pekny vecer kontrolujete mi to prosim
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:12, on 23.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Toolbar_eula_launcher] C:\install\google\eula\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [365dni] C:\Users\PC\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\365dniNET.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate1c9b798e1b223f0) (gupdate1c9b798e1b223f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
kontrola
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
Odinstaluj:
ICQToolBar
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud bude bez nálezu, a nejsou problémy , je to vše.Jinak se podívám zítra..
ICQToolBar
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud bude bez nálezu, a nejsou problémy , je to vše.Jinak se podívám zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola
dekuji
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2326
Windows 6.0.6001 Service Pack 1
23.6.2009 23:17:20
mbam-log-2009-06-23 (23-17-20).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106130
Uplynulý cas: 6 minute(s), 25 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
a jeste je nejaka kontrola dik
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2326
Windows 6.0.6001 Service Pack 1
23.6.2009 23:17:20
mbam-log-2009-06-23 (23-17-20).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106130
Uplynulý cas: 6 minute(s), 25 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
a jeste je nejaka kontrola dik
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
Kontrol je dost, ale nejprve napiš , zda máš nějaké problémy , popiš je.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola
muj pocitac posledni dobou kdyz dam do neho dvd kliknu na jednotka dvd no proste otevrit tak to neni tak rychle
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
To spíše ukazuje na vadnou mechaniku( slabý laser), ale ještě zkusíme toto:
Vypni rez. ochranu u Norton/Symantec.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Vypni rez. ochranu u Norton/Symantec.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola
ComboFix 09-06-23.01 - PC 24.06.2009 18:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.900 [GMT 2:00]
Spuštěný z: c:\users\PC\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-1003
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-500
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-1003\desktop.ini
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-500\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-24 do 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\nevim\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\gshdfsf\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\gfdgdf\AppData\Local\temp
2009-06-24 16:24 . 2009-06-24 16:33 -------- d-----w- c:\users\PC\steve irwin
2009-06-24 15:46 . 2009-06-24 15:46 -------- d-----w- c:\users\PC\AppData\Roaming\VitySoft
2009-06-24 11:43 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-24 11:43 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-06-24 11:43 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-24 11:43 . 2009-06-24 11:43 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-24 11:43 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-24 11:42 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-24 11:42 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-24 11:42 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-24 11:42 . 2009-06-24 11:42 -------- d-----w- c:\program files\eRightSoft
2009-06-24 10:43 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\EECTRL.SYS
2009-06-24 10:43 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\ERASER.SYS
2009-06-24 10:43 . 2009-02-20 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVENG.SYS
2009-06-24 10:43 . 2009-02-20 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVEX15.SYS
2009-06-24 10:43 . 2009-02-20 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVENG32.DLL
2009-06-24 10:43 . 2009-02-20 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVEX32A.DLL
2009-06-24 10:43 . 2009-01-14 10:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\ECMSVR32.DLL
2009-06-24 10:43 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\CCERASER.DLL
2009-06-23 21:05 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 21:05 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\program files\Trend Micro
2009-06-23 18:10 . 2008-02-25 12:05 892928 ----a-w- c:\windows\system32\iconv.dll
2009-06-23 18:10 . 2009-06-23 18:10 -------- d-----w- c:\program files\Wondershare
2009-06-23 17:03 . 2009-02-20 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVENG.SYS
2009-06-23 17:03 . 2009-02-20 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVEX15.SYS
2009-06-23 17:03 . 2009-02-20 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVENG32.DLL
