Dobrý den,
mám stejný poblám s MS Removal Tool, mohl bych poprosit taktéž o pomoc? Zde je log z programu ComboFix:
ComboFix 11-04-25.01 - oem 25.04.2011 18:57:31.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3959.3205 [GMT 1:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Naver
c:\program files (x86)\Naver\NaverToolbar\DB_1_7.DAT
c:\program files (x86)\Naver\NaverToolbar\fixIE.exe
c:\program files (x86)\Naver\NaverToolbar\hangametetris\7souls.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\blog.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\bookmark.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\bookmark.JPG
c:\program files (x86)\Naver\NaverToolbar\hangametetris\bout.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\c9.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\capturebrowser.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\capturebrowser.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\cleaninternet.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\cleaninternet.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\clinic.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\config.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\dic.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\dicdetail.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\dicdetail2.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\dictionary.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\double.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\flashgame.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gamepack.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gametalk.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gametalk.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gmahjong.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\golf.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gunster.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\gzs.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\hangamebi.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\hon.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\lasvagas.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\login.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\logo.bmp
c:\program files (x86)\Naver\NaverToolbar\hangametetris\logo.png
c:\program files (x86)\Naver\NaverToolbar\hangametetris\logout.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\magu.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\mhf.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\move.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\msduelgo.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\myblog.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\new.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\newgostop.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\opencast.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\opencast.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\pcclinic.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\Popojoy.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\popup.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\popup2.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\r2.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\real.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\search.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\seven.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\shortadr.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\shotcut.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\solitaire.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\TalesRunner.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\tera.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\tetris.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\theme.xml
c:\program files (x86)\Naver\NaverToolbar\hangametetris\toolbarcleaner.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\toolbarcleaner.jpg
c:\program files (x86)\Naver\NaverToolbar\hangametetris\transjapan.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\virus.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\yut.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\z9.ico
c:\program files (x86)\Naver\NaverToolbar\hangametetris\zoom.ico
c:\program files (x86)\Naver\NaverToolbar\InstlInfo.ini
c:\program files (x86)\Naver\NaverToolbar\juniver\artist.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\babystudy.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\blog.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\bookmark.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\bookmark.JPG
c:\program files (x86)\Naver\NaverToolbar\juniver\capturebrowser.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\capturebrowser.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\cleaninternet.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\cleaninternet.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\clinic.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\comic.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\config.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\dic.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\dicdetail.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\dicdetail2.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\dictionary.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\dongwha.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\farm_01.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\farm_02.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\flash.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\gabe.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\gallery.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\game.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\gametalk.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\gametalk.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\homework.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\jr.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\kidsong.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\login.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\logo.bmp
c:\program files (x86)\Naver\NaverToolbar\juniver\logo.png
