Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu

Příspěvekod Dymon » 16 bře 2011 21:27

Zdravím, prosím o kontrolu logu HJT, protože se mi zdá, že v poslední době mám přehnaně vytížené paměti RAM. Teď je to 50% (z celkových 4GB - 32bit systém takže 3,25 GB) při spuštěné pouze opeře.
Vytížení paměti.jpg


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:12, on 16.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\system32\taskhost.exe
E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Windows\WindowsMobile\wmdc.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files\Opera\opera.exe
E:\Windows\system32\taskmgr.exe
Z:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - E:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - E:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - E:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [BCU] "E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] E:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - E:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A0AB6A-4BEE-4C5B-9C14-E39BD6F54551}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - E:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - E:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - Z:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - E:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: JMB36X - Unknown owner - E:\Windows\System32\XSrvSetup.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 9159 bytes
Nahoru
Reklama
Top
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 00:21

Dej si zobrazit procesy všech uživatelů a hned uvidíš kolik jich je. Odinstaluj Daemon Tools Toolbar a VShare Toolbar

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Dymon » 17 bře 2011 15:33

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6076

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.3.2011 15:32:05
mbam-log-2011-03-17 (15-32-05).txt

Typ kontroly: Rychlý test
Testované objekty: 154642
Uplynulý čas: 3 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Kontrolu přes Dr. Web CureIt udělám k večeru.
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 16:24

Kašli na něj a udělej ...