2009-06-23 17:03 . 2009-02-20 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVEX32A.DLL
2009-06-23 17:03 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\EECTRL.SYS
2009-06-23 17:03 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\CCERASER.DLL
2009-06-23 17:03 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\ERASER.SYS
2009-06-23 17:03 . 2009-01-14 10:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\ECMSVR32.DLL
2009-06-22 20:50 . 2009-06-23 21:31 -------- d-----w- c:\program files\SlySoft
2009-06-21 14:08 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-21 14:08 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-21 14:08 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSco.sys
2009-06-21 14:08 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-21 14:08 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-21 14:08 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-21 14:08 . 2009-01-02 21:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-16 18:17 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-16 18:17 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-16 18:10 . 2009-06-16 18:10 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-12 20:23 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 20:23 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 20:23 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSco.sys
2009-06-12 20:23 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 20:23 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 20:23 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 20:23 . 2009-01-02 21:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-12 13:25 . 2009-06-12 13:25 -------- d-----w- c:\program files\Dude
2009-06-10 21:08 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\users\PC\AppData\Local\Thunderbird
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\users\PC\AppData\Roaming\Thunderbird
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-03 17:11 . 2009-06-03 17:11 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 17:11 . 2009-06-03 17:11 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
2009-05-30 16:30 . 2009-05-30 16:31 -------- d-----w- c:\users\gfdgdf\AppData\Roaming\Zoner
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 15:35 . 2008-07-12 09:43 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2009-06-24 13:11 . 2009-05-17 16:45 -------- d-----w- c:\program files\ESET
2009-06-24 12:32 . 2008-06-10 15:21 -------- d-----w- c:\program files\rajce
2009-06-23 21:33 . 2009-03-26 17:55 -------- d-----w- c:\program files\PowerPoint to Video
2009-06-23 21:05 . 2009-01-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 16:59 . 2008-05-09 09:32 -------- d-----w- c:\programdata\Google Updater
2009-06-22 15:28 . 2009-03-12 17:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-16 18:09 . 2008-04-27 18:45 737280 ----a-w- c:\windows\iun6002.exe
2009-06-15 10:18 . 2009-01-25 10:40 -------- d-----w- c:\users\PC\AppData\Roaming\LangSoft
2009-06-14 14:50 . 2007-11-28 12:38 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 08:52 . 2008-06-08 17:24 -------- d-----w- c:\program files\DivX
2009-05-30 16:31 . 2008-07-13 17:01 -------- d-----w- c:\users\gfdgdf\AppData\Roaming\DivX
2009-05-30 13:49 . 2008-07-05 19:27 100256 ----a-w- c:\users\gfdgdf\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 07:41 . 2007-11-28 12:49 -------- d-----w- c:\program files\Google
2009-05-25 16:06 . 2009-05-25 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-17 16:06 . 2009-05-17 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-05-13 16:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 21:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 21:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 14:29 . 2007-12-10 15:15 100256 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-08 13:39 . 2007-11-28 12:40 -------- d-----w- c:\program files\Microsoft Works
2009-05-05 16:06 . 2009-05-05 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-05-02 17:32 . 2009-02-06 20:54 -------- d-----w- c:\users\PC\AppData\Roaming\Free Download Manager
2009-05-02 07:13 . 2009-05-02 06:42 -------- d-----w- c:\program files\AVS4YOU
2009-05-02 07:05 . 2009-05-02 06:43 -------- d-----w- c:\programdata\AVS4YOU
2009-05-02 07:05 . 2009-05-02 07:05 -------- d-----w- c:\users\PC\AppData\Roaming\AVS4YOU
2009-05-02 06:42 . 2009-05-02 06:42 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-02 06:38 . 2009-05-02 06:35 21865264 ----a-w- c:\users\PC\AVSFirewall.exe
2009-04-26 15:37 . 2009-04-26 15:37 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-04-25 20:04 . 2009-04-25 20:04 821600 ----a-w- c:\users\PC\setup.exe