c:\program files (x86)\Naver\NaverToolbar\juniver\logout.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\move.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\opencast.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\opencast.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\panyroom.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\parents.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\pcclinic.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\popup.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\popup2.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\real.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\search.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\shotcut.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\theme.xml
c:\program files (x86)\Naver\NaverToolbar\juniver\toolbarcleaner.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\toolbarcleaner.jpg
c:\program files (x86)\Naver\NaverToolbar\juniver\transjapan.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\tv.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\virus.ico
c:\program files (x86)\Naver\NaverToolbar\juniver\zoom.ico
c:\program files (x86)\Naver\NaverToolbar\naver\blog.ico
c:\program files (x86)\Naver\NaverToolbar\naver\bookmark.ico
c:\program files (x86)\Naver\NaverToolbar\naver\bookmark.JPG
c:\program files (x86)\Naver\NaverToolbar\naver\capturebrowser.ico
c:\program files (x86)\Naver\NaverToolbar\naver\capturebrowser.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\cleaninternet.ico
c:\program files (x86)\Naver\NaverToolbar\naver\cleaninternet.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\clinic.ico
c:\program files (x86)\Naver\NaverToolbar\naver\config.ico
c:\program files (x86)\Naver\NaverToolbar\naver\dic.ico
c:\program files (x86)\Naver\NaverToolbar\naver\dicdetail.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\dicdetail2.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\dictionary.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\gametalk.ico
c:\program files (x86)\Naver\NaverToolbar\naver\gametalk.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\login.ico
c:\program files (x86)\Naver\NaverToolbar\naver\logo.bmp
c:\program files (x86)\Naver\NaverToolbar\naver\logo.png
c:\program files (x86)\Naver\NaverToolbar\naver\logout.ico
c:\program files (x86)\Naver\NaverToolbar\naver\move.ico
c:\program files (x86)\Naver\NaverToolbar\naver\naver.ico
c:\program files (x86)\Naver\NaverToolbar\naver\opencast.ico
c:\program files (x86)\Naver\NaverToolbar\naver\opencast.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\pcclinic.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\popup.ico
c:\program files (x86)\Naver\NaverToolbar\naver\popup2.ico
c:\program files (x86)\Naver\NaverToolbar\naver\real.ico
c:\program files (x86)\Naver\NaverToolbar\naver\search.ico
c:\program files (x86)\Naver\NaverToolbar\naver\shotcut.ico
c:\program files (x86)\Naver\NaverToolbar\naver\theme.xml
c:\program files (x86)\Naver\NaverToolbar\naver\toolbarcleaner.ico
c:\program files (x86)\Naver\NaverToolbar\naver\toolbarcleaner.jpg
c:\program files (x86)\Naver\NaverToolbar\naver\transjapan.ico
c:\program files (x86)\Naver\NaverToolbar\naver\virus.ico
c:\program files (x86)\Naver\NaverToolbar\naver\zoom.ico
c:\program files (x86)\Naver\NaverToolbar\NaverAdminAPI.dll
c:\program files (x86)\Naver\NaverToolbar\NaverAdminAPI.exe
c:\program files (x86)\Naver\NaverToolbar\NaverTB_3_5_8_70.dll
c:\program files (x86)\Naver\NaverToolbar\NTC_1_0_0_5.exe
c:\program files (x86)\Naver\NaverToolbar\postinst.exe
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\bing_com.xml
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\daum_net.xml
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\nate_com.xml
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\naver_com.xml
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\paran_com.xml
c:\program files (x86)\Naver\NaverToolbar\SearchEngines\yahoo_com.xml
c:\program files (x86)\Naver\NaverToolbar\TBInfo.ini
c:\programdata\oMk06511nAiLa06511
c:\programdata\oMk06511nAiLa06511\oMk06511nAiLa06511
c:\programdata\oMk06511nAiLa06511\oMk06511nAiLa06511.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-25 do 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 18:02 . 2011-04-25 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:50 . 2011-04-25 15:56 -------- d-----w- c:\users\oem\AppData\Roaming\GlarySoft
2011-04-25 15:46 . 2011-04-25 15:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-04-25 15:31 . 2011-04-12 09:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-25 15:31 . 2011-04-12 09:44 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-25 15:31 . 2011-04-12 09:44 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-04-25 15:31 . 2011-04-12 09:44 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-25 15:31 . 2011-03-10 08:08 279344 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-04-25 15:13 . 2011-03-24 11:39 140800 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-04-25 15:13 . 2011-01-17 08:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-04-25 15:13 . 2010-07-16 13:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-04-25 15:13 . 2010-06-29 09:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-04-25 15:13 . 2011-03-10 09:07 282440 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-04-25 15:13 . 2010-12-16 06:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-04-25 15:12 . 2011-04-25 15:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-04-25 15:12 . 2011-04-25 15:12 -------- d-----w- c:\users\oem\AppData\Roaming\PC Tools
2011-04-25 15:02 . 2011-04-25 15:03 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-25 15:02 . 2011-04-25 15:03 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-25 15:02 . 2011-04-25 15:03 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-25 11:50 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-25 11:50 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-25 00:19 . 2011-04-25 00:19 462848 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
2011-04-23 16:51 . 2011-04-23 16:51 -------- d-----w- c:\users\oem\AppData\Roaming\Sahmon Games
2011-04-23 16:29 . 2011-04-23 16:51 -------- d-----w- c:\program files (x86)\PaperPlane
2011-04-23 14:37 . 2011-04-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-04-23 13:54 . 2011-04-23 13:54 -------- d-----w- c:\users\oem\AppData\Local\Activision