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Dymon » 17 bře 2011 18:26

ComboFix 11-03-16.06 - Petr 17.03.2011 18:20:02.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3326.1975 [GMT 1:00]
Spuštěný z: e:\users\Petr\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files\ESET\MiNODLogin
e:\program files\ESET\MiNODLogin\MiNODLogin.exe
e:\program files\ESET\MiNODLogin\MiNODLogin.jar
e:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
e:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
e:\program files\ESET\MiNODLogin\servidores.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-17 do 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 17:24 . 2011-03-17 17:24 -------- d-----w- e:\users\Default\AppData\Local\temp
2011-03-17 14:25 . 2011-03-17 14:25 -------- d-----w- e:\users\Petr\DoctorWeb
2011-03-16 20:25 . 2011-03-16 20:25 388096 ----a-r- e:\users\Petr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 15:44 . 2011-03-16 15:44 -------- d-----w- e:\users\Petr\AppData\Local\Ubisoft Game Launcher
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\program files\SystemRequirementsLab
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\users\Petr\SystemRequirementsLab
2011-03-15 19:31 . 2011-02-11 06:54 5943120 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{A1134CD0-B5E0-4B4B-A118-D441E99A9CBA}\mpengine.dll
2011-03-15 18:35 . 2011-03-15 18:35 -------- d-----w- e:\users\Petr\AppData\Roaming\PunkBuster
2011-03-13 20:25 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Publish Providers
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- e:\programdata\Sony
2011-03-13 15:14 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Sony
2011-03-13 15:14 . 2011-03-13 15:14 -------- d-----w- e:\users\Petr\AppData\Local\Sony
2011-03-13 15:10 . 2011-03-13 15:19 -------- d-----w- e:\program files\Sony
2011-03-13 14:25 . 2011-03-13 14:25 -------- d-----w- e:\program files\Sony Setup
2011-03-10 13:08 . 2011-03-10 13:08 282756 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-10 13:08 . 2011-03-10 13:08 163972 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-10 13:08 . 2002-12-05 13:12 692224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-10 13:08 . 2002-12-05 13:10 155648 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-10 13:08 . 2002-12-02 14:22 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-10 13:08 . 2002-12-02 12:33 57344 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-10 13:08 . 2002-12-02 12:33 237568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-10 12:34 . 2011-03-10 12:34 -------- d-----w- e:\programdata\Trymedia
2011-03-09 11:42 . 2011-03-09 11:42 -------- d-----w- E:\Fraps
2011-03-09 07:55 . 2011-02-19 05:33 802304 ----a-w- e:\windows\system32\FntCache.dll
2011-03-09 07:55 . 2011-02-19 05:32 1074176 ----a-w- e:\windows\system32\DWrite.dll
2011-03-09 07:55 . 2011-02-19 05:32 739840 ----a-w- e:\windows\system32\d2d1.dll
2011-03-09 07:55 . 2010-12-23 05:28 642048 ----a-w- e:\windows\system32\CPFilters.dll
2011-03-09 07:55 . 2010-12-23 05:28 534528 ----a-w- e:\windows\system32\EncDec.dll
2011-03-09 07:55 . 2010-12-23 05:28 850432 ----a-w- e:\windows\system32\sbe.dll
2011-03-09 07:55 . 2010-12-23 05:24 199680 ----a-w- e:\windows\system32\mpg2splt.ax
2011-03-09 07:55 . 2010-12-18 05:30 2690560 ----a-w- e:\windows\system32\mstscax.dll
2011-03-09 07:55 . 2010-12-18 05:26 1034240 ----a-w- e:\windows\system32\mstsc.exe
2011-03-08 16:53 . 2011-03-08 17:31 -------- d-----w- e:\users\Petr\AppData\Local\Canon Easy-PhotoPrint EX
2011-03-08 16:53 . 2011-03-08 16:53 -------- d--h--w- e:\programdata\CanonIJEPPEX
2011-03-08 16:31 . 2011-03-08 21:57 -------- d-----w- e:\programdata\CanonIJPLM
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJSolutionMenuEX
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonEPP
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJMyPrinter
2011-03-08 16:27 . 2011-03-08 16:27 -------- d-----w- e:\programdata\CanonIJMSetup
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\program files\Common Files\CANON
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\programdata\CanonIJWSpt
2011-03-08 16:20 . 2011-03-08 16:31 -------- d-----w- e:\program files\Canon
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\windows\system32\CanonIJ Uninstaller Information
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\programdata\CanonBJ
2011-03-08 16:06 . 2010-08-25 04:00 73216 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2011-03-08 16:06 . 2010-08-25 04:00 27648 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2011-03-08 16:05 . 2010-08-25 04:00 290816 ----a-w- e:\windows\system32\CNMLMAD.DLL
2011-03-08 16:05 . 2010-03-18 18:25 307200 ----a-w- e:\windows\system32\CNC5100L.dll
2011-03-08 16:05 . 2010-03-18 16:12 1335296 ----a-w- e:\windows\system32\CNC5100C.dll
2011-03-08 16:05 . 2010-03-18 16:12 114688 ----a-w- e:\windows\system32\CNC5100I.dll
2011-03-08 16:05 . 2010-03-18 16:11 106496 ----a-w- e:\windows\system32\CNC5100U.dll
2011-03-08 16:05 . 2008-08-25 17:02 15872 ----a-w- e:\windows\system32\CNHMCA.dll
2011-03-07 11:47 . 2011-03-07 11:47 -------- d-----w- e:\program files\Common Files\Java
2011-03-07 11:22 . 2011-03-07 11:22 -------- d-----w- e:\programdata\McAfee
2011-03-06 10:53 . 2011-03-06 10:53 -------- d-----w- e:\users\Petr\AppData\Roaming\Ubisoft
2011-03-06 09:32 . 2011-03-17 15:16 -------- d-----w- e:\program files\Ubisoft
2011-03-05 17:11 . 2011-03-05 17:11 -------- d-----w- e:\users\Petr\AppData\Local\Activision
2011-03-05 11:23 . 2011-03-05 11:47 -------- d-----w- e:\users\Petr\AppData\Roaming\TeamViewer
2011-03-05 11:18 . 2011-03-05 11:18 -------- d-----w- e:\program files\TeamViewer
2011-03-03 20:21 . 2011-03-03 20:21 -------- d-----w- e:\program files\Common Files\Skype
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\programdata\Blizzard Entertainment
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2011-02-25 22:10 . 2011-02-25 22:10 -------- d-----w- e:\programdata\BioWare