2009-04-23 15:02 . 2007-01-08 21:09 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-04-23 15:02 . 2007-01-08 21:09 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-04-23 12:42 . 2009-06-10 21:09 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 21:09 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-13 15:37 . 2009-04-13 15:37 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-04-07 08:50 . 2008-05-09 09:32 7592 ----a-w- c:\users\PC\AppData\Local\d3d9caps.dat
2009-04-02 12:46 . 2009-04-02 12:46 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-03-31 20:46 . 2008-02-23 18:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-31 20:47 . 2009-01-21 16:31 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-05-03 10:06 . 2009-06-24 11:42 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-06-24 11:42 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-06-24 11:42 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-11-28 12:09 . 2007-11-28 12:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toolbar_eula_launcher"="c:\install\google\eula\EULALauncher.exe" [2007-02-09 16896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-6-29 385024]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2733799108-3116144996-3733436972-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C1BCE8A-9DC1-46C2-A4DC-18AE21CC13BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36941853-7CA5-4AF6-8FE4-52A8FE39977A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{AB773091-DE6F-4F64-AC82-433436761306}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{01B91AF7-1CDD-4F78-BE5C-DB17EE11D9DC}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{4F29A706-5662-4CDC-A1AD-1A45DA155D9A}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{9321EA90-5782-4AD1-BCC2-5B3BED105092}c:\\users\\pc\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\strongdc.exe"= UDP:c:\users\pc\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\strongdc.exe:strongdc.exe
"UDP Query User{9A8EA744-222C-44EC-BECA-34DAD9C7EC1B}c:\\users\\pc\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\strongdc.exe"= TCP:c:\users\pc\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\strongdc.exe:strongdc.exe
"TCP Query User{965BBD9A-4460-4DFB-9A31-CBE8D6462D87}c:\\users\\pc\\appdata\\local\\temp\\rar$ex01.147\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex01.147\strongdc.exe:strongdc.exe
"UDP Query User{9D0221B0-4478-473E-B304-745759ADCF45}c:\\users\\pc\\appdata\\local\\temp\\rar$ex01.147\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex01.147\strongdc.exe:strongdc.exe
"TCP Query User{894A3D79-9FB8-4102-B9F3-0C2BF25A1EA5}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.883\\czdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.883\czdc.exe:czdc.exe
"UDP Query User{6A61654D-A9CE-46B5-8563-4252B3344183}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.883\\czdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.883\czdc.exe:czdc.exe
"TCP Query User{076B20CC-F23C-4EC2-8C8C-282CCAEB207F}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.253\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.253\strongdc.exe:strongdc.exe
"UDP Query User{8B6A664A-52ED-4D30-AAED-61ABAB28B08A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.253\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.253\strongdc.exe:strongdc.exe
"TCP Query User{10DB1AD1-3510-4B49-A69E-8AE33315DF52}c:\\users\\pc\\appdata\\local\\temp\\rar$ex14.950\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex14.950\strongdc.exe:strongdc.exe
"UDP Query User{86DEEFEE-2F3A-45BE-8972-925AF698203C}c:\\users\\pc\\appdata\\local\\temp\\rar$ex14.950\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex14.950\strongdc.exe:strongdc.exe
"TCP Query User{47669FF2-107C-4CE6-B168-E52ABAEB2E58}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.068\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.068\strongdc.exe:strongdc.exe
"UDP Query User{3860B50A-BBEB-4383-8027-D2A6B999648A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.068\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.068\strongdc.exe:strongdc.exe
"TCP Query User{575081F0-93E0-41F5-8792-67702ADD0F7E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.131\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.131\strongdc.exe:strongdc.exe
"UDP Query User{8BCF1BAE-DA62-422E-8451-1C6C326F788E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.131\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.131\strongdc.exe:strongdc.exe
"TCP Query User{0ADB4458-134B-4755-9368-0823D0BF97EE}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.833\\czdcplusplus.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.833\czdcplusplus.exe:czdcplusplus.exe
"UDP Query User{055E11C8-1111-43E0-9414-55E64A761FD1}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.833\\czdcplusplus.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.833\czdcplusplus.exe:czdcplusplus.exe
"TCP Query User{16486CF1-A671-4466-A8CE-9EF539BBADDC}c:\\users\\pc\\appdata\\local\\temp\\rar$ex15.423\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex15.423\strongdc.exe:strongdc.exe