2011-04-23 13:26 . 2011-04-23 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-23 13:26 . 2011-04-25 15:55 -------- d-----w- c:\program files (x86)\Steam
2011-04-22 12:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E22156-BBE2-4301-85D8-DD6F08C28963}\mpengine.dll
2011-04-20 17:02 . 2011-03-18 17:55 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-20 17:02 . 2011-03-18 17:55 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-20 17:02 . 2011-03-18 17:55 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-20 17:02 . 2011-03-18 17:55 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-20 17:02 . 2011-03-18 17:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-20 17:02 . 2011-03-18 17:55 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-20 14:55 . 2011-04-20 14:55 -------- d-----w- c:\users\oem\AppData\Roaming\Unity
2011-04-20 12:53 . 2011-04-20 12:53 -------- d-----w- c:\users\oem\AppData\Local\Unity
2011-04-20 10:40 . 2011-04-20 10:40 -------- d-----w- c:\users\oem\AppData\Roaming\SUPERAntiSpyware.com
2011-04-20 10:40 . 2011-04-20 10:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-20 10:40 . 2011-04-20 10:40 -------- d-----w- c:\programdata\!SASCORE
2011-04-20 10:40 . 2011-04-25 16:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 10:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-20 10:32 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:15 . 2011-04-25 17:52 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-04-20 10:13 . 2011-04-25 15:13 -------- d-----w- c:\programdata\PC Tools
2011-04-20 09:37 . 2011-04-20 11:34 -------- d-----w- c:\programdata\mGg06511pAnBh06511
2011-04-19 20:59 . 2011-04-19 20:59 -------- d-----w- c:\users\oem\AppData\Local\DDMSettings
2011-04-19 20:53 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-04-19 20:53 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-19 20:53 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-13 16:06 . 1996-05-29 02:04 4711 ----a-w- c:\windows\system32\dmouse.vxd
2011-04-13 16:06 . 2011-04-15 14:53 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2011-04-13 12:09 . 2011-04-13 12:09 -------- d-----w- c:\programdata\Symantec
2011-04-13 12:09 . 2011-04-15 14:54 -------- d-----w- c:\programdata\Norton
2011-04-03 21:13 . 2011-04-12 16:59 -------- d-----w- c:\users\oem\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Roaming\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Local\Graphisoft
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\oem\AppData\Local\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\programdata\Apple
2011-04-03 21:08 . 2011-04-03 21:08 -------- d---a-w- c:\program files (x86)\Common Files\Graphisoft Shared
2011-04-03 21:08 . 2011-04-03 21:08 -------- d-----w- c:\program files\Graphisoft
2011-04-01 17:10 . 2009-05-12 16:13 86016 ----a-w- c:\windows\SysWow64\PortalOCP.ocx
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- C:\AMD
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\programdata\ATI
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-01 17:00 . 2011-04-01 17:01 -------- d-----w- c:\program files\ATI Technologies
2011-04-01 16:59 . 2011-04-01 16:59 -------- d-----w- C:\ATI
2011-04-01 15:10 . 2011-03-23 20:10 4130616 ----a-w- c:\windows\SysWow64\GameMon.des
2011-04-01 15:04 . 2005-01-01 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-04-01 15:04 . 2003-07-17 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-04-01 15:04 . 2011-04-01 15:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-01 15:02 . 2010-08-12 14:26 1443224 ----a-w- c:\windows\SysWow64\HanWebMsg1061.dll
2011-04-01 15:01 . 2010-02-17 17:53 180120 ----a-w- c:\windows\SysWow64\HGReport.dll
2011-04-01 15:01 . 2010-10-15 10:53 181424 ----a-w- c:\windows\SysWow64\PubPlugin.dll
2011-04-01 12:51 . 2011-04-01 15:04 -------- d-----w- C:\HanPurple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-10-05 21:04 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-10-05 21:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:18 . 2010-10-05 21:05 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-10-05 21:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-10-05 21:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-10-05 21:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-10-05 21:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:56 . 2011-03-21 18:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 18:56 . 2011-03-21 18:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 18:56 . 2011-03-21 18:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:56 . 2011-03-21 18:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 18:55 . 2011-03-21 18:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 18:55 . 2011-03-21 18:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-03-15 06:50 . 2011-03-15 06:50 567152 ----a-w- c:\windows\SysWow64\NJUninst.exe
2011-02-19 06:37 . 2011-03-09 02:42 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 02:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 02:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 02:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 02:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-14 22:20 . 2011-02-14 22:20 319488 ----a-w- c:\windows\HideWin.exe
2011-02-02 17:11 . 2010-08-27 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 03:22 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-09 03:22 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-09 03:22 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2011-04-12 1600984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
"PCTools FGuard"=c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-12 337872]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-19 1436424]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-25 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\System32\blank.htm
uStart Page = hxxp://www.naver.com
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = www-cache.strath.ac.uk:8080
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://mhf.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\ygpahxi3.default\
FF - prefs.js: network.proxy.ftp - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-NaverToolbar - c:\windows\system32\NJUninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-04-25 19:04:39
ComboFix-quarantined-files.txt 2011-04-25 18:04
.
