Prosím o kontrolu logu

psycho23 · Příspěvekod **psycho23** » 13 led 2012 17:42

Notebook Packard Bell ani né rok starý se šíleně přehřejvá, po pár minutách hraní se sám vypne. Už sem se radil v jinym topicu, ale poprosím ještě zde o kontrolu. Předem díky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:35:37, on 13.1.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\LOG\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f46i2c476
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f46i2c476
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11633 bytes

Reklama

Příspěvekod **jaro3** » 13 led 2012 21:06

Přehřívání zde neřešíme , kouknem jen na viry...

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {a84c9e75-cb32-4928-bab6-25460a3b19b3} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

psycho23 · Příspěvekod **psycho23** » 14 led 2012 11:24

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org

Verze databáze: v2012.01.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Packard Bell :: PACKARDBELL-PC [administrátor]

Ochrana: Povolena

14.1.2012 11:17:55
mbam-log-2012-01-14 (11-17-55).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186833
Uplynulý čas: 5 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Příspěvekod **jaro3** » 14 led 2012 11:35

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si Speedfan
http://www.filehippo.com/download_speedfan/
vpravo nahoře Download Latest Version

Nainstaluj a spusť program. V okně Hint , klikni na Close. Počkej určitý čas , až se hodnoty načtou.
Vlož sem prosím obrázek (screen) z toho programu.

Možná tu budu až v neděli večer , pomohou Ti kolegové.