2011-02-25 21:14 . 2011-02-25 21:14 -------- d-----w- e:\windows\1C4551A64743409391E41477CD655043.TMP
2011-02-25 21:14 . 2011-02-25 21:14 -------- d-----w- e:\programdata\Media Center Programs
2011-02-25 17:02 . 2011-02-25 17:02 -------- d-----w- e:\users\Petr\AppData\Local\My Games
2011-02-23 20:00 . 2010-09-14 06:07 276992 ----a-w- e:\windows\system32\wcncsvc.dll
2011-02-23 19:41 . 2011-02-23 19:45 -------- d-----w- e:\program files\SopCast
2011-02-23 14:17 . 2011-01-07 07:31 442880 ----a-w- e:\windows\system32\XpsPrint.dll
2011-02-23 14:17 . 2011-01-07 07:31 288256 ----a-w- e:\windows\system32\XpsGdiConverter.dll
2011-02-22 20:21 . 2011-02-22 20:21 -------- d-----w- e:\program files\vShare
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\users\Petr\AppData\Local\Google
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\program files\Google
2011-02-18 18:51 . 2011-02-18 18:53 -------- d-----w- e:\users\Petr\AppData\Local\Microsoft Games
2011-02-18 16:18 . 2011-02-18 16:19 -------- d-----w- e:\windows\WindowsMobile
2011-02-18 15:25 . 2011-02-18 15:40 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2011-02-18 15:23 . 2011-02-18 15:23 -------- dc-h--w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-02-16 15:51 . 2011-03-05 20:54 -------- d-----w- e:\users\Petr\AppData\Local\Rawr
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 14:05 . 2011-01-15 22:11 17488 ----a-w- e:\windows\gdrv.sys
2011-03-16 14:09 . 2011-02-09 09:06 189248 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-03-16 14:09 . 2011-02-09 09:06 75136 ----a-w- e:\windows\system32\PnkBstrA.exe
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\users\Petr\AppData\Roaming\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:06 669184 ----a-w- e:\windows\system32\pbsvc.exe
2011-02-09 17:06 . 2011-02-09 17:06 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2011-02-03 23:07 . 2011-02-03 23:07 218176 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 05:45 . 2011-02-09 08:58 219008 ----a-w- e:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2011-01-15 22:19 472808 ----a-w- e:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2011-01-15 20:50 222080 ------w- e:\windows\system32\MpSigStub.exe
2011-01-22 22:09 . 2011-01-22 22:09 445016 ----a-w- e:\windows\system32\wrap_oal.dll
2011-01-22 22:09 . 2011-01-22 22:09 109144 ----a-w- e:\windows\system32\OpenAL32.dll
2011-01-07 07:27 . 2011-02-09 08:59 34304 ----a-w- e:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 08:59 294400 ----a-w- e:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 08:59 428032 ----a-w- e:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 08:59 2329088 ----a-w- e:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 08:59 73728 ----a-w- e:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 08:59 51200 ----a-w- e:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 08:59 981504 ----a-w- e:\windows\system32\wininet.dll
2010-12-21 05:38 . 2011-02-09 08:59 350720 ----a-w- e:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 08:59 204800 ----a-w- e:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 08:59 204288 ----a-w- e:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 08:59 14336 ----a-w- e:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 08:59 1389568 ----a-w- e:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 08:59 1236992 ----a-w- e:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 08:59 80384 ----a-w- e:\windows\system32\davclnt.dll
2010-12-20 17:09 . 2011-02-10 18:47 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-02-10 18:47 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-12-18 05:29 . 2011-02-09 08:59 44544 ----a-w- e:\windows\system32\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 08:59 541184 ----a-w- e:\windows\system32\kerberos.dll
2010-12-18 04:20 . 2011-02-09 08:59 386048 ----a-w- e:\windows\system32\html.iec
2010-12-18 03:47 . 2011-02-09 08:59 1638912 ----a-w- e:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="e:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"RtHDVCpl"="e:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="e:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="e:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-12-09 22:22 745472 ----a-w- e:\program files\AquaSnap\AquaSnap.Daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-05 09:09 1305408 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- e:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JMB36X;JMB36X;e:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 WatAdminSvc;Služba Technologie aktivace Windows;e:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-03 218176]
S1 ehdrv;ehdrv;e:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BCUService;Browser Configuration Utility Service;e:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 eamonm;eamonm;e:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-18 810144]
S2 epfwwfp;epfwwfp;e:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ES lite Service;ES lite Service for program management.;e:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 TeamViewer6;TeamViewer 6;e:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;e:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - DWPROT
*Deregistered* - Dwsh00007A64
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
IE: Stáhnout pomocí &BitSpiritu - e:\program files\BitSpirit\bsurl.htm
TCP: {C9A0AB6A-4BEE-4C5B-9C14-E39BD6F54551} = 62.129.50.20,85.135.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-facemoods - e:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
AddRemove-MiNODLogin - e:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-03-17 18:25:11
ComboFix-quarantined-files.txt 2011-03-17 17:25
.
Před spuštěním: Volných bajtů: 74 306 596 864
Po spuštění: Volných bajtů: 73 916 751 872
.
- - End Of File - - 1B482DCE605A4E357B972C093C23F814
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 18:50