Před spuštěním: Volných bajtů: 236 607 750 144
Po spuštění: Volných bajtů: 236 419 465 216
.
- - End Of File - - 7B3A0A7CD426B6D7899FB107FBC82EA7
MS Removal Tool - Kontrola HJT Vyřešeno
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT
Tak za prvé - proč montuješ svůj log do již zaběhlé kontroly? Jak tam jako budem rozlišovat, co komu patří, hm? Proto je to ošetřeno v pravidlech a každý uživatel je povinen si založit vlastní téma.
A já ti to do ***** oddělím a ty to smažeš a znova vložíš do zaběhlého. Chceš si tu z nás dělat srandu nebo co jako?
Za druhé je čirá blbost udělat sám od sebe CF. Nečetls před spuštením, že kontrolu máš dělat jen pod zkušeným dozorem?
A za třetí tam máš stop padesát různých "antivirových" programů.
Odinstaluj:
SUPERAntiSPyware
Vše od PC Tools
Akamai
Vidím tam Norton a McAfee - to jsou jen zbytky?
Znáš c:\programdata\mGg06511pAnBh06511?
A proxy www-cache.strath.ac.uk?
Toto otestuj na Virustotal
c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
A já ti to do ***** oddělím a ty to smažeš a znova vložíš do zaběhlého. Chceš si tu z nás dělat srandu nebo co jako?
Za druhé je čirá blbost udělat sám od sebe CF. Nečetls před spuštením, že kontrolu máš dělat jen pod zkušeným dozorem?
A za třetí tam máš stop padesát různých "antivirových" programů.
Odinstaluj:
SUPERAntiSPyware
Vše od PC Tools
Akamai
Vidím tam Norton a McAfee - to jsou jen zbytky?
Znáš c:\programdata\mGg06511pAnBh06511?
A proxy www-cache.strath.ac.uk?
Toto otestuj na Virustotal
c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: MS Removal Tool - Kontrola HJT
Omlouvám se za můj post, myslel jsem, že jsem omylem založil nové vlákno, tak proto jsem ho smazal a znovu poslal. Programy SUPERAntiSPyware,PC Tools a Akamai jsem odinstaloval. Norton a McAffe by opravdu měli být jen zbytky, jelikož je už nemůžu nikde v pc najít.
Program "c:\programdata\mGg06511pAnBh06511" mi nic neříká a ta proxi adresa je moje školní.
Zde je link na result z virus total:
http://www.virustotal.com/file-scan/rep ... 1303757353
Program "c:\programdata\mGg06511pAnBh06511" mi nic neříká a ta proxi adresa je moje školní.