"UDP Query User{E6A1B4B6-850A-4CA5-9F9F-FD23745DA075}c:\\users\\pc\\appdata\\local\\temp\\rar$ex15.423\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex15.423\strongdc.exe:strongdc.exe
"TCP Query User{8CA818EE-AD72-413E-B19C-52A8ABDE8D02}c:\\users\\pc\\appdata\\local\\temp\\rar$ex45.663\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex45.663\strongdc.exe:strongdc.exe
"UDP Query User{9EC82BAF-C62D-443B-85DB-6A7EF619920B}c:\\users\\pc\\appdata\\local\\temp\\rar$ex45.663\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex45.663\strongdc.exe:strongdc.exe
"TCP Query User{17E4580D-0289-4D45-A5BA-59E2F49E1511}c:\\users\\pc\\appdata\\local\\temp\\rar$ex19.493\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex19.493\strongdc.exe:strongdc.exe
"UDP Query User{C095E457-2693-465B-97D5-6EFE169142DB}c:\\users\\pc\\appdata\\local\\temp\\rar$ex19.493\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex19.493\strongdc.exe:strongdc.exe
"TCP Query User{1E89845F-FCBE-472A-A678-3893B808BAB2}c:\\users\\pc\\appdata\\local\\temp\\rar$ex35.877\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex35.877\strongdc.exe:strongdc.exe
"UDP Query User{F9A536C4-B529-4CBD-91D7-3C13F16C2D4D}c:\\users\\pc\\appdata\\local\\temp\\rar$ex35.877\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex35.877\strongdc.exe:strongdc.exe
"TCP Query User{2E85BF59-9B20-4F0B-A5BD-AA264BFF7D1A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.302\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.302\strongdc.exe:strongdc.exe
"UDP Query User{F44EC0A2-E6DF-42A3-ABE4-6ED7434A950E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.302\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.302\strongdc.exe:strongdc.exe
"TCP Query User{6A1DCF27-1396-49C7-AA88-CCE593730C04}c:\\users\\pc\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\pc\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{8B52BB6E-CFB6-467A-906B-5748509F1126}c:\\users\\pc\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\pc\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{EE6F2CDA-AB42-4F4E-9B74-864C9E8D181A}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{D08CED61-C285-4F77-9928-07A8AB31617C}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{F20549FD-4D6C-4295-8399-076079391C64}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{27ED8492-1F7D-4C53-9125-C7117461D875}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{2105454F-A18A-43CC-A4A0-DAD605E746E3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2F78CD0-80C7-4674-BE11-62F8E3492EA6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4562AF7F-B534-4789-8A61-CF61A02478E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DBF477F4-4C91-4AD5-98A4-75B7EAFAC97F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{90ED4AD3-A9A8-4A71-8BD7-DE635464FB1D}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{27FB298D-3F01-4B20-8053-A2A90296DDB3}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{14257FB2-8017-439D-8A0D-151D2C809ECC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6F1B5D4C-BE3F-41FE-B400-A530E112C849}"= UDP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{B09045D1-50AE-4D64-B5DE-EFEFC7022200}"= TCP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{26FF3138-2A8C-44E3-AD5E-26E88268F9A3}"= UDP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{E8FE8E21-6B7A-4569-BDA3-FF4A74157BC8}"= TCP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [21.6.2009 16:08 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.2.2008 13:37 149352]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\System32\drivers\ddcdrv.sys [25.6.2008 20:35 10240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.2.2009 18:39 101936]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19.2.2009 12:31 41008]
S2 gupdate1c9b798e1b223f0;Google Update Service (gupdate1c9b798e1b223f0);c:\program files\Google\Update\GoogleUpdate.exe [7.4.2009 17:52 133104]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 10:53 1121536]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14.3.2009 19:08 55280]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 15:52]
2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733799108-3116144996-3733436972-1000.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-08 16:04]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{0504F2DA-522E-4DCE-8D8D-883CB7F6ABB3}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{133895F4-409D-42C3-8FCE-3C8FCEA33C11}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-365dni - c:\users\PC\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\365dniNET.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-Run-fsm - (no file)
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.yahoo.com
