ComboFix 12-06-11.02 - Bohumil 16.06.2012 15:12:09.2.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.767.353 [GMT 2:00]
Spuštěný z: c:\users\Bohumil\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bohumil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Adobe\Shockwave 11\nssstub.exe"
"c:\windows\Tasks\NSSstub.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\install.rdf
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome.manifest
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\processw.js
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\spapi.js
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\spmain.js
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.css
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.gif
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\style.xul
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\chrome\content\sup.js
c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}\install.rdf
c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
c:\windows\Tasks\NSSstub.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-16 do 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 13:19 . 2012-06-16 13:21 -------- d-----w- c:\users\Bohumil\AppData\Local\temp
2012-06-16 13:19 . 2012-06-16 13:19 -------- d-----w- c:\users\Minecraft\AppData\Local\temp
2012-06-16 13:19 . 2012-06-16 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 18:07 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AF4D1DD-AA1E-44C8-9CF2-F4A22D460E49}\mpengine.dll
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B13D59-63F0-4A01-BBC3-A3252412FB0B}\gapaengine.dll
2012-06-14 05:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 16:10 . 2012-06-13 16:10 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Unity
2012-06-13 16:06 . 2012-06-13 16:06 -------- d-----w- c:\users\Bohumil\AppData\Local\Unity
2012-06-11 11:28 . 2012-06-11 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 11:28 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 14:21 . 2012-06-10 14:44 -------- d-----w- c:\programdata\Soluto
2012-05-29 20:29 . 2012-05-29 21:01 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Games
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\windows\system32\AGEIA
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\program files\AGEIA Technologies
2012-05-26 20:26 . 2012-05-26 20:28 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Phantasmat_css_ce
2012-05-23 14:54 . 2012-05-23 14:54 -------- d-----w- c:\users\Bohumil\AppData\Roaming\StoneLoops!
2012-05-23 14:54 . 2012-05-23 14:54 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Saqqarah
2012-05-23 14:54 . 2012-05-23 14:54 -------- d-----w- c:\users\Bohumil\AppData\Roaming\PhantasmatCE
2012-05-23 14:54 . 2012-05-23 14:54 -------- d-----w- c:\users\Bohumil\AppData\Roaming\MagicMatch
2012-05-23 09:23 . 2012-05-24 15:58 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-05-23 09:23 . 2009-03-31 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2012-05-23 09:23 . 2009-03-31 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2012-05-23 09:23 . 2009-03-31 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2012-05-23 09:22 . 2012-05-23 10:23 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Samsung
2012-05-17 16:07 . 2012-05-17 16:07 -------- d-----w- c:\users\Bohumil\AppData\Roaming\VampireSaga
2012-05-17 16:06 . 2012-05-17 16:06 -------- d-----w- c:\programdata\AWEM
2012-05-17 16:06 . 2012-05-22 09:28 -------- d-----w- c:\program files\Hry.cz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:26 . 2009-11-09 17:07 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-29 20:26 . 2009-11-09 17:07 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-14 16:10 . 2012-05-14 16:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 16:10 . 2011-07-11 18:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-11 12:23 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E42C34E-0B94-4FEB-996B-5CD8BA40CFC7}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-20 18:44 . 2012-03-20 18:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-02-08 19:43 95800 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 09:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Google Update"="c:\users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4095759123-4159053333-1912431381-1000]
"EnableNotificationsRef"=dword:00000001
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a18}: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: VFT Flv: {8675f4b3-2f19-11ed-2d6b-1823600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-NSSInstallation - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4095759123-4159053333-1912431381-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,e3,95,13,41,ed,1b,a9,34,6c,04,43,14,54,ed,d2,3c,1e,a8,49,f9,
b7,cd,03,af,85,36,c4,90,f5,86,fa,88,6a,70,44,5d,8b,6d,20,10,6f,a5,4a,95,b2,\
"rkeysecu"=hex:30,9b,16,21,7f,15,b2,6f,68,1e,88,56,b7,64,64,02
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3672)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Celkový čas: 2012-06-16 15:27:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-16 13:27
ComboFix2.txt 2012-06-12 15:58
ComboFix3.txt 2012-06-11 16:59
.
Před spuštěním: Volných bajtů: 98 383 568 896
Po spuštění: Volných bajtů: 98 345 172 992
.
