kontrola HJT firemního notebooku

actionboy · Příspěvekod **actionboy** » 24 úno 2012 10:53

Ahoj, mamina má notebook, který při spuštění normálního režimu windows se seká hned od startu. V nouzovém režimu je to zdá se OK. Přikládám log z HJT, ovšem byl dělán v nouzovém režimu a vyhodil dvě chyby.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:55, on 24.2.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Alice Shy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12232 bytes

Reklama

Příspěvekod **Žbeky** » 24 úno 2012 13:41

Jaké chyby?

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

actionboy · Příspěvekod **actionboy** » 24 úno 2012 15:29

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.24.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode s podporou sítě)
Internet Explorer 8.0.7601.17514
Alice Shy :: USER-PC [administrátor]

24.2.2012 15:24:05
mbam-log-2012-02-24 (15-24-05).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186719
Uplynulý čas: 4 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Problém stále přetrvává.

Příspěvekod **Žbeky** » 24 úno 2012 15:42

Do CF na firemním ntb se mi moc nechce. Stává se to opravdu jen jednou za 10 let, ale s naším štěstím se něco podělá zrovna tady.

Buď to dej firemnímu technikovi nebo udělej CF, děláš to ale na své vlastní triko.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

actionboy · Příspěvekod **actionboy** » 24 úno 2012 18:09

ComboFix 12-02-24.02 - Alice Shy 24.02.2012 17:21:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2836 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 16:37 . 2012-02-24 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 19:22]
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18808.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 17:56:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 16:56
.
Před spuštěním: Volných bajtů: 428 825 083 904
Po spuštění: Volných bajtů: 429 125 730 304
.
- - End Of File - - 123AA8182FA8E7FDF4B5C4105531D8E3

Příspěvekod **Žbeky** » 24 úno 2012 18:23

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
C:\b9805ad3dbe23fe7943a
C:\597fc85747b80d72ac5b

Folder::
c:\program files (x86)\McAfee Security Scan

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
McComponentHostService

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm

Firefox::
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

actionboy · Příspěvekod **actionboy** » 24 úno 2012 19:08

Tak jsem to spustil, ale nevim nevim jestli to něco dělá. zelený oproužek už dlouho stojí asi centimetr od levého okraje.