psycho23 · Příspěvekod **psycho23** » 14 led 2012 12:17

ComboFix 12-01-13.05 - Packard Bell 14.01.2012 11:53:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2722 [GMT 1:00]
Spuštěný z: c:\users\Packard Bell\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Packard Bell\AppData\Local\TempDIR
c:\users\Packard Bell\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Packard Bell\videos\GeewaBirdsTownCz_10202.exe
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 11:00 . 2012-01-14 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-14 10:16 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 10:15 . 2012-01-14 10:15 -------- d-----w- c:\users\Packard Bell\AppData\Local\ATI
2012-01-13 18:44 . 2012-01-14 10:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EAF920F-E9D6-48F4-A714-AE8663209FA5}\offreg.dll
2012-01-13 16:28 . 2012-01-13 16:28 388096 ----a-r- c:\users\Packard Bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-13 16:28 . 2012-01-13 16:28 -------- d-----w- c:\program files (x86)\LOG
2012-01-13 14:36 . 2012-01-13 14:36 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\JAM Software
2012-01-13 14:35 . 2012-01-13 14:35 -------- d-----w- c:\program files\CPUID
2012-01-13 14:35 . 2010-11-09 14:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-01-13 14:31 . 2012-01-13 14:31 237 ----a-w- C:\user.js
2012-01-13 14:31 . 2012-01-13 14:31 -------- d-----w- c:\programdata\Babylon
2012-01-13 14:31 . 2012-01-13 14:31 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Babylon
2012-01-13 14:31 . 2012-01-13 14:33 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Systweak
2012-01-13 14:31 . 2011-07-07 12:26 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-01-13 14:30 . 2012-01-13 14:30 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-13 07:22 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EAF920F-E9D6-48F4-A714-AE8663209FA5}\mpengine.dll
2012-01-11 12:03 . 2012-01-11 12:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-11 09:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 09:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 09:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 09:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 09:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 09:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 09:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 09:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-02 15:06 . 2012-01-02 15:06 -------- d-----w- c:\programdata\Synetic
2012-01-02 14:51 . 2012-01-02 14:51 -------- d-----w- c:\program files (x86)\City Interactive
2011-12-30 20:42 . 2011-12-30 20:42 -------- d-----w- c:\windows\Sun
2011-12-27 15:49 . 2011-12-27 16:49 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Coyotes Tale
2011-12-27 15:02 . 2011-12-27 15:02 -------- d-----w- c:\program files (x86)\IVT Corporation
2011-12-27 12:18 . 2011-12-27 12:24 -------- d-----w- c:\program files (x86)\Posel Smrti 3
2011-12-27 10:35 . 2011-12-27 15:31 -------- d-----w- c:\program files (x86)\NewFolder Software
2011-12-26 11:32 . 2011-12-26 11:32 -------- d-----w- c:\programdata\MumboJumbo
2011-12-26 11:28 . 2011-12-26 11:28 -------- d-----w- c:\program files (x86)\Jewel Quest 6 - The Sapphire Dragon - Collectors Edition
2011-12-26 11:27 . 2011-12-26 11:27 -------- d-----w- c:\program files (x86)\Luxor 4
2011-12-25 19:06 . 2011-12-25 19:06 -------- d-----w- c:\program files\SiSoftware
2011-12-25 11:15 . 2011-12-25 11:15 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-25 11:15 . 2011-12-25 11:15 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-25 11:15 . 2011-12-25 11:15 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-25 11:15 . 2011-12-25 11:15 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Špidla Data Processing, s.r.o
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\programdata\Špidla Data Processing, s.r.o
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\Electronic Arts
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\EA Core
2011-12-23 13:48 . 2011-12-23 13:48 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-23 13:19 . 2011-12-23 14:29 -------- d-----w- c:\users\Packard Bell\AppData\Local\Rockstar Games
2011-12-17 13:11 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-17 13:10 . 2006-12-08 11:02 251672 ----a-w- c:\windows\SysWow64\xactengine2_5.dll
2011-12-17 12:57 . 2011-12-17 12:57 -------- d--h--w- c:\users\Packard Bell\InstallAnywhere
2011-12-17 12:31 . 2011-12-17 12:31 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Fighters
2011-12-17 12:31 . 2011-12-17 12:33 -------- d-----w- c:\programdata\Fighters
2011-12-17 12:06 . 2011-12-17 12:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-17 12:06 . 2011-12-17 12:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-17 12:06 . 2011-12-17 12:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-17 12:05 . 2011-12-17 12:05 -------- d-----w- c:\program files (x86)\Java
2011-12-17 11:52 . 2011-12-17 11:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 11:52 . 2011-12-21 15:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-15 19:58 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 19:49 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 19:49 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:49 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:49 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:49 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 9096]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000Core.job
- c:\users\Packard Bell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 15:57]
.
2012-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000UA.job
- c:\users\Packard Bell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 15:57]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-09 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.ChatVibes.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\n64pc7jp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 82b152b3000000000000001167d5d18e
FF - user.js: extensions.BabylonToolbar_i.hardId - 82b152b3000000000000001167d5d18e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15352
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A84C9E75-CB32-4928-BAB6-25460A3B19B3} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-WildTangentGDF-packardbell-clubpenguin - c:\program files (x86)\Packard Bell Games\Web Link - Club Penguin\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-01-14 12:04:50
ComboFix-quarantined-files.txt 2012-01-14 11:04
.
Před spuštěním: Volných bajtů: 302 984 790 016
Po spuštění: Volných bajtů: 302 488 068 096
.
- - End Of File - - 6A9C02A9C91C70749D6781C2695C42F0

Obrázek

Příspěvekod **Žbeky** » 14 led 2012 17:51

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.ChatVibes.com/
mLocal Page = c:\windows\SysWOW64\blank.htm

Firefox::
FF - ProfilePath - c:\users\Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\n64pc7jp.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 82b152b3000000000000001167d5d18e
FF - user.js: extensions.BabylonToolbar_i.hardId - 82b152b3000000000000001167d5d18e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15352
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\roboot64.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho

- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

psycho23 · Příspěvekod **psycho23** » 14 led 2012 18:33

ComboFix 12-01-13.05 - Packard Bell 14.01.2012 18:01:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2793 [GMT 1:00]
Spuštěný z: c:\users\Packard Bell\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Packard Bell\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3188372529-2598381172-659276144-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 17:07 . 2012-01-14 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 11:12 . 2012-01-14 11:13 -------- d-----w- c:\program files (x86)\SpeedFan
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-14 10:16 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 10:15 . 2012-01-14 10:15 -------- d-----w- c:\users\Packard Bell\AppData\Local\ATI
2012-01-13 16:28 . 2012-01-13 16:28 388096 ----a-r- c:\users\Packard Bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-13 16:28 . 2012-01-13 16:28 -------- d-----w- c:\program files (x86)\LOG
2012-01-13 14:36 . 2012-01-13 14:36 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\JAM Software
2012-01-13 14:35 . 2012-01-13 14:35 -------- d-----w- c:\program files\CPUID
2012-01-13 14:35 . 2010-11-09 14:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-01-13 14:31 . 2012-01-13 14:31 237 ----a-w- C:\user.js
2012-01-13 14:31 . 2012-01-13 14:31 -------- d-----w- c:\programdata\Babylon
2012-01-13 14:31 . 2012-01-13 14:31 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Babylon
2012-01-13 14:31 . 2012-01-13 14:33 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Systweak
2012-01-13 14:31 . 2011-07-07 12:26 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-01-13 14:30 . 2012-01-13 14:30 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-11 12:03 . 2012-01-11 12:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-11 09:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 09:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 09:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 09:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 09:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 09:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 09:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 09:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-02 15:06 . 2012-01-02 15:06 -------- d-----w- c:\programdata\Synetic
2012-01-02 14:51 . 2012-01-02 14:51 -------- d-----w- c:\program files (x86)\City Interactive
2011-12-30 20:42 . 2011-12-30 20:42 -------- d-----w- c:\windows\Sun
2011-12-27 15:49 . 2011-12-27 16:49 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Coyotes Tale
2011-12-27 15:02 . 2011-12-27 15:02 -------- d-----w- c:\program files (x86)\IVT Corporation
2011-12-27 12:18 . 2011-12-27 12:24 -------- d-----w- c:\program files (x86)\Posel Smrti 3
2011-12-27 10:35 . 2011-12-27 15:31 -------- d-----w- c:\program files (x86)\NewFolder Software
2011-12-26 11:32 . 2011-12-26 11:32 -------- d-----w- c:\programdata\MumboJumbo
2011-12-26 11:28 . 2011-12-26 11:28 -------- d-----w- c:\program files (x86)\Jewel Quest 6 - The Sapphire Dragon - Collectors Edition
2011-12-26 11:27 . 2011-12-26 11:27 -------- d-----w- c:\program files (x86)\Luxor 4
2011-12-25 19:06 . 2011-12-25 19:06 -------- d-----w- c:\program files\SiSoftware
2011-12-25 11:15 . 2011-12-25 11:15 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-25 11:15 . 2011-12-25 11:15 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-25 11:15 . 2011-12-25 11:15 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-25 11:15 . 2011-12-25 11:15 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Špidla Data Processing, s.r.o
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\programdata\Špidla Data Processing, s.r.o
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\Electronic Arts
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\EA Core
2011-12-23 13:48 . 2011-12-23 13:48 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-23 13:19 . 2011-12-23 14:29 -------- d-----w- c:\users\Packard Bell\AppData\Local\Rockstar Games