IE: Download with &FileFactory Turbo - c:\program files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\j5pp662m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\PC\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:06
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5032)
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2009-06-24 19:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-24 17:10
Před spuštěním: Volných bajtů: 119 085 101 056
Po spuštění: Volných bajtů: 118 998 331 392
344 --- E O F --- 2009-06-24 12:48
dik
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2047.900 [GMT 2:00]
Spuštěný z: c:\users\PC\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-1003
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-500
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-1003\desktop.ini
c:\$recycle.bin\S-1-5-21-2733799108-3116144996-3733436972-500\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-24 do 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\nevim\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\gshdfsf\AppData\Local\temp
2009-06-24 17:01 . 2009-06-24 17:01 -------- d-----w- c:\users\gfdgdf\AppData\Local\temp
2009-06-24 16:24 . 2009-06-24 16:33 -------- d-----w- c:\users\PC\steve irwin
2009-06-24 15:46 . 2009-06-24 15:46 -------- d-----w- c:\users\PC\AppData\Roaming\VitySoft
2009-06-24 11:43 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-06-24 11:43 . 2007-05-17 15:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-06-24 11:43 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-24 11:43 . 2009-06-24 11:43 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-24 11:43 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-06-24 11:42 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-06-24 11:42 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-06-24 11:42 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-06-24 11:42 . 2009-06-24 11:42 -------- d-----w- c:\program files\eRightSoft
2009-06-24 10:43 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\EECTRL.SYS
2009-06-24 10:43 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\ERASER.SYS
2009-06-24 10:43 . 2009-02-20 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVENG.SYS
2009-06-24 10:43 . 2009-02-20 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVEX15.SYS
2009-06-24 10:43 . 2009-02-20 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVENG32.DLL
2009-06-24 10:43 . 2009-02-20 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\NAVEX32A.DLL
2009-06-24 10:43 . 2009-01-14 10:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\ECMSVR32.DLL
2009-06-24 10:43 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.053\CCERASER.DLL
2009-06-23 21:05 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 21:05 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\program files\Trend Micro
2009-06-23 18:10 . 2008-02-25 12:05 892928 ----a-w- c:\windows\system32\iconv.dll
2009-06-23 18:10 . 2009-06-23 18:10 -------- d-----w- c:\program files\Wondershare
2009-06-23 17:03 . 2009-02-20 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVENG.SYS
2009-06-23 17:03 . 2009-02-20 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVEX15.SYS
2009-06-23 17:03 . 2009-02-20 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVENG32.DLL
2009-06-23 17:03 . 2009-02-20 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\NAVEX32A.DLL
2009-06-23 17:03 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\EECTRL.SYS
2009-06-23 17:03 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\CCERASER.DLL
2009-06-23 17:03 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\ERASER.SYS
2009-06-23 17:03 . 2009-01-14 10:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090623.002\ECMSVR32.DLL
2009-06-22 20:50 . 2009-06-23 21:31 -------- d-----w- c:\program files\SlySoft
2009-06-21 14:08 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-21 14:08 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-21 14:08 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSco.sys
2009-06-21 14:08 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-21 14:08 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-21 14:08 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-21 14:08 . 2009-01-02 21:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-16 18:17 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-16 18:17 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-16 18:10 . 2009-06-16 18:10 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-12 20:23 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 20:23 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 20:23 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSco.sys
2009-06-12 20:23 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 20:23 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 20:23 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 20:23 . 2009-01-02 21:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-12 13:25 . 2009-06-12 13:25 -------- d-----w- c:\program files\Dude