Příspěvekod **Žbeky** » 24 úno 2012 19:27

Dej tomu ještě chvilku. Kdyžtak to pak udělej v nouzáku

actionboy · Příspěvekod **actionboy** » 24 úno 2012 22:06

ComboFix 12-02-24.02 - Alice Shy 24.02.2012 21:49:39.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.3000 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\McAfee Security Scan
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\config.dat
c:\program files (x86)\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files (x86)\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.db
c:\program files (x86)\McAfee Security Scan\2.0.181\sacore.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files (x86)\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files (x86)\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files (x86)\McAfee Security Scan\uninstall.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-24 do 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\597fc85747b80d72ac5b ----
.
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\597fc85747b80d72ac5b\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\597fc85747b80d72ac5b\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\597fc85747b80d72ac5b\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\597fc85747b80d72ac5b\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\597fc85747b80d72ac5b\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\597fc85747b80d72ac5b\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\597fc85747b80d72ac5b\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\597fc85747b80d72ac5b\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\597fc85747b80d72ac5b\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\597fc85747b80d72ac5b\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\597fc85747b80d72ac5b\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\597fc85747b80d72ac5b\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\597fc85747b80d72ac5b\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\597fc85747b80d72ac5b\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\597fc85747b80d72ac5b\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\597fc85747b80d72ac5b\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\597fc85747b80d72ac5b\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\597fc85747b80d72ac5b\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\597fc85747b80d72ac5b\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\597fc85747b80d72ac5b\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\597fc85747b80d72ac5b\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\597fc85747b80d72ac5b\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\597fc85747b80d72ac5b\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\597fc85747b80d72ac5b\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\597fc85747b80d72ac5b\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\597fc85747b80d72ac5b\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\597fc85747b80d72ac5b\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\597fc85747b80d72ac5b\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\597fc85747b80d72ac5b\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\597fc85747b80d72ac5b\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\597fc85747b80d72ac5b\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\597fc85747b80d72ac5b\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\597fc85747b80d72ac5b\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\597fc85747b80d72ac5b\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\597fc85747b80d72ac5b\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\597fc85747b80d72ac5b\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\597fc85747b80d72ac5b\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\597fc85747b80d72ac5b\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\597fc85747b80d72ac5b\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\597fc85747b80d72ac5b\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\597fc85747b80d72ac5b\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\597fc85747b80d72ac5b\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\597fc85747b80d72ac5b\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\597fc85747b80d72ac5b\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\597fc85747b80d72ac5b\1049\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\597fc85747b80d72ac5b\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\597fc85747b80d72ac5b\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\597fc85747b80d72ac5b\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\597fc85747b80d72ac5b\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\597fc85747b80d72ac5b\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\597fc85747b80d72ac5b\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\597fc85747b80d72ac5b\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\597fc85747b80d72ac5b\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\597fc85747b80d72ac5b\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\597fc85747b80d72ac5b\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\597fc85747b80d72ac5b\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\597fc85747b80d72ac5b\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\597fc85747b80d72ac5b\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\597fc85747b80d72ac5b\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\597fc85747b80d72ac5b\SetupUtility.exe
.
---- Directory of C:\b9805ad3dbe23fe7943a ----
.
2012-02-24 09:37 . 2012-02-24 09:37 788 ---ha-w- c:\b9805ad3dbe23fe7943a\$shtdwn$.req
2011-12-26 05:29 . 2011-12-26 05:29 37132 ----a-w- c:\b9805ad3dbe23fe7943a\1045\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36530 ----a-w- c:\b9805ad3dbe23fe7943a\1046\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37394 ----a-w- c:\b9805ad3dbe23fe7943a\1049\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36014 ----a-w- c:\b9805ad3dbe23fe7943a\1053\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36274 ----a-w- c:\b9805ad3dbe23fe7943a\1055\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28414 ----a-w- c:\b9805ad3dbe23fe7943a\2052\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37332 ----a-w- c:\b9805ad3dbe23fe7943a\2070\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37096 ----a-w- c:\b9805ad3dbe23fe7943a\3082\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37676 ----a-w- c:\b9805ad3dbe23fe7943a\1036\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 33028 ----a-w- c:\b9805ad3dbe23fe7943a\1037\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37692 ----a-w- c:\b9805ad3dbe23fe7943a\1038\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37048 ----a-w- c:\b9805ad3dbe23fe7943a\1040\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 31424 ----a-w- c:\b9805ad3dbe23fe7943a\1041\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 30504 ----a-w- c:\b9805ad3dbe23fe7943a\1042\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36850 ----a-w- c:\b9805ad3dbe23fe7943a\1043\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36546 ----a-w- c:\b9805ad3dbe23fe7943a\1044\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 34118 ----a-w- c:\b9805ad3dbe23fe7943a\1025\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\1028\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36716 ----a-w- c:\b9805ad3dbe23fe7943a\1029\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36020 ----a-w- c:\b9805ad3dbe23fe7943a\1030\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 37858 ----a-w- c:\b9805ad3dbe23fe7943a\1031\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 38668 ----a-w- c:\b9805ad3dbe23fe7943a\1032\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 36066 ----a-w- c:\b9805ad3dbe23fe7943a\1035\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 28422 ----a-w- c:\b9805ad3dbe23fe7943a\3076\LocalizedData.xml