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
e:\programdata\McAfee

DirLook::
e:\windows\1C4551A64743409391E41477CD655043.TMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-

DDS::
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Dymon » 17 bře 2011 19:04

ComboFix 11-03-16.06 - Petr 17.03.2011 18:55:51.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3326.1943 [GMT 1:00]
Spuštěný z: e:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: e:\users\Petr\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\programdata\McAfee
e:\programdata\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-17 do 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 17:59 . 2011-03-17 17:59 -------- d-----w- e:\users\Default\AppData\Local\temp
2011-03-17 14:25 . 2011-03-17 14:25 -------- d-----w- e:\users\Petr\DoctorWeb
2011-03-16 20:25 . 2011-03-16 20:25 388096 ----a-r- e:\users\Petr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 15:44 . 2011-03-16 15:44 -------- d-----w- e:\users\Petr\AppData\Local\Ubisoft Game Launcher
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\program files\SystemRequirementsLab
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\users\Petr\SystemRequirementsLab
2011-03-15 19:31 . 2011-02-11 06:54 5943120 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{A1134CD0-B5E0-4B4B-A118-D441E99A9CBA}\mpengine.dll
2011-03-15 18:35 . 2011-03-15 18:35 -------- d-----w- e:\users\Petr\AppData\Roaming\PunkBuster
2011-03-13 20:25 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Publish Providers
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- e:\programdata\Sony
2011-03-13 15:14 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Sony
2011-03-13 15:14 . 2011-03-13 15:14 -------- d-----w- e:\users\Petr\AppData\Local\Sony
2011-03-13 15:10 . 2011-03-13 15:19 -------- d-----w- e:\program files\Sony
2011-03-13 14:25 . 2011-03-13 14:25 -------- d-----w- e:\program files\Sony Setup
2011-03-10 13:08 . 2011-03-10 13:08 282756 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-10 13:08 . 2011-03-10 13:08 163972 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-10 13:08 . 2002-12-05 13:12 692224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-10 13:08 . 2002-12-05 13:10 155648 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-10 13:08 . 2002-12-02 14:22 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-10 13:08 . 2002-12-02 12:33 57344 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-10 13:08 . 2002-12-02 12:33 237568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-10 12:34 . 2011-03-10 12:34 -------- d-----w- e:\programdata\Trymedia
2011-03-09 11:42 . 2011-03-09 11:42 -------- d-----w- E:\Fraps
2011-03-09 07:55 . 2011-02-19 05:33 802304 ----a-w- e:\windows\system32\FntCache.dll
2011-03-09 07:55 . 2011-02-19 05:32 1074176 ----a-w- e:\windows\system32\DWrite.dll
2011-03-09 07:55 . 2011-02-19 05:32 739840 ----a-w- e:\windows\system32\d2d1.dll
2011-03-09 07:55 . 2010-12-23 05:28 642048 ----a-w- e:\windows\system32\CPFilters.dll
2011-03-09 07:55 . 2010-12-23 05:28 534528 ----a-w- e:\windows\system32\EncDec.dll
2011-03-09 07:55 . 2010-12-23 05:28 850432 ----a-w- e:\windows\system32\sbe.dll
2011-03-09 07:55 . 2010-12-23 05:24 199680 ----a-w- e:\windows\system32\mpg2splt.ax
2011-03-09 07:55 . 2010-12-18 05:30 2690560 ----a-w- e:\windows\system32\mstscax.dll
2011-03-09 07:55 . 2010-12-18 05:26 1034240 ----a-w- e:\windows\system32\mstsc.exe
2011-03-08 16:53 . 2011-03-08 17:31 -------- d-----w- e:\users\Petr\AppData\Local\Canon Easy-PhotoPrint EX
2011-03-08 16:53 . 2011-03-08 16:53 -------- d--h--w- e:\programdata\CanonIJEPPEX
2011-03-08 16:31 . 2011-03-08 21:57 -------- d-----w- e:\programdata\CanonIJPLM
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJSolutionMenuEX
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonEPP
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJMyPrinter
2011-03-08 16:27 . 2011-03-08 16:27 -------- d-----w- e:\programdata\CanonIJMSetup
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\program files\Common Files\CANON
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\programdata\CanonIJWSpt
2011-03-08 16:20 . 2011-03-08 16:31 -------- d-----w- e:\program files\Canon
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\windows\system32\CanonIJ Uninstaller Information
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\programdata\CanonBJ
2011-03-08 16:06 . 2010-08-25 04:00 73216 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2011-03-08 16:06 . 2010-08-25 04:00 27648 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2011-03-08 16:05 . 2010-08-25 04:00 290816 ----a-w- e:\windows\system32\CNMLMAD.DLL
2011-03-08 16:05 . 2010-03-18 18:25 307200 ----a-w- e:\windows\system32\CNC5100L.dll
2011-03-08 16:05 . 2010-03-18 16:12 1335296 ----a-w- e:\windows\system32\CNC5100C.dll
2011-03-08 16:05 . 2010-03-18 16:12 114688 ----a-w- e:\windows\system32\CNC5100I.dll
2011-03-08 16:05 . 2010-03-18 16:11 106496 ----a-w- e:\windows\system32\CNC5100U.dll
2011-03-08 16:05 . 2008-08-25 17:02 15872 ----a-w- e:\windows\system32\CNHMCA.dll
2011-03-07 11:47 . 2011-03-07 11:47 -------- d-----w- e:\program files\Common Files\Java
2011-03-06 10:53 . 2011-03-06 10:53 -------- d-----w- e:\users\Petr\AppData\Roaming\Ubisoft
2011-03-06 09:32 . 2011-03-17 15:16 -------- d-----w- e:\program files\Ubisoft
2011-03-05 17:11 . 2011-03-05 17:11 -------- d-----w- e:\users\Petr\AppData\Local\Activision
2011-03-05 11:23 . 2011-03-05 11:47 -------- d-----w- e:\users\Petr\AppData\Roaming\TeamViewer
2011-03-05 11:18 . 2011-03-05 11:18 -------- d-----w- e:\program files\TeamViewer
2011-03-03 20:21 . 2011-03-03 20:21 -------- d-----w- e:\program files\Common Files\Skype
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\programdata\Blizzard Entertainment
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2011-02-25 22:10 . 2011-02-25 22:10 -------- d-----w- e:\programdata\BioWare
2011-02-25 21:14 . 2011-02-25 21:14 -------- d-----w- e:\windows\1C4551A64743409391E41477CD655043.TMP
2011-02-25 21:14 . 2011-02-25 21:14 -------- d-----w- e:\programdata\Media Center Programs
