kontrola logu

Příspěvekod **jaro3** » 14 bře 2014 19:13

Co problémy?

Reklama

kiara152 · Příspěvekod **kiara152** » 19 bře 2014 07:05

Prepáčte, že píšem tak neskoro. Mám jeden problém. Počítač mi začal dosť často zamrzať, hlavne keď mám spustený google chrome. Keď si pustím video, poprípade hru. Na nič nereaguje, musím ho reštartovať. Cez mozilu ide zvyčajne bez problémov.

Příspěvekod **jaro3** » 19 bře 2014 09:32

Znovu adwcleaner a MbAM.

kiara152 · Příspěvekod **kiara152** » 20 bře 2014 20:46

# AdwCleaner v3.022 - Report created 20/03/2014 at 20:44:34
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : uzivatel - HUGO-PC
# Running from : C:\Documents and Settings\uzivatel\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v28.0 (sk)

[ File : C:\Documents and Settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\moyplpp8.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\uzivatel\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3145 octets] - [12/03/2014 18:45:09]
AdwCleaner[R1].txt - [3205 octets] - [13/03/2014 17:49:24]
AdwCleaner[R2].txt - [940 octets] - [20/03/2014 20:44:34]
AdwCleaner[S0].txt - [3086 octets] - [13/03/2014 17:50:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1059 octets] ##########

kiara152 · Příspěvekod **kiara152** » 20 bře 2014 21:01

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.03.20.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
uzivatel :: HUGO-PC [administrátor]

20.3.2014 20:47:58
mbam-log-2014-03-20 (20-47-58).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 284696
Uplynutý čas: 8 min,

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

Příspěvekod **jaro3** » 20 bře 2014 21:34

Je Vás víc , co jim zamrzá Chrome , asi nějaká špatná aktualizace..

kiara152 · Příspěvekod **kiara152** » 25 bře 2014 06:37

Dobré ráno. Odstranila som google chrome, no pc sa aj naďalej zasekáva, už aj na mozille. Môže to spôsobovať aj niečo iné? A mám ešte jednu otázku. Často mi vypadáva internet, vraveli že je to routerom, ale aj po vímene, mi vypadáva naďalej. Zakaždým musím reštartovať router, aby mi naskočil internet. čo by to mohlo spôsobovať?

Příspěvekod **jaro3** » 25 bře 2014 09:36

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

kiara152 · Příspěvekod **kiara152** » 25 bře 2014 18:49

ComboFix 14-03-24.01 - uzivatel 25.03.2014 18:40:27.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1391 [GMT 1:00]
Running from: c:\documents and settings\uzivatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-02-25 to 2014-03-25 )))))))))))))))))))))))))))))))
.
.
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\VS Revo Group
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-03-23 16:06 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\program files\VS Revo Group
2014-03-18 14:20 . 2014-03-18 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Carambis
2014-03-13 17:02 . 2014-03-13 17:02 -------- d-----w- c:\windows\ERUNT
2014-03-12 17:44 . 2014-03-20 19:45 -------- d-----w- C:\AdwCleaner
2014-03-12 17:14 . 2014-03-12 17:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-03-12 17:00 . 2014-03-12 17:00 388096 ----a-r- c:\documents and settings\uzivatel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-12 17:00 . 2014-03-12 17:00 -------- d-----w- c:\program files\Trend Micro
2014-03-12 16:49 . 2013-10-28 03:00 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Malwarebytes
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-12 16:38 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-26 20:48 . 2014-03-01 19:30 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Opera Software
2014-02-26 20:48 . 2014-03-01 19:30 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Opera Software
2014-02-26 18:27 . 2014-02-26 18:27 -------- d-sh--w- c:\documents and settings\uzivatel\PrivacIE
2014-02-26 17:48 . 2014-02-26 17:48 -------- d-sh--w- c:\documents and settings\uzivatel\IETldCache
2014-02-26 17:40 . 2014-02-26 17:41 -------- d-----w- c:\windows\system32\sk-SK
2014-02-26 17:40 . 2014-02-26 17:41 -------- dc-h--w- c:\windows\ie8
2014-02-26 17:35 . 2014-02-05 23:26 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-02-26 17:34 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2014-02-26 17:34 . 2014-02-05 23:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-02-26 17:34 . 2014-02-05 23:26 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-02-26 17:34 . 2014-02-05 23:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-02-26 17:34 . 2014-02-05 23:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-02-26 17:34 . 2014-02-05 23:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-02-26 17:34 . 2014-02-05 23:26 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-02-26 17:34 . 2014-02-05 23:26 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:14 . 2013-04-02 13:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:14 . 2011-08-12 19:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26 . 2004-08-03 22:56 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-03 22:56 18944 ------w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec
2014-01-16 19:02 . 2014-01-16 19:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 19:01 . 2014-01-16 19:02 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-04-20 140832]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-04-02 18:26 138096 ----atw- c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray]
2008-11-14 12:50 319488 ----a-w- c:\windows\PixArt\PAP7501\PACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 01:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [17.9.2013 15:17 118768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.9.2013 12:06 1337752]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2.4.2013 19:28 35896]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [18.8.2011 10:34 580992]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.11.2013 1:24 121184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23.3.2014 17:06 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 18:14]
.
2014-03-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003Core.job
- c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-04-02 18:26]
.
2014-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003UA.job
- c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-04-02 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://start.drp.su/
uSearchAssistant = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\moyplpp8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-Google Update - c:\documents and settings\uzivatel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-25 18:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1d5b1dd6-2236-4c64-b2bc-e516950a62fb}]
@Denied: (Full) (Everyone)
"Model"=dword:000000db
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,17,65,92,21,36,6f,72,eb,63,c7,77,d5,81,44,54,ef,9d,d1,c3,27,
25,86,0a,a6,b2,12,7e,46,f0,d0,84,d0,a1,78,f4,e2,0b,cc,30,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2014-03-25 18:45:18
ComboFix-quarantined-files.txt 2014-03-25 17:45
.
Pre-Run: 104 000 126 976 bytes free
Post-Run: 104 447 926 272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FB3E69313E14981B8F458A8962E79A68
8F558EB6672622401DA993E1E865C861