2011-12-17 13:11 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-17 13:10 . 2006-12-08 11:02 251672 ----a-w- c:\windows\SysWow64\xactengine2_5.dll
2011-12-17 12:57 . 2011-12-17 12:57 -------- d--h--w- c:\users\Packard Bell\InstallAnywhere
2011-12-17 12:31 . 2011-12-17 12:31 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Fighters
2011-12-17 12:31 . 2011-12-17 12:33 -------- d-----w- c:\programdata\Fighters
2011-12-17 12:06 . 2011-12-17 12:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-17 12:06 . 2011-12-17 12:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-17 12:06 . 2011-12-17 12:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-17 12:05 . 2011-12-17 12:05 -------- d-----w- c:\program files (x86)\Java
2011-12-17 11:52 . 2011-12-17 11:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 11:52 . 2011-12-21 15:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-12-15 19:58 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 19:49 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 19:49 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:49 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:49 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:49 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2012-01-13 07:22 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EAF920F-E9D6-48F4-A714-AE8663209FA5}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_11.00.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 04:49 . 2012-01-14 16:26 60282 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-14 16:26 43754 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-12 14:57 . 2012-01-14 16:26 16834 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188372529-2598381172-659276144-1000_UserData.bin
- 2010-10-12 14:57 . 2012-01-14 10:07 16834 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188372529-2598381172-659276144-1000_UserData.bin
+ 2011-07-24 13:40 . 2012-01-14 17:07 4930 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-24 13:40 . 2012-01-13 18:20 4930 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-01-14 17:08 . 2012-01-14 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-13 18:41 . 2012-01-14 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-13 18:41 . 2012-01-14 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-14 17:08 . 2012-01-14 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-14 10:09 620150 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-14 16:29 620150 c:\windows\system32\perfh009.dat
+ 2010-06-25 05:14 . 2012-01-14 16:29 635232 c:\windows\system32\perfh005.dat
- 2010-06-25 05:14 . 2012-01-14 10:09 635232 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-01-14 16:29 108332 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-14 10:09 108332 c:\windows\system32\perfc009.dat
- 2010-06-25 05:14 . 2012-01-14 10:09 123974 c:\windows\system32\perfc005.dat
+ 2010-06-25 05:14 . 2012-01-14 16:29 123974 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-01-14 17:07 396960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-13 18:20 396960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-29 09:30 . 2012-01-13 18:20 2559196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-8192.dat
+ 2011-05-29 09:30 . 2012-01-14 11:46 2559196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-8192.dat
- 2011-05-29 19:19 . 2011-12-31 21:22 2348784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-12288.dat
+ 2011-05-29 19:19 . 2012-01-14 17:07 2348784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-12288.dat
+ 2012-01-04 10:53 . 2012-01-04 10:53 30461440 c:\windows\Installer\2cc4f.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 9096]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-09 206208]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\n64pc7jp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A84C9E75-CB32-4928-BAB6-25460A3B19B3} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Celkový čas: 2012-01-14 18:15:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-14 17:15
.
Před spuštěním: Volných bajtů: 302 284 845 056
Po spuštění: Volných bajtů: 301 950 877 696
.
- - End Of File - - 53D1D0561341E3E79D7C6395BD3E8C36