2011-12-26 05:29 . 2011-12-26 05:29 27846 ----a-w- c:\b9805ad3dbe23fe7943a\ParameterInfo.xml
2011-12-26 05:29 . 2011-12-26 05:29 35802 ----a-w- c:\b9805ad3dbe23fe7943a\1033\LocalizedData.xml
2011-12-26 05:24 . 2011-12-26 05:24 8835072 ----a-w- c:\b9805ad3dbe23fe7943a\NDP40-KB2656351.msp
2011-12-26 04:09 . 2011-12-26 04:09 3628 ----a-w- c:\b9805ad3dbe23fe7943a\header.bmp
2011-12-26 04:09 . 2011-12-26 04:09 196662 ----a-w- c:\b9805ad3dbe23fe7943a\SplashScreen.bmp
2011-12-26 04:09 . 2011-12-26 04:09 13606 ----a-w- c:\b9805ad3dbe23fe7943a\Strings.xml
2011-12-26 04:09 . 2011-12-26 04:09 36180 ----a-w- c:\b9805ad3dbe23fe7943a\UiInfo.xml
2011-12-26 04:09 . 2011-12-26 04:09 104072 ----a-w- c:\b9805ad3dbe23fe7943a\watermark.bmp
2011-12-26 04:09 . 2011-12-26 04:09 123035 ----a-w- c:\b9805ad3dbe23fe7943a\1025\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 128333 ----a-w- c:\b9805ad3dbe23fe7943a\1028\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 101146 ----a-w- c:\b9805ad3dbe23fe7943a\1029\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109464 ----a-w- c:\b9805ad3dbe23fe7943a\1030\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 91719 ----a-w- c:\b9805ad3dbe23fe7943a\1031\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 102048 ----a-w- c:\b9805ad3dbe23fe7943a\1032\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 138595 ----a-w- c:\b9805ad3dbe23fe7943a\1033\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111176 ----a-w- c:\b9805ad3dbe23fe7943a\1035\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 133172 ----a-w- c:\b9805ad3dbe23fe7943a\1036\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125351 ----a-w- c:\b9805ad3dbe23fe7943a\1037\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110879 ----a-w- c:\b9805ad3dbe23fe7943a\1038\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 124974 ----a-w- c:\b9805ad3dbe23fe7943a\1040\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 111958 ----a-w- c:\b9805ad3dbe23fe7943a\1041\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 149503 ----a-w- c:\b9805ad3dbe23fe7943a\1042\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 35285 ----a-w- c:\b9805ad3dbe23fe7943a\1043\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 36083 ----a-w- c:\b9805ad3dbe23fe7943a\1044\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 126541 ----a-w- c:\b9805ad3dbe23fe7943a\1045\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 109574 ----a-w- c:\b9805ad3dbe23fe7943a\1046\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 49319 ----a-w- c:\b9805ad3dbe23fe7943a\1049\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125073 ----a-w- c:\b9805ad3dbe23fe7943a\1053\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 112947 ----a-w- c:\b9805ad3dbe23fe7943a\1055\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 110754 ----a-w- c:\b9805ad3dbe23fe7943a\2052\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 125196 ----a-w- c:\b9805ad3dbe23fe7943a\2070\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 2060 ----a-w- c:\b9805ad3dbe23fe7943a\3076\eula.rtf
2011-12-26 04:09 . 2011-12-26 04:09 108174 ----a-w- c:\b9805ad3dbe23fe7943a\3082\eula.rtf
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\3082\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\2052\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\2070\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1053\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1055\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1046\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1049\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1045\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1043\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18200 ----a-w- c:\b9805ad3dbe23fe7943a\1044\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 15640 ----a-w- c:\b9805ad3dbe23fe7943a\1042\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1040\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 16152 ----a-w- c:\b9805ad3dbe23fe7943a\1041\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1038\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1036\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17176 ----a-w- c:\b9805ad3dbe23fe7943a\1037\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1035\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19736 ----a-w- c:\b9805ad3dbe23fe7943a\1032\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1033\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 19224 ----a-w- c:\b9805ad3dbe23fe7943a\1031\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1030\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\1028\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 18712 ----a-w- c:\b9805ad3dbe23fe7943a\1029\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 14616 ----a-w- c:\b9805ad3dbe23fe7943a\3076\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 17688 ----a-w- c:\b9805ad3dbe23fe7943a\1025\SetupResources.dll
2011-12-26 02:51 . 2011-12-26 02:51 810256 ----a-w- c:\b9805ad3dbe23fe7943a\SetupEngine.dll
2011-12-26 02:51 . 2011-12-26 02:51 296712 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.dll
2011-12-26 02:51 . 2011-12-26 02:51 79112 ----a-w- c:\b9805ad3dbe23fe7943a\Setup.exe
2011-12-26 02:38 . 2011-12-26 02:38 16118 ----a-w- c:\b9805ad3dbe23fe7943a\DHtmlHeader.html
2011-12-26 02:38 . 2011-12-26 02:38 30120 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUi.xsd
2011-12-26 02:38 . 2011-12-26 02:38 196416 ----a-w- c:\b9805ad3dbe23fe7943a\sqmapi.dll
2011-12-25 22:00 . 2011-12-25 22:00 97048 ----a-w- c:\b9805ad3dbe23fe7943a\SetupUtility.exe
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Print.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate1.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate2.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate3.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate4.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate5.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate6.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate7.ico
2011-12-25 21:57 . 2011-12-25 21:57 894 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Rotate8.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Save.ico
2011-12-25 21:57 . 2011-12-25 21:57 36710 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\Setup.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\stop.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 1150 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\SysReqNotMet.ico
2011-12-25 21:57 . 2011-12-25 21:57 10134 ----a-w- c:\b9805ad3dbe23fe7943a\Graphics\warn.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-24 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 17:10 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-24 20:58 . 2012-02-24 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-02-24 17:10 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 17:10 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF5811.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\F-Secure\Common\FNRB32.EXE
c:\program files (x86)\F-Secure\Common\FIH32.EXE
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2012-02-24 22:05:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-24 21:05
ComboFix2.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 046 059 008
Po spuštění: Volných bajtů: 428 962 168 832
.
- - End Of File - - 472AF3433757C4B17AD7666B202B030F

