Ok... zkusím. A co dál teda?
EDIT: Funguje.
NB naběhne do Safe Modu Vyřešeno
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
File::
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys
c:\windows\Tasks\AWC AutoSweep.job
c:\windows\Tasks\AWC Startup.job
c:\windows\Tasks\AWC Update.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Norton Security Scan for marek.job
Folder::
c:\program files\Norton Security Scan
Driver::
ehdrv
epfwwfpr
Firefox::
FF - ProfilePath - c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - Ext: BS Player Community Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Za hoďku to tu je, musím teď něco vyřídit. Zedituju to.
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Dej nový příspěvek, ať si toho všimnu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Ok. Tady to je. Žádná změna... nabíhává pořád do Safe Modu.:
ComboFix 11-08-21.01 - marek 21.08.2011 19:12:56.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.2938.2392 [GMT 2:00]
Spuštěný z: c:\users\marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\marek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampPlayer.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampUninstallObserver.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampUninstallObserver.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome\winamptoolbar.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\MANIFEST.MF
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.RSA
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.SF
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.idl
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\alertSettingsComponent.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\appContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\engineContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\engineSettings.json
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\fbAlert.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\getAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\postAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\toolbarContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\unsharedAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome\bs_player.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib\xpcom.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\manifest.mf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.rsa
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.sf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.gif
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.ico
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.PNG
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.src
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\version.txt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\version.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_ehdrv
-------\Service_epfwwfpr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 17:19 . 2011-08-21 17:31 -------- d-----w- c:\users\marek\AppData\Local\temp
2011-08-21 10:49 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD855B3B-2DBB-48C7-A3B2-9D03AA38A5C8}\mpengine.dll
2011-08-11 08:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 08:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-10-27 15:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-27 15:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 07:55 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2010-09-29 07:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 22:51 . 2009-11-15 18:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-29 12:11]
.
2011-08-15 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-29 13:10]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for marek.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 07:48]
.
.
------- Doplňkový sken -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 19:31
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 19:35:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 17:35
ComboFix2.txt 2011-08-21 12:56
.
Před spuštěním: 27 732 525 056 bytes free
Po spuštění: 27 472 703 488 bytes free
.
- - End Of File - - 3291B145465ED6BE558F4F9B36D39DAA
ComboFix 11-08-21.01 - marek 21.08.2011 19:12:56.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.2938.2392 [GMT 2:00]
Spuštěný z: c:\users\marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\marek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampPlayer.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampUninstallObserver.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampUninstallObserver.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome\winamptoolbar.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\MANIFEST.MF
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.RSA
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.SF
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.idl
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\alertSettingsComponent.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\appContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\engineContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\engineSettings.json
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\fbAlert.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\getAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\postAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\toolbarContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\unsharedAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome\bs_player.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib\xpcom.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\manifest.mf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.rsa
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.sf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.gif
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.ico
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.PNG
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.src
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\version.txt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\chrome.manifest
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\install.rdf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\extensions\engine@conduit.com\version.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_ehdrv
-------\Service_epfwwfpr
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 17:19 . 2011-08-21 17:31 -------- d-----w- c:\users\marek\AppData\Local\temp
2011-08-21 10:49 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD855B3B-2DBB-48C7-A3B2-9D03AA38A5C8}\mpengine.dll
2011-08-11 08:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 08:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-10-27 15:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-27 15:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 07:55 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2010-09-29 07:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 22:51 . 2009-11-15 18:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-29 12:11]
.
2011-08-15 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-29 13:10]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for marek.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 07:48]
.
.
------- Doplňkový sken -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 19:31
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 19:35:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 17:35
ComboFix2.txt 2011-08-21 12:56
.
Před spuštěním: 27 732 525 056 bytes free
Po spuštění: 27 472 703 488 bytes free
.
- - End Of File - - 3291B145465ED6BE558F4F9B36D39DAA
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys
c:\windows\Tasks\AWC AutoSweep.job
c:\windows\Tasks\AWC Startup.job
c:\windows\Tasks\AWC Update.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Norton Security Scan for marek.job
Folder::
c:\program files\Norton Security Scan
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Chvíli to trvalo...:
ComboFix 11-08-21.01 - marek 21.08.2011 20:48:21.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.2938.2413 [GMT 2:00]
Spuštěný z: c:\users\marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\marek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:54 . 2011-08-21 18:57 -------- d-----w- c:\users\marek\AppData\Local\temp
2011-08-21 18:54 . 2011-08-21 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 10:49 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD855B3B-2DBB-48C7-A3B2-9D03AA38A5C8}\mpengine.dll
2011-08-11 08:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 08:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-10-27 15:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-27 15:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 07:55 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2010-09-29 07:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 22:51 . 2009-11-15 18:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-29 12:11]
.
2011-08-15 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-29 13:10]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for marek.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 07:48]
.
.
------- Doplňkový sken -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 20:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 21:01:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 19:01
ComboFix2.txt 2011-08-21 17:35
ComboFix3.txt 2011-08-21 12:56
.
Před spuštěním: 27 410 644 992 bytes free
Po spuštění: 27 369 086 976 bytes free
.
- - End Of File - - EA2C02F15CA2259E4BB594334863BFBD
ComboFix 11-08-21.01 - marek 21.08.2011 20:48:21.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.2938.2413 [GMT 2:00]
Spuštěný z: c:\users\marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\marek\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:54 . 2011-08-21 18:57 -------- d-----w- c:\users\marek\AppData\Local\temp
2011-08-21 18:54 . 2011-08-21 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 10:49 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD855B3B-2DBB-48C7-A3B2-9D03AA38A5C8}\mpengine.dll
2011-08-11 08:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 08:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 08:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-10-27 15:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-10-27 15:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-13 07:55 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2010-09-29 07:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 22:51 . 2009-11-15 18:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-09-29 12:11]
.
2011-08-15 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-29 13:10]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:51]
.
2011-08-18 c:\windows\Tasks\Norton Security Scan for marek.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-30 07:48]
.
.
------- Doplňkový sken -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\pdmk1l8j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 20:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a5,4d,44,17,40,37,4d,af,85,9a,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 21:01:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 19:01
ComboFix2.txt 2011-08-21 17:35
ComboFix3.txt 2011-08-21 12:56
.
Před spuštěním: 27 410 644 992 bytes free
Po spuštění: 27 369 086 976 bytes free
.
- - End Of File - - EA2C02F15CA2259E4BB594334863BFBD
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Nějak se tomu nechce. Smaž ty soubory a složku ručně
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Udělám to zítra. Jdu spát.
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Ok. Takže, včera jsem to nějak zle vypnul a po zapnutí mi vyjela nabídka co mám zapnout (win) tak jsem vybral "Spustit systém windows obvyklým spůsobem". Naběhlo zase do safe modu... Všechny složky a soubory úspěšně smazány, první dvě ovšem nebyly k nalezení.
Čístka CCleanerem hotova, to samé T-Cleanerem. Zde je HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:54, on 22.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
G:\Hijackthis\T-Cleaner.exe
C:\Windows\system32\cmd.exe
G:\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7734 bytes
A PC se chová stejně, nabíhává pořád do safe modu. To potřebuju vyřešit...
Čístka CCleanerem hotova, to samé T-Cleanerem. Zde je HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:54, on 22.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
G:\Hijackthis\T-Cleaner.exe
C:\Windows\system32\cmd.exe
G:\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7734 bytes
A PC se chová stejně, nabíhává pořád do safe modu. To potřebuju vyřešit...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Start- spustit a napiš:
msconfig
Zkontroluj v záložce spouštění , pokud nemáš nastaveno normální spouštění , tak si ho tam nastav.
Spouštění je nastaveno normální?
msconfig
Zkontroluj v záložce spouštění , pokud nemáš nastaveno normální spouštění , tak si ho tam nastav.
Spouštění je nastaveno normální?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Clorky
- Moderátor / člen HW týmu
-
Master Level 8.5
- Příspěvky: 7032
- Registrován: květen 10
- Bydliště: Moravskoslezský kraj
- Pohlaví:
- Stav:
Offline
Re: NB naběhne do Safe Modu
Aha. Díky za pomoc každopádně.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 75 hostů