Toto otestuj na Virustotal
c:\windows\system32\roboot64.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Tak tenhle soubor sem tam fakt nenašel,ikdyž sem dal zobrazit i skryté soubory. Takže to nevim jak na to :-/

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read Neplatný popisovač.
kernel: error reading MBR

Příspěvekod **memphisto** » 15 led 2012 11:36

Zkus do toho okna zkopírovat tu cestu

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Babylon
c:\users\Packard Bell\AppData\Roaming\Babylon

Driver::
cpuz135

File::
c:\windows\system32\drivers\cpuz135_x64.sys

Firefox::
FF - ProfilePath - c:\users\Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\n64pc7jp.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

psycho23 · Příspěvekod **psycho23** » 15 led 2012 12:26

Nechápu to, přes start když dám vyhledat roboot64 tak to najde, když ho přetáhnu na tu stránku virus total tak to nic neudělá. Když se podívám na vlastnosti roboot64 tak umístění je opravdu tam kde píšeš, ale i přesto tam neni ....

ComboFix 12-01-13.05 - Packard Bell 15.01.2012 11:48:10.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2767 [GMT 1:00]
Spuštěný z: c:\users\Packard Bell\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Packard Bell\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\cpuz135_x64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\Packard Bell\AppData\Roaming\Babylon
c:\users\Packard Bell\AppData\Roaming\Babylon\log_file.txt
c:\windows\system32\drivers\cpuz135_x64.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Service_cpuz135
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-15 do 2012-01-15 )))))))))))))))))))))))))))))))
.
.
2012-01-15 11:11 . 2012-01-15 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 11:12 . 2012-01-14 11:13 -------- d-----w- c:\program files (x86)\SpeedFan
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\programdata\Malwarebytes
2012-01-14 10:16 . 2012-01-14 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-14 10:16 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-14 10:15 . 2012-01-14 10:15 -------- d-----w- c:\users\Packard Bell\AppData\Local\ATI
2012-01-13 16:28 . 2012-01-13 16:28 388096 ----a-r- c:\users\Packard Bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-13 16:28 . 2012-01-13 16:28 -------- d-----w- c:\program files (x86)\LOG
2012-01-13 14:36 . 2012-01-13 14:36 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\JAM Software
2012-01-13 14:35 . 2012-01-13 14:35 -------- d-----w- c:\program files\CPUID
2012-01-13 14:31 . 2012-01-13 14:31 237 ----a-w- C:\user.js
2012-01-13 14:31 . 2012-01-13 14:33 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Systweak
2012-01-13 14:31 . 2011-07-07 12:26 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-01-13 14:30 . 2012-01-13 14:30 -------- d-----w- c:\program files (x86)\JAM Software
2012-01-11 12:03 . 2012-01-11 12:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-11 09:37 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 09:37 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 09:37 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 09:37 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 09:37 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 09:37 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 09:37 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 09:37 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-02 15:06 . 2012-01-02 15:06 -------- d-----w- c:\programdata\Synetic
2012-01-02 14:51 . 2012-01-02 14:51 -------- d-----w- c:\program files (x86)\City Interactive
2011-12-30 20:42 . 2011-12-30 20:42 -------- d-----w- c:\windows\Sun
2011-12-27 15:49 . 2011-12-27 16:49 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Coyotes Tale
2011-12-27 15:02 . 2011-12-27 15:02 -------- d-----w- c:\program files (x86)\IVT Corporation
2011-12-27 12:18 . 2011-12-27 12:24 -------- d-----w- c:\program files (x86)\Posel Smrti 3
2011-12-27 10:35 . 2011-12-27 15:31 -------- d-----w- c:\program files (x86)\NewFolder Software
2011-12-26 11:32 . 2011-12-26 11:32 -------- d-----w- c:\programdata\MumboJumbo
2011-12-26 11:28 . 2011-12-26 11:28 -------- d-----w- c:\program files (x86)\Jewel Quest 6 - The Sapphire Dragon - Collectors Edition
2011-12-26 11:27 . 2011-12-26 11:27 -------- d-----w- c:\program files (x86)\Luxor 4
2011-12-25 19:06 . 2011-12-25 19:06 -------- d-----w- c:\program files\SiSoftware
2011-12-25 11:15 . 2011-12-25 11:15 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-25 11:15 . 2011-12-25 11:15 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-25 11:15 . 2011-12-25 11:15 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-25 11:15 . 2011-12-25 11:15 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Špidla Data Processing, s.r.o
2011-12-23 17:05 . 2011-12-23 17:05 -------- d-----w- c:\programdata\Špidla Data Processing, s.r.o
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\Electronic Arts
2011-12-23 15:58 . 2011-12-23 15:58 -------- d-----w- c:\programdata\EA Core
2011-12-23 13:48 . 2011-12-23 13:48 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-23 13:19 . 2011-12-23 14:29 -------- d-----w- c:\users\Packard Bell\AppData\Local\Rockstar Games