- - End Of File - - 3BB19A56035CB86DFE004273673EE0DC
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Monina
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:05:58, on 16.6.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\Bohumil\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
--
End of file - 4891 bytes
Scan saved at 16:05:58, on 16.6.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\Bohumil\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
--
End of file - 4891 bytes
Monina
Re: Prosím o kontrolu logu
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 16:09:36
-----------------------------
16:09:36.004 OS Version: Windows 6.0.6001 Service Pack 1
16:09:36.004 Number of processors: 1 586 0x5F03
16:09:36.004 ComputerName: BOHUMIL-PC UserName: Bohumil
16:09:36.597 Initialize success
16:09:39.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:09:39.487 Disk 0 Vendor: ST3320820AS 3.AAD Size: 305245MB BusType: 3
16:09:39.502 Disk 0 MBR read successfully
16:09:39.502 Disk 0 MBR scan
16:09:39.518 Disk 0 Windows VISTA default MBR code
16:09:39.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
16:09:39.518 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
16:09:41.593 Disk 0 scanning sectors +625121280
16:09:41.811 Disk 0 scanning C:\Windows\system32\drivers
16:09:48.192 Service scanning
16:09:59.517 Service MpKsl0f555dd6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9889975-9E67-4D2E-94F0-C6C47A8A2E68}\MpKsl0f555dd6.sys **LOCKED** 32
16:10:04.806 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:10:08.955 Modules scanning
16:10:21.529 Disk 0 trace - called modules:
16:10:21.560 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x855111f8]<<
16:10:21.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856bcac8]
16:10:21.576 3 CLASSPNP.SYS[875c3745] -> nt!IofCallDriver -> [0x85668918]
16:10:21.576 5 acpi.sys[839376a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85643ba0]
16:10:21.591 \Driver\atapi[0x84bbace8] -> IRP_MJ_CREATE -> 0x855111f8
16:10:21.591 Scan finished successfully
16:13:42.207 Disk 0 MBR has been saved successfully to "C:\Users\Bohumil\Desktop\MBR.dat"
16:13:42.301 The log file has been saved successfully to "C:\Users\Bohumil\Desktop\aswMBR.txt"
Run date: 2012-06-16 16:09:36
-----------------------------
16:09:36.004 OS Version: Windows 6.0.6001 Service Pack 1
16:09:36.004 Number of processors: 1 586 0x5F03
16:09:36.004 ComputerName: BOHUMIL-PC UserName: Bohumil
16:09:36.597 Initialize success
16:09:39.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:09:39.487 Disk 0 Vendor: ST3320820AS 3.AAD Size: 305245MB BusType: 3
16:09:39.502 Disk 0 MBR read successfully
16:09:39.502 Disk 0 MBR scan
16:09:39.518 Disk 0 Windows VISTA default MBR code
16:09:39.518 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
16:09:39.518 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930
16:09:41.593 Disk 0 scanning sectors +625121280
16:09:41.811 Disk 0 scanning C:\Windows\system32\drivers
16:09:48.192 Service scanning
16:09:59.517 Service MpKsl0f555dd6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9889975-9E67-4D2E-94F0-C6C47A8A2E68}\MpKsl0f555dd6.sys **LOCKED** 32
16:10:04.806 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:10:08.955 Modules scanning
16:10:21.529 Disk 0 trace - called modules:
16:10:21.560 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x855111f8]<<
16:10:21.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856bcac8]
16:10:21.576 3 CLASSPNP.SYS[875c3745] -> nt!IofCallDriver -> [0x85668918]
16:10:21.576 5 acpi.sys[839376a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85643ba0]
16:10:21.591 \Driver\atapi[0x84bbace8] -> IRP_MJ_CREATE -> 0x855111f8
16:10:21.591 Scan finished successfully
16:13:42.207 Disk 0 MBR has been saved successfully to "C:\Users\Bohumil\Desktop\MBR.dat"
16:13:42.301 The log file has been saved successfully to "C:\Users\Bohumil\Desktop\aswMBR.txt"
Monina
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Návod
Kód: Vybrat vše
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
Folder::
C:\Program Files\Spyware Terminator
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 12-06-20.02 - Bohumil 22.06.2012 20:20:45.2.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.767.342 [GMT 2:00]
Spuštěný z: c:\users\Bohumil\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bohumil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Spyware Terminator\sp_rsser.exe"
"c:\users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
c:\program files\Spyware Terminator\BIN_STQUAR.SPT
c:\program files\Spyware Terminator\BIN_STUIUS.SPT
c:\program files\Spyware Terminator\history.txt
c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
c:\program files\Spyware Terminator\languages\ST_CZECH.cab
c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
c:\program files\Spyware Terminator\languages\ST_POLISH.cab
c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Spyware Terminator\sptcontmenu.dll
c:\program files\Spyware Terminator\sptcontscan.txt
