 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVEX15.SYS **LOCKED** 5
10:54:01.823 Service SRTSPX C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS **LOCKED** 5
10:54:02.478 Service SymDS C:\Windows\system32\drivers\NIS\1501000.012\SYMDS.SYS **LOCKED** 5
10:54:02.649 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
10:54:02.743 Service SymIRON C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS **LOCKED** 5
10:54:02.852 Service SymNetS C:\Windows\System32\Drivers\NIS\1501000.012\SYMNETS.SYS **LOCKED** 5
10:54:06.939 Modules scanning
10:54:20.075 Disk 0 trace - called modules:
10:54:20.465 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
10:54:20.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870cc400]
10:54:20.480 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866ea028]
10:54:20.496 Scan finished successfully
10:56:13.034 Disk 0 MBR has been saved successfully to "C:\Users\Komár\Desktop\MBR.dat"
10:56:13.034 The log file has been saved successfully to "C:\Users\Komár\Desktop\aswMBR.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod jaro3 » 06 úno 2014 16:12

Odinstaluj:
maucampo

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"




Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\maucampo
c:\program files\Skype\Updater
c:\program files\maucampo
c:\program files\Google\Update

Driver::
SkypeUpdate
Util maucampo

DDS::
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Nemáš málo volného místa na disku?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 27 úno 2014 17:20

Je cca 9-10 GB volného místa na disku málo?

Log z ComboFixu mi i přes opakované pokusy nevyběhl. V průběhu čištění se rovněž objevilo okno s hláškami (ukázka viz. příloha). Všechny se týkaly souborů umístěných "C:\Windows\erdnt\...", celkem hláška vyskočila 11x pro různé soubory v uvedené složce. V "C:\Windows\" mám navíc pouze složku "ERDNT", nikoliv "erdnt".

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:21, on 27.2.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hama mouse driver\mouse_driver.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadwin PrintScreen\PrintScreen.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Komár\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Users\Komár\Documents\6-ostatní\01-programy\Hledání spywaru, malwaru\HijackThis\HijackThis.exe
C:\Users\Komár\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: maucampo - {5d7d4fb9-aca5-4013-8879-c58dcd4df9f1} - C:\Program Files\maucampo\maucampoBHO.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EPSON_UD_START] "C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" -UDCONNECT
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [uni mouse driver] "C:\Program Files\Hama mouse driver\mouse_driver.exe" /hide
O4 - HKLM\..\Run: [uni mouse driver tilt] "C:\Program Files\Hama mouse driver\wh_exec.exe"
O4 - HKLM\..\Run: [Redirector] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=031014 serial=DR12CNC-8322248-NFT lang=CZ
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Komár\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Update maucampo - Unknown owner - C:\Program Files\maucampo\updatemaucampo.exe
O23 - Service: Util maucampo - Unknown owner - C:\Program Files\maucampo\bin\utilmaucampo.exe

--
End of file - 16073 bytes
Přílohy
Screen1403.jpg

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod jaro3 » 27 úno 2014 18:58

Měl bys mít alespoň 15% volného místa pro bezproblémový chod windows.

Ten script udělej znovu , v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 28 úno 2014 00:58

Script v nouzovém režimu se stejným výsledkem jako v normálním režimu, tj. totožné hlášky týkající se souborů umístěných "C:\Windows\erdnt\...", po skončení ComboFixu opět žádný log...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod jaro3 » 28 úno 2014 10:03

Vyhgotovení logu po restartu trvá někdy dost dlouho.

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Komar
nováček
Příspěvky: 42
Registrován: duben 12
Pohlaví: Muž
Stav:
Offline

Re: HJT kontrola logu - vyskakující reklamní bannery v IE9

Příspěvekod Komar » 04 bře 2014 00:36

Problémy beze změny. Ve všech prohlížečích pořád vyskakují otravné bannery po načtení jakékoliv stránky... Dva ve spodní části okna a po odkliknutí vyjede další od shora dolů u levého okraje...


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Google [Bot] a 67 hostů