2011-02-25 17:02 . 2011-02-25 17:02 -------- d-----w- e:\users\Petr\AppData\Local\My Games
2011-02-23 20:00 . 2010-09-14 06:07 276992 ----a-w- e:\windows\system32\wcncsvc.dll
2011-02-23 19:41 . 2011-02-23 19:45 -------- d-----w- e:\program files\SopCast
2011-02-23 14:17 . 2011-01-07 07:31 442880 ----a-w- e:\windows\system32\XpsPrint.dll
2011-02-23 14:17 . 2011-01-07 07:31 288256 ----a-w- e:\windows\system32\XpsGdiConverter.dll
2011-02-22 20:21 . 2011-02-22 20:21 -------- d-----w- e:\program files\vShare
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\users\Petr\AppData\Local\Google
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\program files\Google
2011-02-18 18:51 . 2011-02-18 18:53 -------- d-----w- e:\users\Petr\AppData\Local\Microsoft Games
2011-02-18 16:18 . 2011-02-18 16:19 -------- d-----w- e:\windows\WindowsMobile
2011-02-18 15:25 . 2011-02-18 15:40 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2011-02-18 15:23 . 2011-02-18 15:23 -------- dc-h--w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-02-16 15:51 . 2011-03-05 20:54 -------- d-----w- e:\users\Petr\AppData\Local\Rawr
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 18:00 . 2011-01-15 22:11 17488 ----a-w- e:\windows\gdrv.sys
2011-03-16 14:09 . 2011-02-09 09:06 189248 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-03-16 14:09 . 2011-02-09 09:06 75136 ----a-w- e:\windows\system32\PnkBstrA.exe
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\users\Petr\AppData\Roaming\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:06 669184 ----a-w- e:\windows\system32\pbsvc.exe
2011-02-09 17:06 . 2011-02-09 17:06 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2011-02-03 23:07 . 2011-02-03 23:07 218176 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 05:45 . 2011-02-09 08:58 219008 ----a-w- e:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2011-01-15 22:19 472808 ----a-w- e:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2011-01-15 20:50 222080 ------w- e:\windows\system32\MpSigStub.exe
2011-01-22 22:09 . 2011-01-22 22:09 445016 ----a-w- e:\windows\system32\wrap_oal.dll
2011-01-22 22:09 . 2011-01-22 22:09 109144 ----a-w- e:\windows\system32\OpenAL32.dll
2011-01-07 07:27 . 2011-02-09 08:59 34304 ----a-w- e:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 08:59 294400 ----a-w- e:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 08:59 428032 ----a-w- e:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 08:59 2329088 ----a-w- e:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 08:59 73728 ----a-w- e:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 08:59 51200 ----a-w- e:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 08:59 981504 ----a-w- e:\windows\system32\wininet.dll
2010-12-21 05:38 . 2011-02-09 08:59 350720 ----a-w- e:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 08:59 204800 ----a-w- e:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 08:59 204288 ----a-w- e:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 08:59 14336 ----a-w- e:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 08:59 1389568 ----a-w- e:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 08:59 1236992 ----a-w- e:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 08:59 80384 ----a-w- e:\windows\system32\davclnt.dll
2010-12-20 17:09 . 2011-02-10 18:47 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-02-10 18:47 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-12-18 05:29 . 2011-02-09 08:59 44544 ----a-w- e:\windows\system32\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 08:59 541184 ----a-w- e:\windows\system32\kerberos.dll
2010-12-18 04:20 . 2011-02-09 08:59 386048 ----a-w- e:\windows\system32\html.iec
2010-12-18 03:47 . 2011-02-09 08:59 1638912 ----a-w- e:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of e:\windows\1C4551A64743409391E41477CD655043.TMP ----
.
2011-02-25 21:14 . 2011-02-25 21:14 200704 ----a-w- e:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="e:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"RtHDVCpl"="e:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="e:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="e:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-12-09 22:22 745472 ----a-w- e:\program files\AquaSnap\AquaSnap.Daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-05 09:09 1305408 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- e:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 WatAdminSvc;Služba Technologie aktivace Windows;e:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-03 218176]
S1 ehdrv;ehdrv;e:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BCUService;Browser Configuration Utility Service;e:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 eamonm;eamonm;e:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-18 810144]
S2 epfwwfp;epfwwfp;e:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ES lite Service;ES lite Service for program management.;e:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;e:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
S2 TeamViewer6;TeamViewer 6;e:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;e:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
IE: Stáhnout pomocí &BitSpiritu - e:\program files\BitSpirit\bsurl.htm
TCP: {C9A0AB6A-4BEE-4C5B-9C14-E39BD6F54551} = 62.129.50.20,85.135.32.100
.
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\atieclxx.exe
e:\program files\Canon\IJPLM\IJPLMSVC.EXE
e:\windows\system32\PnkBstrA.exe
e:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
e:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
e:\windows\servicing\TrustedInstaller.exe
e:\windows\system32\taskhost.exe
e:\windows\system32\conhost.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\DllHost.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-03-17 19:03:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-17 18:03
ComboFix2.txt 2011-03-17 17:25
.
Před spuštěním: Volných bajtů: 73 984 974 848
Po spuštění: Volných bajtů: 73 890 701 312
.
- - End Of File - - 4B5D130663D5495130099F4A5215650A
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 19:22