c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\Spyware Terminator\STShell.dll
c:\program files\Spyware Terminator\TorrentDll.dll
c:\program files\Spyware Terminator\unins001.dat
c:\program files\Spyware Terminator\unins001.exe
c:\program files\Spyware Terminator\unins001.msg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_sp_rssrv
-------\Legacy_sp_rssrv
-------\Service_sp_rssrv
-------\Service_sp_rssrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-22 do 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 18:28 . 2012-06-22 18:28 -------- d-----w- c:\users\Minecraft\AppData\Local\temp
2012-06-22 18:28 . 2012-06-22 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 14:44 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{288AB993-F33E-4C63-A82D-FC3CADFBC1A6}\mpengine.dll
2012-06-17 19:37 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 14:09 . 2012-06-16 14:09 -------- d-----w- c:\users\Bohumil\AppData\Local\CrashDumps
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B13D59-63F0-4A01-BBC3-A3252412FB0B}\gapaengine.dll
2012-06-13 16:10 . 2012-06-13 16:10 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Unity
2012-06-13 16:06 . 2012-06-13 16:06 -------- d-----w- c:\users\Bohumil\AppData\Local\Unity
2012-06-11 11:28 . 2012-06-11 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 11:28 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 14:21 . 2012-06-10 14:44 -------- d-----w- c:\programdata\Soluto
2012-05-29 20:29 . 2012-05-29 21:01 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Games
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\windows\system32\AGEIA
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\program files\AGEIA Technologies
2012-05-26 20:26 . 2012-05-26 20:28 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Phantasmat_css_ce
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:26 . 2009-11-09 17:07 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-29 20:26 . 2009-11-09 17:07 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-14 16:10 . 2012-05-14 16:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 16:10 . 2011-07-11 18:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-11 12:23 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E42C34E-0B94-4FEB-996B-5CD8BA40CFC7}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-02-08 19:43 95800 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 09:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4095759123-4159053333-1912431381-1000]
"EnableNotificationsRef"=dword:00000001
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a18}: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: VFT Flv: {8675f4b3-2f19-11ed-2d6b-1823600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{56736259-613E-4A3B-B428-6235F2E76F44}_is1 - c:\program files\Spyware Terminator\unins001.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4095759123-4159053333-1912431381-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,e3,95,13,41,ed,1b,a9,34,6c,04,43,14,54,ed,d2,3c,1e,a8,49,f9,
b7,cd,03,af,85,36,c4,90,f5,86,fa,88,6a,70,44,5d,8b,6d,20,10,6f,a5,4a,95,b2,\
"rkeysecu"=hex:30,9b,16,21,7f,15,b2,6f,68,1e,88,56,b7,64,64,02
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2804)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Celkový čas: 2012-06-22 20:37:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-22 18:37
ComboFix2.txt 2012-06-16 13:27
ComboFix3.txt 2012-06-12 15:58
ComboFix4.txt 2012-06-11 16:59
.
Před spuštěním: Volných bajtů: 99 334 209 536
Po spuštění: Volných bajtů: 99 012 714 496
.
- - End Of File - - 6F42120B71110518C3A917976B11FB36
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.767.342 [GMT 2:00]
Spuštěný z: c:\users\Bohumil\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Bohumil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Spyware Terminator\sp_rsser.exe"
"c:\users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Spyware Terminator
c:\program files\Spyware Terminator\BIN_RSCSDA.SPF
c:\program files\Spyware Terminator\BIN_STQUAR.SPT
c:\program files\Spyware Terminator\BIN_STUIUS.SPT
c:\program files\Spyware Terminator\history.txt
c:\program files\Spyware Terminator\languages\ST_BRAZILIANS.cab
c:\program files\Spyware Terminator\languages\ST_CATALAN.cab
c:\program files\Spyware Terminator\languages\ST_CZECH.cab
c:\program files\Spyware Terminator\languages\ST_DUTCH.cab
c:\program files\Spyware Terminator\languages\ST_ENGLISH.cab
c:\program files\Spyware Terminator\languages\ST_FRENCH.cab
c:\program files\Spyware Terminator\languages\ST_GERMAN.cab
c:\program files\Spyware Terminator\languages\ST_HUNGARIAN.cab
c:\program files\Spyware Terminator\languages\ST_ITALIANO.cab
c:\program files\Spyware Terminator\languages\ST_POLISH.cab
c:\program files\Spyware Terminator\languages\ST_PORTUGUESE.cab
c:\program files\Spyware Terminator\languages\ST_RUSSIAN.cab
c:\program files\Spyware Terminator\languages\ST_SPANISH.cab
c:\program files\Spyware Terminator\languages\ST_VALENCIAN.cab
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Spyware Terminator\sptcontmenu.dll