Příspěvekod **jaro3** » 24 úno 2012 22:22

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\msvcrt.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

actionboy · Příspěvekod **actionboy** » 25 úno 2012 22:54

ComboFix 12-02-24.02 - Alice Shy 25.02.2012 22:12:24.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4092.2757 [GMT 1:00]
Spuštěný z: c:\users\Alice Shy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alice Shy\Desktop\CFScript.txt
AV: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus for Workstations 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-25 do 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 21:24 . 2012-02-25 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 13:42 . 2012-02-24 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 13:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:37 . 2012-02-24 09:37 -------- d-----w- C:\b9805ad3dbe23fe7943a
2012-02-22 07:32 . 2012-02-22 07:32 -------- d-----w- C:\597fc85747b80d72ac5b
2012-02-17 15:35 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-17 15:35 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-17 15:33 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 15:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 15:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-17 15:33 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 15:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-17 15:33 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:58 . 2012-02-15 17:58 -------- d-----w- c:\users\Alice Shy\AppData\Local\Solid State Networks
2012-01-29 11:27 . 2012-01-29 11:27 -------- d-----w- c:\users\Alice Shy\AppData\Roaming\COWON
2012-01-29 11:25 . 2012-01-29 11:25 -------- d-----w- c:\program files (x86)\Common Files\COWON
2012-01-29 11:24 . 2012-01-29 11:26 -------- d-----w- c:\program files (x86)\JetAudio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 13:01 . 2011-05-27 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-06 01:29 . 2012-02-25 21:07 58652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-25 21:07 64424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-29 19:07 . 2012-02-25 21:07 17408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4066432908-1446298234-410416423-1000_UserData.bin
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 19:20 . 2012-02-24 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 19:20 . 2012-02-25 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:21 . 2012-02-24 21:31 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-09 23:21 . 2012-02-24 16:38 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 21:05 . 2012-02-25 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-24 16:40 . 2012-02-24 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 656888 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 656888 c:\windows\system32\perfh009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 671184 c:\windows\system32\perfh005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 671184 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-02-24 16:18 123338 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-25 21:10 123338 c:\windows\system32\perfc009.dat
+ 2009-09-06 11:13 . 2012-02-25 21:10 142366 c:\windows\system32\perfc005.dat
- 2009-09-06 11:13 . 2012-02-24 16:18 142366 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-02-24 16:39 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-24 21:31 399108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 20:09 . 2012-02-24 21:31 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
- 2011-06-28 20:09 . 2012-02-15 15:13 1743569 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4066432908-1446298234-410416423-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2010-05-31 301744]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2010-05-31 1653424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-20 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-05-31 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-06 c:\windows\Tasks\HPCeeScheduleForAlice Shy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Alice Shy\AppData\Roaming\Mozilla\Firefox\Profiles\1ag1t18x.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
Celkový čas: 2012-02-25 22:44:17
ComboFix-quarantined-files.txt 2012-02-25 21:44
ComboFix2.txt 2012-02-24 21:05
ComboFix3.txt 2012-02-24 16:57
.
Před spuštěním: Volných bajtů: 429 003 894 784
Po spuštění: Volných bajtů: 428 959 563 776
.
- - End Of File - - CBC0F80FB4617EA59BE6D80CDC360309

Zatím mám jen log z combofixu, zítra dodám zbytek, sem ted dost časově vytížený, takže díky že jste na mě nezapomněli.

Příspěvekod **Žbeky** » 26 úno 2012 11:28

POKUD BUDE VIRUSTOTAL BEZ NÁLEZU:

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

kontrola HJT firemního notebooku

kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Re: kontrola HJT firemního notebooku

Kdo je online