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
e:\windows\1C4551A64743409391E41477CD655043.TMP

DirLook::
e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Dymon » 17 bře 2011 19:57

ComboFix 11-03-16.06 - Petr 17.03.2011 19:49:30.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3326.2357 [GMT 1:00]
Spuštěný z: e:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: e:\users\Petr\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\1C4551A64743409391E41477CD655043.TMP
e:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-17 do 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 18:52 . 2011-03-17 18:54 -------- d-----w- e:\users\Petr\AppData\Local\temp
2011-03-17 18:52 . 2011-03-17 18:52 -------- d-----w- e:\users\Default\AppData\Local\temp
2011-03-17 14:25 . 2011-03-17 14:25 -------- d-----w- e:\users\Petr\DoctorWeb
2011-03-16 20:25 . 2011-03-16 20:25 388096 ----a-r- e:\users\Petr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 15:44 . 2011-03-16 15:44 -------- d-----w- e:\users\Petr\AppData\Local\Ubisoft Game Launcher
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\program files\SystemRequirementsLab
2011-03-15 19:41 . 2011-03-15 19:41 -------- d-----w- e:\users\Petr\SystemRequirementsLab
2011-03-15 19:31 . 2011-02-11 06:54 5943120 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{A1134CD0-B5E0-4B4B-A118-D441E99A9CBA}\mpengine.dll
2011-03-15 18:35 . 2011-03-15 18:35 -------- d-----w- e:\users\Petr\AppData\Roaming\PunkBuster
2011-03-13 20:25 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Publish Providers
2011-03-13 20:19 . 2011-03-13 20:19 -------- d-----w- e:\programdata\Sony
2011-03-13 15:14 . 2011-03-13 20:25 -------- d-----w- e:\users\Petr\AppData\Roaming\Sony
2011-03-13 15:14 . 2011-03-13 15:14 -------- d-----w- e:\users\Petr\AppData\Local\Sony
2011-03-13 15:10 . 2011-03-13 15:19 -------- d-----w- e:\program files\Sony
2011-03-13 14:25 . 2011-03-13 14:25 -------- d-----w- e:\program files\Sony Setup
2011-03-10 13:08 . 2011-03-10 13:08 282756 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-10 13:08 . 2011-03-10 13:08 163972 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-10 13:08 . 2002-12-05 13:12 692224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-10 13:08 . 2002-12-05 13:10 155648 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-10 13:08 . 2002-12-02 14:22 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-10 13:08 . 2002-12-02 12:33 57344 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-10 13:08 . 2002-12-02 12:33 237568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-10 12:34 . 2011-03-10 12:34 -------- d-----w- e:\programdata\Trymedia
2011-03-09 11:42 . 2011-03-09 11:42 -------- d-----w- E:\Fraps
2011-03-09 07:55 . 2011-02-19 05:33 802304 ----a-w- e:\windows\system32\FntCache.dll
2011-03-09 07:55 . 2011-02-19 05:32 1074176 ----a-w- e:\windows\system32\DWrite.dll
2011-03-09 07:55 . 2011-02-19 05:32 739840 ----a-w- e:\windows\system32\d2d1.dll
2011-03-09 07:55 . 2010-12-23 05:28 642048 ----a-w- e:\windows\system32\CPFilters.dll
2011-03-09 07:55 . 2010-12-23 05:28 534528 ----a-w- e:\windows\system32\EncDec.dll
2011-03-09 07:55 . 2010-12-23 05:28 850432 ----a-w- e:\windows\system32\sbe.dll
2011-03-09 07:55 . 2010-12-23 05:24 199680 ----a-w- e:\windows\system32\mpg2splt.ax
2011-03-09 07:55 . 2010-12-18 05:30 2690560 ----a-w- e:\windows\system32\mstscax.dll
2011-03-09 07:55 . 2010-12-18 05:26 1034240 ----a-w- e:\windows\system32\mstsc.exe
2011-03-08 16:53 . 2011-03-08 17:31 -------- d-----w- e:\users\Petr\AppData\Local\Canon Easy-PhotoPrint EX
2011-03-08 16:53 . 2011-03-08 16:53 -------- d--h--w- e:\programdata\CanonIJEPPEX
2011-03-08 16:31 . 2011-03-08 21:57 -------- d-----w- e:\programdata\CanonIJPLM
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJSolutionMenuEX
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonEPP
2011-03-08 16:30 . 2011-03-08 16:30 -------- d--h--w- e:\programdata\CanonIJMyPrinter
2011-03-08 16:27 . 2011-03-08 16:27 -------- d-----w- e:\programdata\CanonIJMSetup
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\program files\Common Files\CANON
2011-03-08 16:26 . 2011-03-08 16:26 -------- d-----w- e:\programdata\CanonIJWSpt
2011-03-08 16:20 . 2011-03-08 16:31 -------- d-----w- e:\program files\Canon
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\windows\system32\CanonIJ Uninstaller Information
2011-03-08 16:06 . 2011-03-08 16:06 -------- d--h--w- e:\programdata\CanonBJ
2011-03-08 16:06 . 2010-08-25 04:00 73216 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2011-03-08 16:06 . 2010-08-25 04:00 27648 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2011-03-08 16:05 . 2010-08-25 04:00 290816 ----a-w- e:\windows\system32\CNMLMAD.DLL
2011-03-08 16:05 . 2010-03-18 18:25 307200 ----a-w- e:\windows\system32\CNC5100L.dll
2011-03-08 16:05 . 2010-03-18 16:12 1335296 ----a-w- e:\windows\system32\CNC5100C.dll