c:\program files\Spyware Terminator\sptcontscan.txt
c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\Spyware Terminator\STShell.dll
c:\program files\Spyware Terminator\TorrentDll.dll
c:\program files\Spyware Terminator\unins001.dat
c:\program files\Spyware Terminator\unins001.exe
c:\program files\Spyware Terminator\unins001.msg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_sp_rssrv
-------\Legacy_sp_rssrv
-------\Service_sp_rssrv
-------\Service_sp_rssrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-22 do 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 18:28 . 2012-06-22 18:28 -------- d-----w- c:\users\Minecraft\AppData\Local\temp
2012-06-22 18:28 . 2012-06-22 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 14:44 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{288AB993-F33E-4C63-A82D-FC3CADFBC1A6}\mpengine.dll
2012-06-17 19:37 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 14:09 . 2012-06-16 14:09 -------- d-----w- c:\users\Bohumil\AppData\Local\CrashDumps
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-14 05:15 . 2012-05-14 16:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B13D59-63F0-4A01-BBC3-A3252412FB0B}\gapaengine.dll
2012-06-13 16:10 . 2012-06-13 16:10 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Unity
2012-06-13 16:06 . 2012-06-13 16:06 -------- d-----w- c:\users\Bohumil\AppData\Local\Unity
2012-06-11 11:28 . 2012-06-11 11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 11:28 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 14:21 . 2012-06-10 14:44 -------- d-----w- c:\programdata\Soluto
2012-05-29 20:29 . 2012-05-29 21:01 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Games
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\windows\system32\AGEIA
2012-05-29 20:17 . 2012-05-29 20:17 -------- d-----w- c:\program files\AGEIA Technologies
2012-05-26 20:26 . 2012-05-26 20:28 -------- d-----w- c:\users\Bohumil\AppData\Roaming\Phantasmat_css_ce
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 20:26 . 2009-11-09 17:07 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-29 20:26 . 2009-11-09 17:07 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-14 16:10 . 2012-05-14 16:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 16:10 . 2011-07-11 18:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-05-11 12:23 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E42C34E-0B94-4FEB-996B-5CD8BA40CFC7}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-02-08 19:43 95800 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 09:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4095759123-4159053333-1912431381-1000]
"EnableNotificationsRef"=dword:00000001
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Bohumil\AppData\Roaming\Mozilla\Firefox\Profiles\bijxylmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a18}: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: VFT Flv: {8675f4b3-2f19-11ed-2d6b-1823600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{56736259-613E-4A3B-B428-6235F2E76F44}_is1 - c:\program files\Spyware Terminator\unins001.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4095759123-4159053333-1912431381-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,e3,95,13,41,ed,1b,a9,34,6c,04,43,14,54,ed,d2,3c,1e,a8,49,f9,
b7,cd,03,af,85,36,c4,90,f5,86,fa,88,6a,70,44,5d,8b,6d,20,10,6f,a5,4a,95,b2,\
"rkeysecu"=hex:30,9b,16,21,7f,15,b2,6f,68,1e,88,56,b7,64,64,02
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2804)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Celkový čas: 2012-06-22 20:37:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-22 18:37
ComboFix2.txt 2012-06-16 13:27
ComboFix3.txt 2012-06-12 15:58
ComboFix4.txt 2012-06-11 16:59
.
Před spuštěním: Volných bajtů: 99 334 209 536
Po spuštění: Volných bajtů: 99 012 714 496
.
- - End Of File - - 6F42120B71110518C3A917976B11FB36
Monina
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:15, on 17.6.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\Bohumil\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
--
End of file - 4167 bytes
Scan saved at 21:23:15, on 17.6.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\Bohumil\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
--
End of file - 4167 bytes
Monina
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Ten log z HJT je starý , chtěl jsem nový , ale snad je vše OK.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Aktualizuj javu:
Java SE Runtime Environment 7
Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Aktualizuj javu:
Java SE Runtime Environment 7
Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Takto Cmb nemůžu smazat,protože jsem ho blbě stáhla do downoladu a následně přemístila na plochu.Počítač mi píše, že nemůže najít soubor.Mám ho odstranit přes ovládací panely, nebo jen tak do koše?
Jinak dík za velikou pomoc.
Jinak dík za velikou pomoc.
Monina
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu Vyřešeno
jen tak , ale ještě pak použij tohle:
Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 24 hostů