Zde je link na result z virus total:
http://www.virustotal.com/file-scan/rep ... 1303757353
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT Vyřešeno
OK, budem to muset asi udělat na víckrát
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
c:\windows\SysWow64\GameMon.des
c:\windows\SysWow64\NJUninst.exe
Folder::
c:\programdata\mGg06511pAnBh06511
c:\programdata\Symantec
c:\programdata\Norton
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableLUA"=-
"EnableUIADesktopToggle"=-
"PromptOnSecureDesktop"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
DDS::
uLocal Page = c:\windows\System32\blank.htm
uStart Page = hxxp://www.naver.com
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: MS Removal Tool - Kontrola HJT
Log z ComboFix:
ComboFix 11-04-25.01 - oem 25.04.2011 20:33:19.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3959.3081 [GMT 1:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe"
"c:\windows\SysWow64\GameMon.des"
"c:\windows\SysWow64\NJUninst.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
c:\programdata\mGg06511pAnBh06511
c:\programdata\mGg06511pAnBh06511\mGg06511pAnBh06511
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Symantec
c:\windows\SysWow64\GameMon.des
c:\windows\SysWow64\NJUninst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-25 do 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 19:36 . 2011-04-25 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:50 . 2011-04-25 15:56 -------- d-----w- c:\users\oem\AppData\Roaming\GlarySoft
2011-04-25 15:46 . 2011-04-25 15:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-04-25 15:02 . 2011-04-25 15:03 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-25 15:02 . 2011-04-25 15:03 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-25 15:02 . 2011-04-25 15:03 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-25 11:50 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-25 11:50 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 16:51 . 2011-04-23 16:51 -------- d-----w- c:\users\oem\AppData\Roaming\Sahmon Games
2011-04-23 14:37 . 2011-04-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-04-23 13:54 . 2011-04-23 13:54 -------- d-----w- c:\users\oem\AppData\Local\Activision
2011-04-23 13:26 . 2011-04-23 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-23 13:26 . 2011-04-25 15:55 -------- d-----w- c:\program files (x86)\Steam
2011-04-22 12:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E22156-BBE2-4301-85D8-DD6F08C28963}\mpengine.dll
2011-04-20 17:02 . 2011-03-18 17:55 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-20 17:02 . 2011-03-18 17:55 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-20 17:02 . 2011-03-18 17:55 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-20 17:02 . 2011-03-18 17:55 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-20 17:02 . 2011-03-18 17:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-20 17:02 . 2011-03-18 17:55 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-20 14:55 . 2011-04-20 14:55 -------- d-----w- c:\users\oem\AppData\Roaming\Unity
2011-04-20 12:53 . 2011-04-20 12:53 -------- d-----w- c:\users\oem\AppData\Local\Unity
2011-04-20 10:40 . 2011-04-20 10:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 10:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-20 10:32 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:13 . 2011-04-25 18:38 -------- d-----w- c:\programdata\PC Tools
2011-04-19 20:59 . 2011-04-19 20:59 -------- d-----w- c:\users\oem\AppData\Local\DDMSettings
2011-04-19 20:53 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-04-19 20:53 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-19 20:53 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-13 16:06 . 1996-05-29 02:04 4711 ----a-w- c:\windows\system32\dmouse.vxd
2011-04-13 16:06 . 2011-04-15 14:53 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2011-04-13 12:09 . 2011-04-13 12:09 -------- d-----w- c:\programdata\NortonInstaller
2011-04-03 21:13 . 2011-04-12 16:59 -------- d-----w- c:\users\oem\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Roaming\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Local\Graphisoft
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\oem\AppData\Local\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\programdata\Apple
2011-04-03 21:08 . 2011-04-03 21:08 -------- d---a-w- c:\program files (x86)\Common Files\Graphisoft Shared
2011-04-03 21:08 . 2011-04-03 21:08 -------- d-----w- c:\program files\Graphisoft
2011-04-01 17:10 . 2009-05-12 16:13 86016 ----a-w- c:\windows\SysWow64\PortalOCP.ocx
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- C:\AMD
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\programdata\ATI
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-01 17:00 . 2011-04-01 17:01 -------- d-----w- c:\program files\ATI Technologies
2011-04-01 16:59 . 2011-04-01 16:59 -------- d-----w- C:\ATI
2011-04-01 15:04 . 2005-01-01 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-04-01 15:04 . 2003-07-17 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-04-01 15:04 . 2011-04-01 15:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-01 15:02 . 2010-08-12 14:26 1443224 ----a-w- c:\windows\SysWow64\HanWebMsg1061.dll
2011-04-01 15:01 . 2010-02-17 17:53 180120 ----a-w- c:\windows\SysWow64\HGReport.dll
2011-04-01 15:01 . 2010-10-15 10:53 181424 ----a-w- c:\windows\SysWow64\PubPlugin.dll
2011-04-01 12:51 . 2011-04-01 15:04 -------- d-----w- C:\HanPurple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-10-05 21:04 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-10-05 21:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:18 . 2010-10-05 21:05 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-10-05 21:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-10-05 21:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-10-05 21:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-10-05 21:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:56 . 2011-03-21 18:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 18:56 . 2011-03-21 18:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 18:56 . 2011-03-21 18:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:56 . 2011-03-21 18:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 18:55 . 2011-03-21 18:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 18:55 . 2011-03-21 18:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-02-19 06:37 . 2011-03-09 02:42 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 02:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 02:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 02:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 02:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-14 22:20 . 2011-02-14 22:20 319488 ----a-w- c:\windows\HideWin.exe
2011-02-02 17:11 . 2010-08-27 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 03:22 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-09 03:22 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-09 03:22 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.02.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-25 19:37 . 2011-04-25 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-25 19:37 . 2011-04-25 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
"PCTools FGuard"=c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-19 1436424]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 npggsvc;nProtect GameGuard Service; [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-25 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = www-cache.strath.ac.uk:8080
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://mhf.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\ygpahxi3.default\
FF - prefs.js: network.proxy.ftp - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2011-04-25 20:40:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-25 19:40
ComboFix2.txt 2011-04-25 18:04
.