2009-06-10 21:08 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\users\PC\AppData\Local\Thunderbird
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\users\PC\AppData\Roaming\Thunderbird
2009-06-04 20:26 . 2009-06-04 20:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-03 17:11 . 2009-06-03 17:11 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 17:11 . 2009-06-03 17:11 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
2009-05-30 16:30 . 2009-05-30 16:31 -------- d-----w- c:\users\gfdgdf\AppData\Roaming\Zoner
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 15:35 . 2008-07-12 09:43 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2009-06-24 13:11 . 2009-05-17 16:45 -------- d-----w- c:\program files\ESET
2009-06-24 12:32 . 2008-06-10 15:21 -------- d-----w- c:\program files\rajce
2009-06-23 21:33 . 2009-03-26 17:55 -------- d-----w- c:\program files\PowerPoint to Video
2009-06-23 21:05 . 2009-01-06 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 16:59 . 2008-05-09 09:32 -------- d-----w- c:\programdata\Google Updater
2009-06-22 15:28 . 2009-03-12 17:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-16 18:09 . 2008-04-27 18:45 737280 ----a-w- c:\windows\iun6002.exe
2009-06-15 10:18 . 2009-01-25 10:40 -------- d-----w- c:\users\PC\AppData\Roaming\LangSoft
2009-06-14 14:50 . 2007-11-28 12:38 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 08:52 . 2008-06-08 17:24 -------- d-----w- c:\program files\DivX
2009-05-30 16:31 . 2008-07-13 17:01 -------- d-----w- c:\users\gfdgdf\AppData\Roaming\DivX
2009-05-30 13:49 . 2008-07-05 19:27 100256 ----a-w- c:\users\gfdgdf\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 07:41 . 2007-11-28 12:49 -------- d-----w- c:\program files\Google
2009-05-25 16:06 . 2009-05-25 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-17 16:06 . 2009-05-17 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-05-13 16:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 21:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 21:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 14:29 . 2007-12-10 15:15 100256 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-08 13:39 . 2007-11-28 12:40 -------- d-----w- c:\program files\Microsoft Works
2009-05-05 16:06 . 2009-05-05 16:06 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-05-02 17:32 . 2009-02-06 20:54 -------- d-----w- c:\users\PC\AppData\Roaming\Free Download Manager
2009-05-02 07:13 . 2009-05-02 06:42 -------- d-----w- c:\program files\AVS4YOU
2009-05-02 07:05 . 2009-05-02 06:43 -------- d-----w- c:\programdata\AVS4YOU
2009-05-02 07:05 . 2009-05-02 07:05 -------- d-----w- c:\users\PC\AppData\Roaming\AVS4YOU
2009-05-02 06:42 . 2009-05-02 06:42 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-02 06:38 . 2009-05-02 06:35 21865264 ----a-w- c:\users\PC\AVSFirewall.exe
2009-04-26 15:37 . 2009-04-26 15:37 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-04-25 20:04 . 2009-04-25 20:04 821600 ----a-w- c:\users\PC\setup.exe
2009-04-23 15:02 . 2007-01-08 21:09 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-04-23 15:02 . 2007-01-08 21:09 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-04-23 12:42 . 2009-06-10 21:09 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 21:09 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-13 15:37 . 2009-04-13 15:37 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-04-07 08:50 . 2008-05-09 09:32 7592 ----a-w- c:\users\PC\AppData\Local\d3d9caps.dat
2009-04-02 12:46 . 2009-04-02 12:46 390664 ----a-w- c:\users\PC\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-03-31 20:46 . 2008-02-23 18:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-31 20:47 . 2009-01-21 16:31 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-05-03 10:06 . 2009-06-24 11:42 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-06-24 11:42 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-06-24 11:42 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-11-28 12:09 . 2007-11-28 12:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toolbar_eula_launcher"="c:\install\google\eula\EULALauncher.exe" [2007-02-09 16896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-19 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-6-29 385024]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2733799108-3116144996-3733436972-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C1BCE8A-9DC1-46C2-A4DC-18AE21CC13BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36941853-7CA5-4AF6-8FE4-52A8FE39977A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{AB773091-DE6F-4F64-AC82-433436761306}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{01B91AF7-1CDD-4F78-BE5C-DB17EE11D9DC}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{4F29A706-5662-4CDC-A1AD-1A45DA155D9A}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{9321EA90-5782-4AD1-BCC2-5B3BED105092}c:\\users\\pc\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\strongdc.exe"= UDP:c:\users\pc\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\strongdc.exe:strongdc.exe