Příspěvekod **jaro3** » 26 bře 2014 10:07

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\gfiark.sys
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003UA.job

Folder::
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update

Driver::
SBRE
gfiark

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1d5b1dd6-2236-4c64-b2bc-e516950a62fb}]
@Denied: (Full) (Everyone)
"Model"=dword:000000db
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
 38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,17,65,92,21,36,6f,72,eb,63,c7,77,d5,81,44,54,ef,9d,d1,c3,27,
 25,86,0a,a6,b2,12,7e,46,f0,d0,84,d0,a1,78,f4,e2,0b,cc,30,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

kiara152 · Příspěvekod **kiara152** » 26 bře 2014 19:02

ComboFix 14-03-24.01 - uzivatel 26.03.2014 18:45:27.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1391 [GMT 1:00]
Running from: c:\documents and settings\uzivatel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\uzivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\drivers\gfiark.sys"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796845957-1897051121-839522115-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookUpdateHelper.AAAAmsi
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GFIARK
-------\Service_gfiark
-------\Service_SBRE
.
.
((((((((((((((((((((((((( Files Created from 2014-02-26 to 2014-03-26 )))))))))))))))))))))))))))))))
.
.
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\VS Revo Group
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-03-23 16:06 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-03-23 16:06 . 2014-03-23 16:06 -------- d-----w- c:\program files\VS Revo Group
2014-03-18 14:20 . 2014-03-18 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Carambis
2014-03-13 17:02 . 2014-03-13 17:02 -------- d-----w- c:\windows\ERUNT
2014-03-12 17:44 . 2014-03-20 19:45 -------- d-----w- C:\AdwCleaner
2014-03-12 17:14 . 2014-03-12 17:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-03-12 17:00 . 2014-03-12 17:00 388096 ----a-r- c:\documents and settings\uzivatel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-12 17:00 . 2014-03-12 17:00 -------- d-----w- c:\program files\Trend Micro
2014-03-12 16:49 . 2013-10-28 03:00 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Malwarebytes
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-12 16:38 . 2014-03-12 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-12 16:38 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-26 20:48 . 2014-03-01 19:30 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Opera Software
2014-02-26 20:48 . 2014-03-01 19:30 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Opera Software
2014-02-26 18:27 . 2014-02-26 18:27 -------- d-sh--w- c:\documents and settings\uzivatel\PrivacIE
2014-02-26 17:48 . 2014-02-26 17:48 -------- d-sh--w- c:\documents and settings\uzivatel\IETldCache
2014-02-26 17:40 . 2014-02-26 17:41 -------- d-----w- c:\windows\system32\sk-SK
2014-02-26 17:40 . 2014-02-26 17:41 -------- dc-h--w- c:\windows\ie8
2014-02-26 17:35 . 2014-02-05 23:26 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-02-26 17:34 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2014-02-26 17:34 . 2014-02-05 23:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-02-26 17:34 . 2014-02-05 23:26 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-02-26 17:34 . 2014-02-05 23:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-02-26 17:34 . 2014-02-05 23:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-02-26 17:34 . 2014-02-05 23:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-02-26 17:34 . 2014-02-05 23:26 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-02-26 17:34 . 2014-02-05 23:26 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:14 . 2013-04-02 13:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 18:14 . 2011-08-12 19:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26 . 2004-08-03 22:56 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-03 22:56 18944 ------w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec
2014-01-16 19:02 . 2014-01-16 19:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 19:01 . 2014-01-16 19:02 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-04-20 140832]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray]
2008-11-14 12:50 319488 ----a-w- c:\windows\PixArt\PAP7501\PACTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [17.9.2013 15:17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [17.9.2013 15:17 118768]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.9.2013 12:06 1337752]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
S3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [18.8.2011 10:34 580992]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [28.11.2013 1:24 121184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23.3.2014 17:06 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://start.drp.su/
uSearchAssistant = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\moyplpp8.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Facebook Update - c:\documents and settings\uzivatel\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-26 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-03-26 18:57:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-26 17:57
ComboFix2.txt 2014-03-25 17:45
.
Pre-Run: 104 334 057 472 bytes free
Post-Run: 12 adresárov, 104 253 550 592 voľných bajtov
.
- - End Of File - - 5E6E1A7C0B1A3243FA865761258651EA
8F558EB6672622401DA993E1E865C861

kiara152 · Příspěvekod **kiara152** » 26 bře 2014 19:03

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:58, on 26.3.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.drp.su/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-796845957-1897051121-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3176101906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 6390 bytes

kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Kdo je online