2011-03-08 16:05 . 2010-03-18 16:12 114688 ----a-w- e:\windows\system32\CNC5100I.dll
2011-03-08 16:05 . 2010-03-18 16:11 106496 ----a-w- e:\windows\system32\CNC5100U.dll
2011-03-08 16:05 . 2008-08-25 17:02 15872 ----a-w- e:\windows\system32\CNHMCA.dll
2011-03-07 11:47 . 2011-03-07 11:47 -------- d-----w- e:\program files\Common Files\Java
2011-03-06 10:53 . 2011-03-06 10:53 -------- d-----w- e:\users\Petr\AppData\Roaming\Ubisoft
2011-03-06 09:32 . 2011-03-17 15:16 -------- d-----w- e:\program files\Ubisoft
2011-03-05 17:11 . 2011-03-05 17:11 -------- d-----w- e:\users\Petr\AppData\Local\Activision
2011-03-05 11:23 . 2011-03-05 11:47 -------- d-----w- e:\users\Petr\AppData\Roaming\TeamViewer
2011-03-05 11:18 . 2011-03-05 11:18 -------- d-----w- e:\program files\TeamViewer
2011-03-03 20:21 . 2011-03-03 20:21 -------- d-----w- e:\program files\Common Files\Skype
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\programdata\Blizzard Entertainment
2011-03-01 19:37 . 2011-03-04 12:56 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2011-02-25 22:10 . 2011-02-25 22:10 -------- d-----w- e:\programdata\BioWare
2011-02-25 21:14 . 2011-02-25 21:14 -------- d-----w- e:\programdata\Media Center Programs
2011-02-25 17:02 . 2011-02-25 17:02 -------- d-----w- e:\users\Petr\AppData\Local\My Games
2011-02-23 20:00 . 2010-09-14 06:07 276992 ----a-w- e:\windows\system32\wcncsvc.dll
2011-02-23 19:41 . 2011-02-23 19:45 -------- d-----w- e:\program files\SopCast
2011-02-23 14:17 . 2011-01-07 07:31 442880 ----a-w- e:\windows\system32\XpsPrint.dll
2011-02-23 14:17 . 2011-01-07 07:31 288256 ----a-w- e:\windows\system32\XpsGdiConverter.dll
2011-02-22 20:21 . 2011-02-22 20:21 -------- d-----w- e:\program files\vShare
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\users\Petr\AppData\Local\Google
2011-02-18 22:08 . 2011-02-18 22:08 -------- d-----w- e:\program files\Google
2011-02-18 18:51 . 2011-02-18 18:53 -------- d-----w- e:\users\Petr\AppData\Local\Microsoft Games
2011-02-18 16:18 . 2011-02-18 16:19 -------- d-----w- e:\windows\WindowsMobile
2011-02-18 15:25 . 2011-02-18 15:40 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2011-02-18 15:23 . 2011-02-18 15:23 -------- dc-h--w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-02-16 15:51 . 2011-03-05 20:54 -------- d-----w- e:\users\Petr\AppData\Local\Rawr
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 18:53 . 2011-01-15 22:11 17488 ----a-w- e:\windows\gdrv.sys
2011-03-16 14:09 . 2011-02-09 09:06 189248 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-03-16 14:09 . 2011-02-09 09:06 75136 ----a-w- e:\windows\system32\PnkBstrA.exe
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:07 22328 ----a-w- e:\users\Petr\AppData\Roaming\PnkBstrK.sys
2011-03-04 18:14 . 2011-02-09 09:06 669184 ----a-w- e:\windows\system32\pbsvc.exe
2011-02-09 17:06 . 2011-02-09 17:06 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2011-02-03 23:07 . 2011-02-03 23:07 218176 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-02-03 05:45 . 2011-02-09 08:58 219008 ----a-w- e:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2011-01-15 22:19 472808 ----a-w- e:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2011-01-15 20:50 222080 ------w- e:\windows\system32\MpSigStub.exe
2011-01-22 22:09 . 2011-01-22 22:09 445016 ----a-w- e:\windows\system32\wrap_oal.dll
2011-01-22 22:09 . 2011-01-22 22:09 109144 ----a-w- e:\windows\system32\OpenAL32.dll
2011-01-07 07:27 . 2011-02-09 08:59 34304 ----a-w- e:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 08:59 294400 ----a-w- e:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 08:59 428032 ----a-w- e:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 08:59 2329088 ----a-w- e:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 08:59 73728 ----a-w- e:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 08:59 51200 ----a-w- e:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 08:59 981504 ----a-w- e:\windows\system32\wininet.dll
2010-12-21 05:38 . 2011-02-09 08:59 350720 ----a-w- e:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 08:59 204800 ----a-w- e:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 08:59 204288 ----a-w- e:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 08:59 14336 ----a-w- e:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 08:59 1389568 ----a-w- e:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 08:59 1236992 ----a-w- e:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 08:59 80384 ----a-w- e:\windows\system32\davclnt.dll
2010-12-20 17:09 . 2011-02-10 18:47 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-02-10 18:47 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-12-18 05:29 . 2011-02-09 08:59 44544 ----a-w- e:\windows\system32\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 08:59 541184 ----a-w- e:\windows\system32\kerberos.dll
2010-12-18 04:20 . 2011-02-09 08:59 386048 ----a-w- e:\windows\system32\html.iec