Před spuštěním: Volných bajtů: 241 641 263 104
Po spuštění: Volných bajtů: 241 661 870 080
.
- - End Of File - - CD8ED0D123D0430D50D50FF49E8BABA9
ComboFix 11-04-25.01 - oem 25.04.2011 20:33:19.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3959.3081 [GMT 1:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe"
"c:\windows\SysWow64\GameMon.des"
"c:\windows\SysWow64\NJUninst.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\null0.8460126212681808.exe
c:\programdata\mGg06511pAnBh06511
c:\programdata\mGg06511pAnBh06511\mGg06511pAnBh06511
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Symantec
c:\windows\SysWow64\GameMon.des
c:\windows\SysWow64\NJUninst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-25 do 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 19:36 . 2011-04-25 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:50 . 2011-04-25 15:56 -------- d-----w- c:\users\oem\AppData\Roaming\GlarySoft
2011-04-25 15:46 . 2011-04-25 15:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-04-25 15:02 . 2011-04-25 15:03 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-25 15:02 . 2011-04-25 15:03 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-25 15:02 . 2011-04-25 15:03 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-25 11:50 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-25 11:50 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 16:51 . 2011-04-23 16:51 -------- d-----w- c:\users\oem\AppData\Roaming\Sahmon Games
2011-04-23 14:37 . 2011-04-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-04-23 13:54 . 2011-04-23 13:54 -------- d-----w- c:\users\oem\AppData\Local\Activision
2011-04-23 13:26 . 2011-04-23 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-23 13:26 . 2011-04-25 15:55 -------- d-----w- c:\program files (x86)\Steam
2011-04-22 12:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E22156-BBE2-4301-85D8-DD6F08C28963}\mpengine.dll
2011-04-20 17:02 . 2011-03-18 17:55 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-20 17:02 . 2011-03-18 17:55 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-20 17:02 . 2011-03-18 17:55 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-20 17:02 . 2011-03-18 17:55 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-20 17:02 . 2011-03-18 17:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-20 17:02 . 2011-03-18 17:55 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-20 14:55 . 2011-04-20 14:55 -------- d-----w- c:\users\oem\AppData\Roaming\Unity
2011-04-20 12:53 . 2011-04-20 12:53 -------- d-----w- c:\users\oem\AppData\Local\Unity
2011-04-20 10:40 . 2011-04-20 10:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 10:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-20 10:32 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:13 . 2011-04-25 18:38 -------- d-----w- c:\programdata\PC Tools
2011-04-19 20:59 . 2011-04-19 20:59 -------- d-----w- c:\users\oem\AppData\Local\DDMSettings
2011-04-19 20:53 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-04-19 20:53 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-19 20:53 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-13 16:06 . 1996-05-29 02:04 4711 ----a-w- c:\windows\system32\dmouse.vxd
2011-04-13 16:06 . 2011-04-15 14:53 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2011-04-13 12:09 . 2011-04-13 12:09 -------- d-----w- c:\programdata\NortonInstaller
2011-04-03 21:13 . 2011-04-12 16:59 -------- d-----w- c:\users\oem\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Roaming\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Local\Graphisoft
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\oem\AppData\Local\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\programdata\Apple
2011-04-03 21:08 . 2011-04-03 21:08 -------- d---a-w- c:\program files (x86)\Common Files\Graphisoft Shared
2011-04-03 21:08 . 2011-04-03 21:08 -------- d-----w- c:\program files\Graphisoft
2011-04-01 17:10 . 2009-05-12 16:13 86016 ----a-w- c:\windows\SysWow64\PortalOCP.ocx
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- C:\AMD
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\programdata\ATI
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-01 17:00 . 2011-04-01 17:01 -------- d-----w- c:\program files\ATI Technologies
2011-04-01 16:59 . 2011-04-01 16:59 -------- d-----w- C:\ATI
2011-04-01 15:04 . 2005-01-01 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-04-01 15:04 . 2003-07-17 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-04-01 15:04 . 2011-04-01 15:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-01 15:02 . 2010-08-12 14:26 1443224 ----a-w- c:\windows\SysWow64\HanWebMsg1061.dll
2011-04-01 15:01 . 2010-02-17 17:53 180120 ----a-w- c:\windows\SysWow64\HGReport.dll
2011-04-01 15:01 . 2010-10-15 10:53 181424 ----a-w- c:\windows\SysWow64\PubPlugin.dll