"UDP Query User{9A8EA744-222C-44EC-BECA-34DAD9C7EC1B}c:\\users\\pc\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\desktop\\strongdc.exe"= TCP:c:\users\pc\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\desktop\strongdc.exe:strongdc.exe
"TCP Query User{965BBD9A-4460-4DFB-9A31-CBE8D6462D87}c:\\users\\pc\\appdata\\local\\temp\\rar$ex01.147\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex01.147\strongdc.exe:strongdc.exe
"UDP Query User{9D0221B0-4478-473E-B304-745759ADCF45}c:\\users\\pc\\appdata\\local\\temp\\rar$ex01.147\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex01.147\strongdc.exe:strongdc.exe
"TCP Query User{894A3D79-9FB8-4102-B9F3-0C2BF25A1EA5}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.883\\czdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.883\czdc.exe:czdc.exe
"UDP Query User{6A61654D-A9CE-46B5-8563-4252B3344183}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.883\\czdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.883\czdc.exe:czdc.exe
"TCP Query User{076B20CC-F23C-4EC2-8C8C-282CCAEB207F}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.253\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.253\strongdc.exe:strongdc.exe
"UDP Query User{8B6A664A-52ED-4D30-AAED-61ABAB28B08A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.253\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.253\strongdc.exe:strongdc.exe
"TCP Query User{10DB1AD1-3510-4B49-A69E-8AE33315DF52}c:\\users\\pc\\appdata\\local\\temp\\rar$ex14.950\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex14.950\strongdc.exe:strongdc.exe
"UDP Query User{86DEEFEE-2F3A-45BE-8972-925AF698203C}c:\\users\\pc\\appdata\\local\\temp\\rar$ex14.950\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex14.950\strongdc.exe:strongdc.exe
"TCP Query User{47669FF2-107C-4CE6-B168-E52ABAEB2E58}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.068\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.068\strongdc.exe:strongdc.exe
"UDP Query User{3860B50A-BBEB-4383-8027-D2A6B999648A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.068\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.068\strongdc.exe:strongdc.exe
"TCP Query User{575081F0-93E0-41F5-8792-67702ADD0F7E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.131\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.131\strongdc.exe:strongdc.exe
"UDP Query User{8BCF1BAE-DA62-422E-8451-1C6C326F788E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.131\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.131\strongdc.exe:strongdc.exe
"TCP Query User{0ADB4458-134B-4755-9368-0823D0BF97EE}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.833\\czdcplusplus.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.833\czdcplusplus.exe:czdcplusplus.exe
"UDP Query User{055E11C8-1111-43E0-9414-55E64A761FD1}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.833\\czdcplusplus.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.833\czdcplusplus.exe:czdcplusplus.exe
"TCP Query User{16486CF1-A671-4466-A8CE-9EF539BBADDC}c:\\users\\pc\\appdata\\local\\temp\\rar$ex15.423\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex15.423\strongdc.exe:strongdc.exe
"UDP Query User{E6A1B4B6-850A-4CA5-9F9F-FD23745DA075}c:\\users\\pc\\appdata\\local\\temp\\rar$ex15.423\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex15.423\strongdc.exe:strongdc.exe
"TCP Query User{8CA818EE-AD72-413E-B19C-52A8ABDE8D02}c:\\users\\pc\\appdata\\local\\temp\\rar$ex45.663\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex45.663\strongdc.exe:strongdc.exe
"UDP Query User{9EC82BAF-C62D-443B-85DB-6A7EF619920B}c:\\users\\pc\\appdata\\local\\temp\\rar$ex45.663\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex45.663\strongdc.exe:strongdc.exe
"TCP Query User{17E4580D-0289-4D45-A5BA-59E2F49E1511}c:\\users\\pc\\appdata\\local\\temp\\rar$ex19.493\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex19.493\strongdc.exe:strongdc.exe
"UDP Query User{C095E457-2693-465B-97D5-6EFE169142DB}c:\\users\\pc\\appdata\\local\\temp\\rar$ex19.493\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex19.493\strongdc.exe:strongdc.exe
"TCP Query User{1E89845F-FCBE-472A-A678-3893B808BAB2}c:\\users\\pc\\appdata\\local\\temp\\rar$ex35.877\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex35.877\strongdc.exe:strongdc.exe
"UDP Query User{F9A536C4-B529-4CBD-91D7-3C13F16C2D4D}c:\\users\\pc\\appdata\\local\\temp\\rar$ex35.877\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex35.877\strongdc.exe:strongdc.exe
"TCP Query User{2E85BF59-9B20-4F0B-A5BD-AA264BFF7D1A}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.302\\strongdc.exe"= UDP:c:\users\pc\appdata\local\temp\rar$ex00.302\strongdc.exe:strongdc.exe
"UDP Query User{F44EC0A2-E6DF-42A3-ABE4-6ED7434A950E}c:\\users\\pc\\appdata\\local\\temp\\rar$ex00.302\\strongdc.exe"= TCP:c:\users\pc\appdata\local\temp\rar$ex00.302\strongdc.exe:strongdc.exe
"TCP Query User{6A1DCF27-1396-49C7-AA88-CCE593730C04}c:\\users\\pc\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\pc\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{8B52BB6E-CFB6-467A-906B-5748509F1126}c:\\users\\pc\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\pc\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{EE6F2CDA-AB42-4F4E-9B74-864C9E8D181A}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{D08CED61-C285-4F77-9928-07A8AB31617C}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{F20549FD-4D6C-4295-8399-076079391C64}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{27ED8492-1F7D-4C53-9125-C7117461D875}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{2105454F-A18A-43CC-A4A0-DAD605E746E3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2F78CD0-80C7-4674-BE11-62F8E3492EA6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4562AF7F-B534-4789-8A61-CF61A02478E2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DBF477F4-4C91-4AD5-98A4-75B7EAFAC97F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{90ED4AD3-A9A8-4A71-8BD7-DE635464FB1D}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{27FB298D-3F01-4B20-8053-A2A90296DDB3}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{14257FB2-8017-439D-8A0D-151D2C809ECC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6F1B5D4C-BE3F-41FE-B400-A530E112C849}"= UDP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{B09045D1-50AE-4D64-B5DE-EFEFC7022200}"= TCP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{26FF3138-2A8C-44E3-AD5E-26E88268F9A3}"= UDP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{E8FE8E21-6B7A-4569-BDA3-FF4A74157BC8}"= TCP:c:\users\PC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [21.6.2009 16:08 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.2.2008 13:37 149352]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\System32\drivers\ddcdrv.sys [25.6.2008 20:35 10240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.2.2009 18:39 101936]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3.4.2007 10:43 1131136]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19.2.2009 12:31 41008]
S2 gupdate1c9b798e1b223f0;Google Update Service (gupdate1c9b798e1b223f0);c:\program files\Google\Update\GoogleUpdate.exe [7.4.2009 17:52 133104]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 10:53 1121536]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14.3.2009 19:08 55280]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 15:52]
2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733799108-3116144996-3733436972-1000.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-08 16:04]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{0504F2DA-522E-4DCE-8D8D-883CB7F6ABB3}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{133895F4-409D-42C3-8FCE-3C8FCEA33C11}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-365dni - c:\users\PC\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\365dniNET.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-Run-fsm - (no file)
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.yahoo.com
IE: Download with &FileFactory Turbo - c:\program files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\j5pp662m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\PC\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:06
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5032)
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2009-06-24 19:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-24 17:10
Před spuštěním: Volných bajtů: 119 085 101 056
Po spuštění: Volných bajtů: 118 998 331 392
344 --- E O F --- 2009-06-24 12:48
dik
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
Ten Norton/Symantec -NIS Ti funguje dobře? Není uveden v záhlaví logu z CF..
c:\users\PC\setup.exe to znáš, k čemu to patří?
c:\users\PC\setup.exe to znáš, k čemu to patří?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola
ano funguje
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
A ten setup.exe patří k čemu??
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: kontrola
podle me je to office live
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: kontrola
OK..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Podívám se zítra..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\users\PC\AppData\Local\d3d9caps.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2733799108-3116144996-3733436972-1000]
"EnableNotificationsRef"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Podívám se zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 36 hostů