2011-12-17 13:11 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-17 13:10 . 2006-12-08 11:02 251672 ----a-w- c:\windows\SysWow64\xactengine2_5.dll
2011-12-17 12:57 . 2011-12-17 12:57 -------- d--h--w- c:\users\Packard Bell\InstallAnywhere
2011-12-17 12:31 . 2011-12-17 12:31 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Fighters
2011-12-17 12:31 . 2011-12-17 12:33 -------- d-----w- c:\programdata\Fighters
2011-12-17 12:06 . 2011-12-17 12:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-17 12:06 . 2011-12-17 12:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-17 12:06 . 2011-12-17 12:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-17 12:05 . 2011-12-17 12:05 -------- d-----w- c:\program files (x86)\Java
2011-12-17 11:52 . 2011-12-17 11:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 11:52 . 2011-12-21 15:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-15 19:49 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-13 07:22 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EAF920F-E9D6-48F4-A714-AE8663209FA5}\mpengine.dll
2011-11-05 05:32 . 2011-12-15 19:49 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 19:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 22:55 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 22:55 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 22:55 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 22:55 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 22:55 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 22:55 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 22:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 19:58 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-14_11.00.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 04:49 . 2012-01-15 10:33 60694 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-15 10:33 43794 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-12 14:57 . 2012-01-15 10:33 17086 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188372529-2598381172-659276144-1000_UserData.bin
+ 2011-07-24 13:40 . 2012-01-15 11:12 4930 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-24 13:40 . 2012-01-13 18:20 4930 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-13 18:41 . 2012-01-14 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-15 11:12 . 2012-01-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-13 18:41 . 2012-01-14 10:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-15 11:12 . 2012-01-15 11:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-01-14 17:13 620150 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-14 10:09 620150 c:\windows\system32\perfh009.dat
- 2010-06-25 05:14 . 2012-01-14 10:09 635232 c:\windows\system32\perfh005.dat
+ 2010-06-25 05:14 . 2012-01-14 17:13 635232 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-01-14 17:13 108332 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-14 10:09 108332 c:\windows\system32\perfc009.dat
- 2010-06-25 05:14 . 2012-01-14 10:09 123974 c:\windows\system32\perfc005.dat
+ 2010-06-25 05:14 . 2012-01-14 17:13 123974 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-01-13 18:20 396960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-15 11:12 396960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-29 09:30 . 2012-01-13 18:20 2559196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-8192.dat
+ 2011-05-29 09:30 . 2012-01-14 11:46 2559196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-8192.dat
- 2011-05-29 19:19 . 2011-12-31 21:22 2348784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-12288.dat
+ 2011-05-29 19:19 . 2012-01-15 11:12 2348784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3188372529-2598381172-659276144-1000-12288.dat
+ 2012-01-04 10:53 . 2012-01-04 10:53 30461440 c:\windows\Installer\2cc4f.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 9096]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 135664]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-09 206208]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
"combofix"="c:\combofix\CF5118.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\n64pc7jp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A84C9E75-CB32-4928-BAB6-25460A3B19B3} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Celkový čas: 2012-01-15 12:20:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-15 11:20
.
Před spuštěním: Volných bajtů: 304 229 167 104
Po spuštění: Volných bajtů: 303 563 886 592
.
- - End Of File - - D396AB0F48C14D70364EE8F9547A5D14

Příspěvekod **memphisto** » 15 led 2012 12:33

A když zkopíruješ tu cestu pomocí CTRL+C a otevřeš stránku Virustotalu a klikneš do toho okna a vložíš pomocí CTRL+V tak to neudšlá nic?

c:\windows\system32\roboot64.exe

psycho23 · Příspěvekod **psycho23** » 15 led 2012 13:01

Když kliknu to do toho okna, tak mi hned vyskočí tabulka co chci vybrat. Zadám tedy cestu do tý tabulky a vyskočí toto

Obrázek

Ale když to vyhledám přes start, tak ho to najde

Obrázek

Ve vlastnostech je ta cesta kde by měl údajně být :idea:

Když bych ho chtěl přes start otevřít ten program, napíše to toto

Obrázek

Příspěvekod **Žbeky** » 15 led 2012 14:04

Zararuj ho, RAR si někam pro jistotu zazálohuj a původní soubor smaž.

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online