2010-12-18 03:47 . 2011-02-09 08:59 1638912 ----a-w- e:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} ----
.
2011-02-18 15:23 . 2011-02-18 15:23 99 -c--a-w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\instance.dat
2011-02-18 15:23 . 2011-02-18 15:23 14 -c--a-w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.lan
2011-02-18 15:23 . 2011-02-18 15:23 3035 -c--a-w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.par
2011-02-18 15:23 . 2011-02-18 15:23 1003 -c--a-w- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.dat
2011-02-18 15:23 . 2008-08-20 14:24 598164 -c--a-r- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\mia.lib
2011-02-18 15:23 . 2008-08-20 14:24 10075378 -c--a-r- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.res
2011-02-18 15:23 . 2008-08-20 14:24 435712 -c--a-r- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.msi
2011-02-18 15:23 . 2008-08-20 14:24 2925576 -c--a-r- e:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="e:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"RtHDVCpl"="e:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="e:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="e:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-12-09 22:22 745472 ----a-w- e:\program files\AquaSnap\AquaSnap.Daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-05 09:09 1305408 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- e:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- e:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 WatAdminSvc;Služba Technologie aktivace Windows;e:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-03 218176]
S1 ehdrv;ehdrv;e:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 BCUService;Browser Configuration Utility Service;e:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 eamonm;eamonm;e:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-18 810144]
S2 epfwwfp;epfwwfp;e:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ES lite Service;ES lite Service for program management.;e:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;e:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
S2 TeamViewer6;TeamViewer 6;e:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;e:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
IE: Stáhnout pomocí &BitSpiritu - e:\program files\BitSpirit\bsurl.htm
TCP: {C9A0AB6A-4BEE-4C5B-9C14-E39BD6F54551} = 62.129.50.20,85.135.32.100
.
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\atieclxx.exe
e:\program files\Canon\IJPLM\IJPLMSVC.EXE
e:\windows\system32\PnkBstrA.exe
e:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
e:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
e:\windows\servicing\TrustedInstaller.exe
e:\windows\system32\taskhost.exe
e:\windows\system32\conhost.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\DllHost.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-03-17 19:56:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-17 18:56
ComboFix2.txt 2011-03-17 18:03
ComboFix3.txt 2011-03-17 17:25
.
Před spuštěním: Volných bajtů: 73 934 516 224
Po spuštění: Volných bajtů: 73 877 344 256
.
- - End Of File - - 1408508842DFDF4628E7944EA8B7F408
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 20:02

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT

Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Dymon
Level 2.5
Level 2.5
Příspěvky: 266
Registrován: květen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Dymon » 17 bře 2011 20:12

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:10, on 17.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Windows\WindowsMobile\wmdc.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
E:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Windows\Explorer.exe
E:\Program Files\Opera\opera.exe
Z:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - E:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [BCU] "E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] E:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - E:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A0AB6A-4BEE-4C5B-9C14-E39BD6F54551}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - E:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - Z:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - E:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: JMB36X - Unknown owner - E:\Windows\System32\XSrvSetup.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 8607 bytes


Zatím vytížení RAM 38% opět jen se spuštěnou operou, nejspíš sem stále zvyklý na XP kde systém nežral tolik pamětí. Každopádně uvidím přes víkend kdy bude PC v zátěži jaké bude vytížení RAM. Děkuji za pomoc ;)
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod memphisto » 17 bře 2011 20:35

Odinstaluj Daemon Tools Toolbar

v logu fixni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)

Stáhni si StartUpLite a pořeš položky po spuštění
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti