V topicu http://www.pc-help.cz/viewtopic.php?f=46&t=61286&p=445911#p445911 mi bylo doporučeno, ať sem hodím log z HJT. Je tam dost svinčík, ale nebudu nic fixovat bez rady odborníků, takže zde je log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:14, on 20.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program File\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files (x86)\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Andrew\AppData\Local\Apps\2.0\LXQ0YGMR.JN2\VEAL87YQ.2VN\zero..tion_d25f047cceef27dd_0002.0007_4b078a6180ea0c89\Zero-K.exe
C:\Program Files (x86)\Spring\Spring.exe
C:\Hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Program File\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8490 bytes
Platforma je win 7 ultimate 64, je tam unknown, protože to je upravená gaming verze (tak 3 měsíce na ni jedu bez problémů, takže by měla být v pohodě). Neznámý proces spring je hra, kterou se mi jednou za uherský rok podaří spustit, takže je minimalizovaná, snad to neovlivnilo scan a Zero-K je client k tomu. Ty toolbary a spol. mě dost štvou, protože sám je neinstaluji a v instalacích programů je zásadně vypínám... takže se zřejmě nainstalovali nějakým zákeřným způsobem, kterého jsem si nevšiml (třeba bez dotazu :/ )
Prosím o kontrolu logu Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Odinstaluj:
SearchSettings
Ask Toolbar
Dealio Toolbar
v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O13 - Gopher Prefix:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
SearchSettings
Ask Toolbar
Dealio Toolbar
v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\Search Settings\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\Search Settings\SearchSettings.exe
O13 - Gopher Prefix:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4639
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
20.12.2010 23:42:15
mbam-log-2010-12-20 (23-42-15).txt
Typ skenu: Rychlý sken
Skenované objekty: 138690
Uplynulý čas: 8 minuta(y), 33 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files (x86)\Jookz Toolbar (Adware.Jookz) -> No action taken.
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
děkuji zatím za pomoc :)
www.malwarebytes.org
Verze databáze: 4639
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
20.12.2010 23:42:15
mbam-log-2010-12-20 (23-42-15).txt
Typ skenu: Rychlý sken
Skenované objekty: 138690
Uplynulý čas: 8 minuta(y), 33 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files (x86)\Jookz Toolbar (Adware.Jookz) -> No action taken.
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
děkuji zatím za pomoc :)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Log:
ComboFix 10-12-21.01 - Andrew 21.12.2010 18:49:30.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2047.1282 [GMT 1:00]
Spuštěný z: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Blender
c:\program files\Blender\.blender\.Blanguages
c:\program files\Blender\.blender\Bpymenus
c:\program files\Blender\.blender\locale\ar\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\bg\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ca\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\cs\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\de\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\el\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\es\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\fi\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\fr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\hr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\hr_HR\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\it\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ja\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ko\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\nl\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\pl\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\pt_BR\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ro\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ru\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sr@Latn\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sv\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\uk\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\zh_CN\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\scripts\3ds_export.py
c:\program files\Blender\.blender\scripts\3ds_import.py
c:\program files\Blender\.blender\scripts\ac3d_export.py
c:\program files\Blender\.blender\scripts\ac3d_import.py
c:\program files\Blender\.blender\scripts\add_mesh_empty.py
c:\program files\Blender\.blender\scripts\add_mesh_torus.py
c:\program files\Blender\.blender\scripts\animation_bake_constraints.py
c:\program files\Blender\.blender\scripts\animation_clean.py
c:\program files\Blender\.blender\scripts\animation_trajectory.py
c:\program files\Blender\.blender\scripts\armature_symmetry.py
c:\program files\Blender\.blender\scripts\Axiscopy.py
c:\program files\Blender\.blender\scripts\bevel_center.py
c:\program files\Blender\.blender\scripts\blenderLipSynchro.py
c:\program files\Blender\.blender\scripts\bpydata\config\readme.txt
c:\program files\Blender\.blender\scripts\bpydata\KUlang.txt
c:\program files\Blender\.blender\scripts\bpydata\readme.txt
c:\program files\Blender\.blender\scripts\bpymodules\blend2renderinfo.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyAddMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyArmature.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyBlender.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyCurve.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyImage.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMathutils.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMesh_redux.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMessages.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyNMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyObject.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyRegistry.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyRender.py
c:\program files\Blender\.blender\scripts\bpymodules\BPySys.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyTextPlugin.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyWindow.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\__init__.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\collada.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\cstartup.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\cutils.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\helperObjects.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\logo.png
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\translator.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\xmlUtils.py
c:\program files\Blender\.blender\scripts\bpymodules\defaultdoodads.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfColorMap.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfLibrary.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfReader.py
c:\program files\Blender\.blender\scripts\bpymodules\mesh_gradient.py
c:\program files\Blender\.blender\scripts\bpymodules\meshtools.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_ai2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_eps2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_gimp2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_svg2obj.py
c:\program files\Blender\.blender\scripts\bvh_import.py
c:\program files\Blender\.blender\scripts\c3d_import.py
c:\program files\Blender\.blender\scripts\camera_changer.py
c:\program files\Blender\.blender\scripts\collada_export.py
c:\program files\Blender\.blender\scripts\collada_import.py
c:\program files\Blender\.blender\scripts\colladaExport14.py
c:\program files\Blender\.blender\scripts\colladaImport14.py
c:\program files\Blender\.blender\scripts\config.py
c:\program files\Blender\.blender\scripts\console.py
c:\program files\Blender\.blender\scripts\DirectX8Exporter.py
c:\program files\Blender\.blender\scripts\DirectX8Importer.py
c:\program files\Blender\.blender\scripts\discombobulator.py
c:\program files\Blender\.blender\scripts\envelope_symmetry.py
c:\program files\Blender\.blender\scripts\export-iv-0.1.py
c:\program files\Blender\.blender\scripts\export_dxf.py
c:\program files\Blender\.blender\scripts\export_fbx.py
c:\program files\Blender\.blender\scripts\export_lightwave_motion.py
c:\program files\Blender\.blender\scripts\export_m3g.py
c:\program files\Blender\.blender\scripts\export_map.py
c:\program files\Blender\.blender\scripts\export_mdd.py
c:\program files\Blender\.blender\scripts\export_obj.py
c:\program files\Blender\.blender\scripts\faceselect_same_weights.py
c:\program files\Blender\.blender\scripts\flt_defaultp.py
c:\program files\Blender\.blender\scripts\flt_dofedit.py
c:\program files\Blender\.blender\scripts\flt_export.py
c:\program files\Blender\.blender\scripts\flt_filewalker.py
c:\program files\Blender\.blender\scripts\flt_import.py
c:\program files\Blender\.blender\scripts\flt_lodedit.py
c:\program files\Blender\.blender\scripts\flt_palettemanager.py
c:\program files\Blender\.blender\scripts\flt_properties.py
c:\program files\Blender\.blender\scripts\flt_toolbar.py
c:\program files\Blender\.blender\scripts\help_bpy_api.py
c:\program files\Blender\.blender\scripts\help_browser.py
c:\program files\Blender\.blender\scripts\help_getting_started.py
c:\program files\Blender\.blender\scripts\help_manual.py
c:\program files\Blender\.blender\scripts\help_release_notes.py
c:\program files\Blender\.blender\scripts\help_tutorials.py
c:\program files\Blender\.blender\scripts\help_web_blender.py
c:\program files\Blender\.blender\scripts\help_web_devcomm.py
c:\program files\Blender\.blender\scripts\help_web_eshop.py
c:\program files\Blender\.blender\scripts\help_web_usercomm.py
c:\program files\Blender\.blender\scripts\hotkeys.py
c:\program files\Blender\.blender\scripts\IDPropBrowser.py
c:\program files\Blender\.blender\scripts\image_2d_cutout.py
c:\program files\Blender\.blender\scripts\image_auto_layout.py
c:\program files\Blender\.blender\scripts\image_billboard.py
c:\program files\Blender\.blender\scripts\image_edit.py
c:\program files\Blender\.blender\scripts\import_dxf.py
c:\program files\Blender\.blender\scripts\import_edl.py
c:\program files\Blender\.blender\scripts\import_lightwave_motion.py
c:\program files\Blender\.blender\scripts\import_mdd.py
c:\program files\Blender\.blender\scripts\import_obj.py
c:\program files\Blender\.blender\scripts\import_web3d.py
c:\program files\Blender\.blender\scripts\lightwave_export.py
c:\program files\Blender\.blender\scripts\lightwave_import.py
c:\program files\Blender\.blender\scripts\md2_export.py
c:\program files\Blender\.blender\scripts\md2_import.py
c:\program files\Blender\.blender\scripts\mesh_boneweight_copy.py
c:\program files\Blender\.blender\scripts\mesh_cleanup.py
c:\program files\Blender\.blender\scripts\mesh_edges2curves.py
c:\program files\Blender\.blender\scripts\mesh_mirror_tool.py
c:\program files\Blender\.blender\scripts\mesh_poly_reduce.py
c:\program files\Blender\.blender\scripts\mesh_poly_reduce_grid.py
c:\program files\Blender\.blender\scripts\mesh_skin.py
c:\program files\Blender\.blender\scripts\mesh_solidify.py
c:\program files\Blender\.blender\scripts\mesh_unfolder.py
c:\program files\Blender\.blender\scripts\mesh_wire.py
c:\program files\Blender\.blender\scripts\ms3d_import.py
c:\program files\Blender\.blender\scripts\ms3d_import_ascii.py
c:\program files\Blender\.blender\scripts\obdatacopier.py
c:\program files\Blender\.blender\scripts\object_active_to_other.py
c:\program files\Blender\.blender\scripts\object_apply_def.py
c:\program files\Blender\.blender\scripts\object_batch_name_edit.py
c:\program files\Blender\.blender\scripts\object_cookie_cutter.py
c:\program files\Blender\.blender\scripts\object_drop.py
c:\program files\Blender\.blender\scripts\object_find.py
c:\program files\Blender\.blender\scripts\object_random_loc_sz_rot.py
c:\program files\Blender\.blender\scripts\object_sel2dupgroup.py
c:\program files\Blender\.blender\scripts\object_timeofs_follow_act.py
c:\program files\Blender\.blender\scripts\off_export.py
c:\program files\Blender\.blender\scripts\off_import.py
c:\program files\Blender\.blender\scripts\paths_import.py
c:\program files\Blender\.blender\scripts\ply_export.py
c:\program files\Blender\.blender\scripts\ply_import.py
c:\program files\Blender\.blender\scripts\raw_export.py
c:\program files\Blender\.blender\scripts\raw_import.py
c:\program files\Blender\.blender\scripts\renameobjectbyblock.py
c:\program files\Blender\.blender\scripts\render_save_layers.py
c:\program files\Blender\.blender\scripts\rvk1_torvk2.py
c:\program files\Blender\.blender\scripts\save_theme.py
c:\program files\Blender\.blender\scripts\scripttemplate_background_job.py
c:\program files\Blender\.blender\scripts\scripttemplate_camera_object.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic_basic.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic_module.py
c:\program files\Blender\.blender\scripts\scripttemplate_ipo_gen.py
c:\program files\Blender\.blender\scripts\scripttemplate_mesh_edit.py
c:\program files\Blender\.blender\scripts\scripttemplate_metaball_create.py
c:\program files\Blender\.blender\scripts\scripttemplate_object_edit.py
c:\program files\Blender\.blender\scripts\scripttemplate_pyconstraint.py
c:\program files\Blender\.blender\scripts\scripttemplate_text_plugin.py
c:\program files\Blender\.blender\scripts\slp_import.py
c:\program files\Blender\.blender\scripts\sysinfo.py
c:\program files\Blender\.blender\scripts\textplugin_convert_ge.py
c:\program files\Blender\.blender\scripts\textplugin_functiondocs.py
c:\program files\Blender\.blender\scripts\textplugin_imports.py
c:\program files\Blender\.blender\scripts\textplugin_membersuggest.py
c:\program files\Blender\.blender\scripts\textplugin_outliner.py
c:\program files\Blender\.blender\scripts\textplugin_suggest.py
c:\program files\Blender\.blender\scripts\textplugin_templates.py
c:\program files\Blender\.blender\scripts\unweld.py
c:\program files\Blender\.blender\scripts\uv_export.py
c:\program files\Blender\.blender\scripts\uv_seams_from_islands.py
c:\program files\Blender\.blender\scripts\uvcalc_follow_active_coords.py
c:\program files\Blender\.blender\scripts\uvcalc_lightmap.py
c:\program files\Blender\.blender\scripts\uvcalc_quad_clickproj.py
c:\program files\Blender\.blender\scripts\uvcalc_smart_project.py
c:\program files\Blender\.blender\scripts\uvcopy.py
c:\program files\Blender\.blender\scripts\vertexpaint_from_material.py
c:\program files\Blender\.blender\scripts\vertexpaint_gradient.py
c:\program files\Blender\.blender\scripts\vertexpaint_selfshadow_ao.py
c:\program files\Blender\.blender\scripts\vrml97_export.py
c:\program files\Blender\.blender\scripts\weightpaint_average.py
c:\program files\Blender\.blender\scripts\weightpaint_clean.py
c:\program files\Blender\.blender\scripts\weightpaint_copy.py
c:\program files\Blender\.blender\scripts\weightpaint_envelope_assign.py
c:\program files\Blender\.blender\scripts\weightpaint_gradient.py
c:\program files\Blender\.blender\scripts\weightpaint_grow_shrink.py
c:\program files\Blender\.blender\scripts\weightpaint_invert.py
c:\program files\Blender\.blender\scripts\weightpaint_normalize.py
c:\program files\Blender\.blender\scripts\widgetwizard.py
c:\program files\Blender\.blender\scripts\wizard_bolt_factory.py
c:\program files\Blender\.blender\scripts\wizard_curve2tree.py
c:\program files\Blender\.blender\scripts\wizard_landscape_ant.py
c:\program files\Blender\.blender\scripts\x3d_export.py
c:\program files\Blender\.blender\scripts\xsi_export.py
c:\program files\Blender\blender.html
c:\program files\Blender\BlenderQuickStart.pdf
c:\program files\Blender\copyright.txt
c:\program files\Blender\GPL-license.txt
c:\program files\Blender\makesdna.idb
c:\program files\Blender\plugins\bmake
c:\program files\Blender\plugins\Makefile
c:\program files\Blender\plugins\sequence\blur.c
c:\program files\Blender\plugins\sequence\color-correction-hsv.c
c:\program files\Blender\plugins\sequence\color-correction-yuv.c
c:\program files\Blender\plugins\sequence\dnr.c
c:\program files\Blender\plugins\sequence\gamma.c
c:\program files\Blender\plugins\sequence\Makefile
c:\program files\Blender\plugins\sequence\scatter.c
c:\program files\Blender\plugins\texture\clouds2.c
c:\program files\Blender\plugins\texture\Makefile
c:\program files\Blender\plugins\texture\tiles.c
c:\program files\Blender\Python-license.txt
c:\program files\Blender\release_249.txt
c:\users\Andrew\Documents\cc_20101220_215108.reg
c:\windows\wpe pro.INI
c:\windows\XSxS
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-21 do 2010-12-21 )))))))))))))))))))))))))))))))
.
2010-12-21 17:59 . 2010-12-21 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 20:55 . 2010-12-20 22:29 -------- d-----w- C:\Hijackthis
2010-12-20 20:40 . 2010-12-20 20:40 -------- d-----w- c:\program files\CCleaner
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\users\Andrew\AppData\Roaming\IrfanView
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\program files (x86)\IrfanView
2010-12-19 17:00 . 2010-12-19 17:00 -------- d-----w- c:\program files (x86)\NirSoft
2010-12-19 15:36 . 2010-12-19 15:36 -------- d-----w- c:\users\Andrew\AppData\Roaming\Miranda
2010-12-19 15:36 . 2010-12-19 16:37 -------- d-----w- c:\program files (x86)\miranda im
2010-12-19 13:54 . 2010-12-19 13:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-19 13:51 . 2010-12-19 13:56 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2010-12-19 13:48 . 2010-12-19 13:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\windows\symbols
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\windows\PCHEALTH
2010-12-19 09:53 . 2010-12-19 09:54 -------- d-----w- c:\program files (x86)\kvirc
2010-12-17 18:47 . 2010-12-17 18:47 67072 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2010-12-17 18:47 . 2010-12-17 18:47 54784 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-12-17 18:44 . 2010-12-17 18:44 1584640 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-12-17 18:40 . 2010-12-17 18:40 -------- d-----w- c:\program files (x86)\Google
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files (x86)\Pointstone
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\programdata\Uniblue
2010-12-17 18:23 . 2010-12-17 18:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\Uniblue
2010-12-17 18:23 . 2010-12-17 18:38 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-15 14:02 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 12:15 . 2010-12-11 12:29 -------- d-----w- c:\users\Andrew\AppData\Local\XBlades
2010-12-11 12:15 . 2010-12-11 12:22 -------- d-----w- c:\programdata\XBlades
2010-12-11 12:15 . 2010-12-11 12:16 -------- d-----w- c:\program files (x86)\XBlades
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\users\Andrew\AppData\Local\SGTsubasa
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\program files (x86)\Xenocode
2010-12-05 12:30 . 2010-12-05 12:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\My Battle for Middle-earth Files
2010-12-05 12:24 . 2010-12-05 12:24 -------- d-----w- c:\program files (x86)\EA GAMES
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Andrew\AppData\Roaming\NVIDIA
2010-11-24 17:31 . 2010-11-24 17:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-11-24 17:29 . 2010-11-24 17:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-11-24 17:20 . 2010-11-24 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 08:33 . 2010-09-25 09:52 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-17 17:36 . 2010-09-25 10:42 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-17 17:36 . 2010-09-25 09:52 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-28 17:23 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2010-11-28 17:22 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:13 . 2010-10-16 12:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 12:13 . 2010-10-16 12:13 302184 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:13 . 2010-10-16 12:13 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-25 09:52 . 2010-09-25 09:52 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-09-23 08:26 . 2010-09-23 08:26 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program file\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
Run Google Web Accelerator.lnk - c:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-1-29 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-13 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 36864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-15 15:19]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-17 12:18]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 120320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\0xsfuyvx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HijackThis - c:\users\Andrew\Downloads\HijackThis.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-21 19:03:54
ComboFix-quarantined-files.txt 2010-12-21 18:03
Před spuštěním: 9 137 528 832
Po spuštění: 8 545 898 496
- - End Of File - - C0DF8DF8DA50314B393D921A84D1E124
OK, takže mi to smazalo Blender a zálohu registrů z Ccleaneru? xD
ComboFix 10-12-21.01 - Andrew 21.12.2010 18:49:30.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2047.1282 [GMT 1:00]
Spuštěný z: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Blender
c:\program files\Blender\.blender\.Blanguages
c:\program files\Blender\.blender\Bpymenus
c:\program files\Blender\.blender\locale\ar\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\bg\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ca\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\cs\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\de\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\el\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\es\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\fi\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\fr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\hr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\hr_HR\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\it\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ja\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ko\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\nl\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\pl\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\pt_BR\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ro\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\ru\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sr@Latn\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sr\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\sv\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\uk\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\locale\zh_CN\LC_MESSAGES\blender.mo
c:\program files\Blender\.blender\scripts\3ds_export.py
c:\program files\Blender\.blender\scripts\3ds_import.py
c:\program files\Blender\.blender\scripts\ac3d_export.py
c:\program files\Blender\.blender\scripts\ac3d_import.py
c:\program files\Blender\.blender\scripts\add_mesh_empty.py
c:\program files\Blender\.blender\scripts\add_mesh_torus.py
c:\program files\Blender\.blender\scripts\animation_bake_constraints.py
c:\program files\Blender\.blender\scripts\animation_clean.py
c:\program files\Blender\.blender\scripts\animation_trajectory.py
c:\program files\Blender\.blender\scripts\armature_symmetry.py
c:\program files\Blender\.blender\scripts\Axiscopy.py
c:\program files\Blender\.blender\scripts\bevel_center.py
c:\program files\Blender\.blender\scripts\blenderLipSynchro.py
c:\program files\Blender\.blender\scripts\bpydata\config\readme.txt
c:\program files\Blender\.blender\scripts\bpydata\KUlang.txt
c:\program files\Blender\.blender\scripts\bpydata\readme.txt
c:\program files\Blender\.blender\scripts\bpymodules\blend2renderinfo.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyAddMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyArmature.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyBlender.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyCurve.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyImage.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMathutils.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMesh_redux.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyMessages.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyNMesh.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyObject.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyRegistry.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyRender.py
c:\program files\Blender\.blender\scripts\bpymodules\BPySys.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyTextPlugin.py
c:\program files\Blender\.blender\scripts\bpymodules\BPyWindow.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\__init__.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\collada.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\cstartup.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\cutils.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\helperObjects.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\logo.png
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\translator.py
c:\program files\Blender\.blender\scripts\bpymodules\colladaImEx\xmlUtils.py
c:\program files\Blender\.blender\scripts\bpymodules\defaultdoodads.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfColorMap.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfLibrary.py
c:\program files\Blender\.blender\scripts\bpymodules\dxfReader.py
c:\program files\Blender\.blender\scripts\bpymodules\mesh_gradient.py
c:\program files\Blender\.blender\scripts\bpymodules\meshtools.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_ai2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_eps2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_gimp2obj.py
c:\program files\Blender\.blender\scripts\bpymodules\paths_svg2obj.py
c:\program files\Blender\.blender\scripts\bvh_import.py
c:\program files\Blender\.blender\scripts\c3d_import.py
c:\program files\Blender\.blender\scripts\camera_changer.py
c:\program files\Blender\.blender\scripts\collada_export.py
c:\program files\Blender\.blender\scripts\collada_import.py
c:\program files\Blender\.blender\scripts\colladaExport14.py
c:\program files\Blender\.blender\scripts\colladaImport14.py
c:\program files\Blender\.blender\scripts\config.py
c:\program files\Blender\.blender\scripts\console.py
c:\program files\Blender\.blender\scripts\DirectX8Exporter.py
c:\program files\Blender\.blender\scripts\DirectX8Importer.py
c:\program files\Blender\.blender\scripts\discombobulator.py
c:\program files\Blender\.blender\scripts\envelope_symmetry.py
c:\program files\Blender\.blender\scripts\export-iv-0.1.py
c:\program files\Blender\.blender\scripts\export_dxf.py
c:\program files\Blender\.blender\scripts\export_fbx.py
c:\program files\Blender\.blender\scripts\export_lightwave_motion.py
c:\program files\Blender\.blender\scripts\export_m3g.py
c:\program files\Blender\.blender\scripts\export_map.py
c:\program files\Blender\.blender\scripts\export_mdd.py
c:\program files\Blender\.blender\scripts\export_obj.py
c:\program files\Blender\.blender\scripts\faceselect_same_weights.py
c:\program files\Blender\.blender\scripts\flt_defaultp.py
c:\program files\Blender\.blender\scripts\flt_dofedit.py
c:\program files\Blender\.blender\scripts\flt_export.py
c:\program files\Blender\.blender\scripts\flt_filewalker.py
c:\program files\Blender\.blender\scripts\flt_import.py
c:\program files\Blender\.blender\scripts\flt_lodedit.py
c:\program files\Blender\.blender\scripts\flt_palettemanager.py
c:\program files\Blender\.blender\scripts\flt_properties.py
c:\program files\Blender\.blender\scripts\flt_toolbar.py
c:\program files\Blender\.blender\scripts\help_bpy_api.py
c:\program files\Blender\.blender\scripts\help_browser.py
c:\program files\Blender\.blender\scripts\help_getting_started.py
c:\program files\Blender\.blender\scripts\help_manual.py
c:\program files\Blender\.blender\scripts\help_release_notes.py
c:\program files\Blender\.blender\scripts\help_tutorials.py
c:\program files\Blender\.blender\scripts\help_web_blender.py
c:\program files\Blender\.blender\scripts\help_web_devcomm.py
c:\program files\Blender\.blender\scripts\help_web_eshop.py
c:\program files\Blender\.blender\scripts\help_web_usercomm.py
c:\program files\Blender\.blender\scripts\hotkeys.py
c:\program files\Blender\.blender\scripts\IDPropBrowser.py
c:\program files\Blender\.blender\scripts\image_2d_cutout.py
c:\program files\Blender\.blender\scripts\image_auto_layout.py
c:\program files\Blender\.blender\scripts\image_billboard.py
c:\program files\Blender\.blender\scripts\image_edit.py
c:\program files\Blender\.blender\scripts\import_dxf.py
c:\program files\Blender\.blender\scripts\import_edl.py
c:\program files\Blender\.blender\scripts\import_lightwave_motion.py
c:\program files\Blender\.blender\scripts\import_mdd.py
c:\program files\Blender\.blender\scripts\import_obj.py
c:\program files\Blender\.blender\scripts\import_web3d.py
c:\program files\Blender\.blender\scripts\lightwave_export.py
c:\program files\Blender\.blender\scripts\lightwave_import.py
c:\program files\Blender\.blender\scripts\md2_export.py
c:\program files\Blender\.blender\scripts\md2_import.py
c:\program files\Blender\.blender\scripts\mesh_boneweight_copy.py
c:\program files\Blender\.blender\scripts\mesh_cleanup.py
c:\program files\Blender\.blender\scripts\mesh_edges2curves.py
c:\program files\Blender\.blender\scripts\mesh_mirror_tool.py
c:\program files\Blender\.blender\scripts\mesh_poly_reduce.py
c:\program files\Blender\.blender\scripts\mesh_poly_reduce_grid.py
c:\program files\Blender\.blender\scripts\mesh_skin.py
c:\program files\Blender\.blender\scripts\mesh_solidify.py
c:\program files\Blender\.blender\scripts\mesh_unfolder.py
c:\program files\Blender\.blender\scripts\mesh_wire.py
c:\program files\Blender\.blender\scripts\ms3d_import.py
c:\program files\Blender\.blender\scripts\ms3d_import_ascii.py
c:\program files\Blender\.blender\scripts\obdatacopier.py
c:\program files\Blender\.blender\scripts\object_active_to_other.py
c:\program files\Blender\.blender\scripts\object_apply_def.py
c:\program files\Blender\.blender\scripts\object_batch_name_edit.py
c:\program files\Blender\.blender\scripts\object_cookie_cutter.py
c:\program files\Blender\.blender\scripts\object_drop.py
c:\program files\Blender\.blender\scripts\object_find.py
c:\program files\Blender\.blender\scripts\object_random_loc_sz_rot.py
c:\program files\Blender\.blender\scripts\object_sel2dupgroup.py
c:\program files\Blender\.blender\scripts\object_timeofs_follow_act.py
c:\program files\Blender\.blender\scripts\off_export.py
c:\program files\Blender\.blender\scripts\off_import.py
c:\program files\Blender\.blender\scripts\paths_import.py
c:\program files\Blender\.blender\scripts\ply_export.py
c:\program files\Blender\.blender\scripts\ply_import.py
c:\program files\Blender\.blender\scripts\raw_export.py
c:\program files\Blender\.blender\scripts\raw_import.py
c:\program files\Blender\.blender\scripts\renameobjectbyblock.py
c:\program files\Blender\.blender\scripts\render_save_layers.py
c:\program files\Blender\.blender\scripts\rvk1_torvk2.py
c:\program files\Blender\.blender\scripts\save_theme.py
c:\program files\Blender\.blender\scripts\scripttemplate_background_job.py
c:\program files\Blender\.blender\scripts\scripttemplate_camera_object.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic_basic.py
c:\program files\Blender\.blender\scripts\scripttemplate_gamelogic_module.py
c:\program files\Blender\.blender\scripts\scripttemplate_ipo_gen.py
c:\program files\Blender\.blender\scripts\scripttemplate_mesh_edit.py
c:\program files\Blender\.blender\scripts\scripttemplate_metaball_create.py
c:\program files\Blender\.blender\scripts\scripttemplate_object_edit.py
c:\program files\Blender\.blender\scripts\scripttemplate_pyconstraint.py
c:\program files\Blender\.blender\scripts\scripttemplate_text_plugin.py
c:\program files\Blender\.blender\scripts\slp_import.py
c:\program files\Blender\.blender\scripts\sysinfo.py
c:\program files\Blender\.blender\scripts\textplugin_convert_ge.py
c:\program files\Blender\.blender\scripts\textplugin_functiondocs.py
c:\program files\Blender\.blender\scripts\textplugin_imports.py
c:\program files\Blender\.blender\scripts\textplugin_membersuggest.py
c:\program files\Blender\.blender\scripts\textplugin_outliner.py
c:\program files\Blender\.blender\scripts\textplugin_suggest.py
c:\program files\Blender\.blender\scripts\textplugin_templates.py
c:\program files\Blender\.blender\scripts\unweld.py
c:\program files\Blender\.blender\scripts\uv_export.py
c:\program files\Blender\.blender\scripts\uv_seams_from_islands.py
c:\program files\Blender\.blender\scripts\uvcalc_follow_active_coords.py
c:\program files\Blender\.blender\scripts\uvcalc_lightmap.py
c:\program files\Blender\.blender\scripts\uvcalc_quad_clickproj.py
c:\program files\Blender\.blender\scripts\uvcalc_smart_project.py
c:\program files\Blender\.blender\scripts\uvcopy.py
c:\program files\Blender\.blender\scripts\vertexpaint_from_material.py
c:\program files\Blender\.blender\scripts\vertexpaint_gradient.py
c:\program files\Blender\.blender\scripts\vertexpaint_selfshadow_ao.py
c:\program files\Blender\.blender\scripts\vrml97_export.py
c:\program files\Blender\.blender\scripts\weightpaint_average.py
c:\program files\Blender\.blender\scripts\weightpaint_clean.py
c:\program files\Blender\.blender\scripts\weightpaint_copy.py
c:\program files\Blender\.blender\scripts\weightpaint_envelope_assign.py
c:\program files\Blender\.blender\scripts\weightpaint_gradient.py
c:\program files\Blender\.blender\scripts\weightpaint_grow_shrink.py
c:\program files\Blender\.blender\scripts\weightpaint_invert.py
c:\program files\Blender\.blender\scripts\weightpaint_normalize.py
c:\program files\Blender\.blender\scripts\widgetwizard.py
c:\program files\Blender\.blender\scripts\wizard_bolt_factory.py
c:\program files\Blender\.blender\scripts\wizard_curve2tree.py
c:\program files\Blender\.blender\scripts\wizard_landscape_ant.py
c:\program files\Blender\.blender\scripts\x3d_export.py
c:\program files\Blender\.blender\scripts\xsi_export.py
c:\program files\Blender\blender.html
c:\program files\Blender\BlenderQuickStart.pdf
c:\program files\Blender\copyright.txt
c:\program files\Blender\GPL-license.txt
c:\program files\Blender\makesdna.idb
c:\program files\Blender\plugins\bmake
c:\program files\Blender\plugins\Makefile
c:\program files\Blender\plugins\sequence\blur.c
c:\program files\Blender\plugins\sequence\color-correction-hsv.c
c:\program files\Blender\plugins\sequence\color-correction-yuv.c
c:\program files\Blender\plugins\sequence\dnr.c
c:\program files\Blender\plugins\sequence\gamma.c
c:\program files\Blender\plugins\sequence\Makefile
c:\program files\Blender\plugins\sequence\scatter.c
c:\program files\Blender\plugins\texture\clouds2.c
c:\program files\Blender\plugins\texture\Makefile
c:\program files\Blender\plugins\texture\tiles.c
c:\program files\Blender\Python-license.txt
c:\program files\Blender\release_249.txt
c:\users\Andrew\Documents\cc_20101220_215108.reg
c:\windows\wpe pro.INI
c:\windows\XSxS
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-21 do 2010-12-21 )))))))))))))))))))))))))))))))
.
2010-12-21 17:59 . 2010-12-21 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 20:55 . 2010-12-20 22:29 -------- d-----w- C:\Hijackthis
2010-12-20 20:40 . 2010-12-20 20:40 -------- d-----w- c:\program files\CCleaner
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\users\Andrew\AppData\Roaming\IrfanView
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\program files (x86)\IrfanView
2010-12-19 17:00 . 2010-12-19 17:00 -------- d-----w- c:\program files (x86)\NirSoft
2010-12-19 15:36 . 2010-12-19 15:36 -------- d-----w- c:\users\Andrew\AppData\Roaming\Miranda
2010-12-19 15:36 . 2010-12-19 16:37 -------- d-----w- c:\program files (x86)\miranda im
2010-12-19 13:54 . 2010-12-19 13:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-19 13:51 . 2010-12-19 13:56 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2010-12-19 13:48 . 2010-12-19 13:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\windows\symbols
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\windows\PCHEALTH
2010-12-19 09:53 . 2010-12-19 09:54 -------- d-----w- c:\program files (x86)\kvirc
2010-12-17 18:47 . 2010-12-17 18:47 67072 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2010-12-17 18:47 . 2010-12-17 18:47 54784 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-12-17 18:44 . 2010-12-17 18:44 1584640 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-12-17 18:40 . 2010-12-17 18:40 -------- d-----w- c:\program files (x86)\Google
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files (x86)\Pointstone
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\programdata\Uniblue
2010-12-17 18:23 . 2010-12-17 18:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\Uniblue
2010-12-17 18:23 . 2010-12-17 18:38 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-15 14:02 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 12:15 . 2010-12-11 12:29 -------- d-----w- c:\users\Andrew\AppData\Local\XBlades
2010-12-11 12:15 . 2010-12-11 12:22 -------- d-----w- c:\programdata\XBlades
2010-12-11 12:15 . 2010-12-11 12:16 -------- d-----w- c:\program files (x86)\XBlades
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\users\Andrew\AppData\Local\SGTsubasa
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\program files (x86)\Xenocode
2010-12-05 12:30 . 2010-12-05 12:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\My Battle for Middle-earth Files
2010-12-05 12:24 . 2010-12-05 12:24 -------- d-----w- c:\program files (x86)\EA GAMES
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Andrew\AppData\Roaming\NVIDIA
2010-11-24 17:31 . 2010-11-24 17:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-11-24 17:29 . 2010-11-24 17:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-11-24 17:20 . 2010-11-24 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 08:33 . 2010-09-25 09:52 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-17 17:36 . 2010-09-25 10:42 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-17 17:36 . 2010-09-25 09:52 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-28 17:23 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2010-11-28 17:22 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:13 . 2010-10-16 12:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 12:13 . 2010-10-16 12:13 302184 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:13 . 2010-10-16 12:13 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-25 09:52 . 2010-09-25 09:52 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-09-23 08:26 . 2010-09-23 08:26 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program file\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
Run Google Web Accelerator.lnk - c:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-1-29 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-13 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 36864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-15 15:19]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-17 12:18]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 120320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\0xsfuyvx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HijackThis - c:\users\Andrew\Downloads\HijackThis.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-21 19:03:54
ComboFix-quarantined-files.txt 2010-12-21 18:03
Před spuštěním: 9 137 528 832
Po spuštění: 8 545 898 496
- - End Of File - - C0DF8DF8DA50314B393D921A84D1E124
OK, takže mi to smazalo Blender a zálohu registrů z Ccleaneru? xD
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Nedávej prosím log do spoileru, špatně se to luští a zalomuje řádky. Na ty výmazy mrknu, to se mi nezdá 
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
ok, omlouvám se, jsem zvyklý je používat. A co http://pastebin.ca/ ? Možná by to pak bylo přehlednější, ale je to na Vás :) Jinak ten Blender jsem moc nevyužil, takže pokud je problém jenom v tom, že to zmizlo tak to můžete nechat plavat 
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableLUA"=-
"EnableUIADesktopToggle"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
"NoSMBalloonTip"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
"NoSMBalloonTip"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Nejsem si jist jestli se to udělalo správně :/ script jsem uložil správně, přetáhl ho na Combofix - pustil - spustilo se to - dal jsem ano a postupovalo to stejně jako předtím. Doplněk: při dělání zálohy registru mi to hodilo 3 errory, kdy mi to nějaké registry nedokázalo zalohovat - dal jsem ano a pokračovalo to.
Tady je log:
ComboFix 10-12-21.01 - Andrew 21.12.2010 20:37:06.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2047.973 [GMT 1:00]
Spuštěný z: c:\users\Andrew\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Andrew\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-21 do 2010-12-21 )))))))))))))))))))))))))))))))
.
2010-12-21 20:01 . 2010-12-21 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 18:03 . 2010-12-21 18:03 -------- d-----w- c:\users\uživatel\AppData
2010-12-20 20:55 . 2010-12-20 22:29 -------- d-----w- C:\Hijackthis
2010-12-20 20:40 . 2010-12-20 20:40 -------- d-----w- c:\program files\CCleaner
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\users\Andrew\AppData\Roaming\IrfanView
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\program files (x86)\IrfanView
2010-12-19 17:00 . 2010-12-19 17:00 -------- d-----w- c:\program files (x86)\NirSoft
2010-12-19 15:36 . 2010-12-19 15:36 -------- d-----w- c:\users\Andrew\AppData\Roaming\Miranda
2010-12-19 15:36 . 2010-12-19 16:37 -------- d-----w- c:\program files (x86)\miranda im
2010-12-19 13:54 . 2010-12-19 13:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-19 13:51 . 2010-12-19 13:56 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2010-12-19 13:48 . 2010-12-19 13:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\windows\symbols
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\windows\PCHEALTH
2010-12-19 09:53 . 2010-12-19 09:54 -------- d-----w- c:\program files (x86)\kvirc
2010-12-17 18:47 . 2010-12-17 18:47 67072 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2010-12-17 18:47 . 2010-12-17 18:47 54784 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-12-17 18:44 . 2010-12-17 18:44 1584640 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-12-17 18:40 . 2010-12-17 18:40 -------- d-----w- c:\program files (x86)\Google
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files (x86)\Pointstone
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\programdata\Uniblue
2010-12-17 18:23 . 2010-12-17 18:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\Uniblue
2010-12-17 18:23 . 2010-12-17 18:38 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-15 14:02 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 12:15 . 2010-12-11 12:29 -------- d-----w- c:\users\Andrew\AppData\Local\XBlades
2010-12-11 12:15 . 2010-12-11 12:22 -------- d-----w- c:\programdata\XBlades
2010-12-11 12:15 . 2010-12-11 12:16 -------- d-----w- c:\program files (x86)\XBlades
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\users\Andrew\AppData\Local\SGTsubasa
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\program files (x86)\Xenocode
2010-12-05 12:30 . 2010-12-05 12:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\My Battle for Middle-earth Files
2010-12-05 12:24 . 2010-12-05 12:24 -------- d-----w- c:\program files (x86)\EA GAMES
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Andrew\AppData\Roaming\NVIDIA
2010-11-24 17:31 . 2010-11-24 17:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-11-24 17:29 . 2010-11-24 17:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-11-24 17:20 . 2010-11-24 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 08:33 . 2010-09-25 09:52 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-17 17:36 . 2010-09-25 10:42 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-17 17:36 . 2010-09-25 09:52 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-28 17:23 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2010-11-28 17:22 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:13 . 2010-10-16 12:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 12:13 . 2010-10-16 12:13 302184 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:13 . 2010-10-16 12:13 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-25 09:52 . 2010-09-25 09:52 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-09-23 08:26 . 2010-09-23 08:26 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-21_17.59.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2010-12-21 18:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 18:19 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 18:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 06:15 . 2010-12-21 18:21 35198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-21 18:21 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-21 16:29 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-14 00:02 . 2010-12-21 16:29 10156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1157367422-3140629587-2616333845-1000_UserData.bin
+ 2010-09-14 00:02 . 2010-12-21 18:21 10156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1157367422-3140629587-2616333845-1000_UserData.bin
+ 2010-09-13 23:16 . 2010-12-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 23:16 . 2010-12-15 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-11 12:09 . 2010-12-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-11 12:09 . 2010-12-15 15:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-15 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2010-12-21 19:21 8848 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-21 16:27 . 2010-12-21 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-21 18:18 . 2010-12-21 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-21 18:18 . 2010-12-21 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-21 16:27 . 2010-12-21 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2010-12-21 16:26 326492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2010-12-21 18:11 326492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2010-12-21 16:38 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2010-12-21 19:51 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-11-20 20:33 . 2010-12-21 18:11 2570612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1157367422-3140629587-2616333845-1000-12288.dat
- 2010-11-20 20:33 . 2010-12-21 16:26 2570612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1157367422-3140629587-2616333845-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program file\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
Run Google Web Accelerator.lnk - c:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-1-29 622592]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-13 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 36864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-15 15:19]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-17 12:18]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 120320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\0xsfuyvx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
.
Celkový čas: 2010-12-21 21:05:59
ComboFix-quarantined-files.txt 2010-12-21 20:05
ComboFix2.txt 2010-12-21 18:03
Před spuštěním: Volných bajtů: 15 966 724 096
Po spuštění: Volných bajtů: 15 665 692 672
- - End Of File - - 30A94399CA50D62BF2DA4FE5CDC1EC16
Tady je log:
ComboFix 10-12-21.01 - Andrew 21.12.2010 20:37:06.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2047.973 [GMT 1:00]
Spuštěný z: c:\users\Andrew\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Andrew\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-21 do 2010-12-21 )))))))))))))))))))))))))))))))
.
2010-12-21 20:01 . 2010-12-21 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 18:03 . 2010-12-21 18:03 -------- d-----w- c:\users\uživatel\AppData
2010-12-20 20:55 . 2010-12-20 22:29 -------- d-----w- C:\Hijackthis
2010-12-20 20:40 . 2010-12-20 20:40 -------- d-----w- c:\program files\CCleaner
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\users\Andrew\AppData\Roaming\IrfanView
2010-12-20 08:38 . 2010-12-20 08:38 -------- d-----w- c:\program files (x86)\IrfanView
2010-12-19 17:00 . 2010-12-19 17:00 -------- d-----w- c:\program files (x86)\NirSoft
2010-12-19 15:36 . 2010-12-19 15:36 -------- d-----w- c:\users\Andrew\AppData\Roaming\Miranda
2010-12-19 15:36 . 2010-12-19 16:37 -------- d-----w- c:\program files (x86)\miranda im
2010-12-19 13:54 . 2010-12-19 13:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-19 13:52 . 2010-12-19 13:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-19 13:51 . 2010-12-19 13:56 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2010-12-19 13:48 . 2010-12-19 13:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\windows\symbols
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-12-19 13:45 . 2010-12-19 13:45 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\windows\PCHEALTH
2010-12-19 09:53 . 2010-12-19 09:54 -------- d-----w- c:\program files (x86)\kvirc
2010-12-17 18:47 . 2010-12-17 18:47 67072 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2010-12-17 18:47 . 2010-12-17 18:47 54784 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2010-12-17 18:46 . 2010-12-17 18:46 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-12-17 18:44 . 2010-12-17 18:44 1584640 ----a-w- c:\windows\system32\drivers\athrx.sys
2010-12-17 18:40 . 2010-12-17 18:40 -------- d-----w- c:\program files (x86)\Google
2010-12-17 18:39 . 2010-12-17 18:39 -------- d-----w- c:\program files (x86)\Pointstone
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\programdata\Uniblue
2010-12-17 18:23 . 2010-12-17 18:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\Uniblue
2010-12-17 18:23 . 2010-12-17 18:38 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-15 14:02 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 12:15 . 2010-12-11 12:29 -------- d-----w- c:\users\Andrew\AppData\Local\XBlades
2010-12-11 12:15 . 2010-12-11 12:22 -------- d-----w- c:\programdata\XBlades
2010-12-11 12:15 . 2010-12-11 12:16 -------- d-----w- c:\program files (x86)\XBlades
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\users\Andrew\AppData\Local\SGTsubasa
2010-12-07 17:30 . 2010-12-07 17:30 -------- d-----w- c:\program files (x86)\Xenocode
2010-12-05 12:30 . 2010-12-05 12:37 -------- d-----w- c:\users\Andrew\AppData\Roaming\My Battle for Middle-earth Files
2010-12-05 12:24 . 2010-12-05 12:24 -------- d-----w- c:\program files (x86)\EA GAMES
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Andrew\AppData\Roaming\NVIDIA
2010-11-24 17:31 . 2010-11-24 17:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-11-24 17:29 . 2010-11-24 17:29 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-11-24 17:20 . 2010-11-24 17:30 -------- d-----w- c:\program files\NVIDIA Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 08:33 . 2010-09-25 09:52 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-17 17:36 . 2010-09-25 10:42 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-12-17 17:36 . 2010-09-25 09:52 233960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-11-28 17:23 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2010-11-28 17:22 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2010-10-16 12:13 . 2010-10-16 12:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:13 . 2010-10-16 12:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 12:13 . 2010-10-16 12:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:13 . 2010-10-16 12:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:13 . 2010-10-16 12:13 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 12:13 . 2010-10-16 12:13 302184 ----a-w- c:\windows\system32\nvhotkey.dll
2010-10-16 12:13 . 2010-10-16 12:13 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-25 09:52 . 2010-09-25 09:52 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2010-09-23 08:26 . 2010-09-23 08:26 423656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-21_17.59.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2010-12-21 18:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 18:19 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-21 16:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 18:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 06:15 . 2010-12-21 18:21 35198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-21 18:21 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-21 16:29 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-14 00:02 . 2010-12-21 16:29 10156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1157367422-3140629587-2616333845-1000_UserData.bin
+ 2010-09-14 00:02 . 2010-12-21 18:21 10156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1157367422-3140629587-2616333845-1000_UserData.bin
+ 2010-09-13 23:16 . 2010-12-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-13 23:16 . 2010-12-15 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-11 12:09 . 2010-12-21 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-11 12:09 . 2010-12-15 15:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-15 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 00:01 . 2010-12-21 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-14 00:01 . 2010-12-21 16:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2010-12-21 19:21 8848 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-21 16:27 . 2010-12-21 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-21 18:18 . 2010-12-21 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-21 18:18 . 2010-12-21 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-21 16:27 . 2010-12-21 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2010-12-21 16:26 326492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2010-12-21 18:11 326492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2010-12-21 16:38 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2010-12-21 19:51 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-11-20 20:33 . 2010-12-21 18:11 2570612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1157367422-3140629587-2616333845-1000-12288.dat
- 2010-11-20 20:33 . 2010-12-21 16:26 2570612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1157367422-3140629587-2616333845-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program file\uTorrent\uTorrent.exe" [2010-12-11 395640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
Run Google Web Accelerator.lnk - c:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-1-29 622592]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver; [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-13 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 36864]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-15 15:19]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157367422-3140629587-2616333845-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 15:31]
2010-12-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-17 12:18]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 120320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\0xsfuyvx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,67,28,17,5d,a2,41,44,8d,8d,c1,\
.
Celkový čas: 2010-12-21 21:05:59
ComboFix-quarantined-files.txt 2010-12-21 20:05
ComboFix2.txt 2010-12-21 18:03
Před spuštěním: Volných bajtů: 15 966 724 096
Po spuštění: Volných bajtů: 15 665 692 672
- - End Of File - - 30A94399CA50D62BF2DA4FE5CDC1EC16
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu Vyřešeno
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Vypadá to, že už by to mohlo být v pohodě (pokud mi to nezačne házet errory zase později 
). Díky moc za pomoc :)
Přikládám log z HJT, kdyby tam přeci jen něco ještě bylo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:57, on 21.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program File\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKCU\..\Run: [uTorrent] "C:\Program File\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6168 bytes
). Díky moc za pomoc :)Přikládám log z HJT, kdyby tam přeci jen něco ještě bylo:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:57, on 21.12.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program File\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKCU\..\Run: [uTorrent] "C:\Program File\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6168 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 14 hostů