2011-04-01 12:51 . 2011-04-01 15:04 -------- d-----w- C:\HanPurple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-10-05 21:04 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-10-05 21:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:18 . 2010-10-05 21:05 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-10-05 21:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-10-05 21:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-10-05 21:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-10-05 21:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:56 . 2011-03-21 18:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 18:56 . 2011-03-21 18:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 18:56 . 2011-03-21 18:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:56 . 2011-03-21 18:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 18:55 . 2011-03-21 18:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 18:55 . 2011-03-21 18:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-02-19 06:37 . 2011-03-09 02:42 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 02:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 02:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 02:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 02:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-14 22:20 . 2011-02-14 22:20 319488 ----a-w- c:\windows\HideWin.exe
2011-02-02 17:11 . 2010-08-27 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 03:22 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:53 . 2011-02-09 03:22 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:31 . 2011-02-09 03:22 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.02.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-25 19:37 . 2011-04-25 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-25 19:37 . 2011-04-25 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
"PCTools FGuard"=c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-19 1436424]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 npggsvc;nProtect GameGuard Service; [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-25 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = www-cache.strath.ac.uk:8080
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://mhf.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\ygpahxi3.default\
FF - prefs.js: network.proxy.ftp - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2011-04-25 20:40:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-25 19:40
ComboFix2.txt 2011-04-25 18:04
.
Před spuštěním: Volných bajtů: 241 641 263 104
Po spuštění: Volných bajtů: 241 661 870 080
.
- - End Of File - - CD8ED0D123D0430D50D50FF49E8BABA9
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\programdata\SUPERAntiSpyware.com
c:\programdata\PC Tools
c:\programdata\NortonInstaller
Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"PCTools FGuard"=-
Driver::
npggsvc
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: MS Removal Tool - Kontrola HJT
Tady je výstup z čistícího logu:
ComboFix 11-04-25.01 - oem 26.04.2011 9:12.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3959.3337 [GMT 1:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\Install.2.mft
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\NortonInstall-2011-04-13-13h09m02s.log
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\DeleteMode-2011-04-15-15h54m50s.log
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\Install.2.mft
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\NortonInstall-2011-04-15-15h54m38s.log
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\PC Tools
c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_revwire207_aff_dl.exe
c:\programdata\SUPERAntiSpyware.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-26 do 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 08:16 . 2011-04-26 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:50 . 2011-04-25 15:56 -------- d-----w- c:\users\oem\AppData\Roaming\GlarySoft
2011-04-25 15:46 . 2011-04-25 15:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-04-25 11:50 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-25 11:50 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 16:51 . 2011-04-23 16:51 -------- d-----w- c:\users\oem\AppData\Roaming\Sahmon Games
2011-04-23 14:37 . 2011-04-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-04-23 13:54 . 2011-04-23 13:54 -------- d-----w- c:\users\oem\AppData\Local\Activision
2011-04-23 13:26 . 2011-04-23 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-23 13:26 . 2011-04-25 15:55 -------- d-----w- c:\program files (x86)\Steam
2011-04-22 12:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E22156-BBE2-4301-85D8-DD6F08C28963}\mpengine.dll
2011-04-20 17:02 . 2011-03-18 17:55 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-20 17:02 . 2011-03-18 17:55 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-20 17:02 . 2011-03-18 17:55 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-20 17:02 . 2011-03-18 17:55 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-20 17:02 . 2011-03-18 17:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-20 17:02 . 2011-03-18 17:55 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-20 14:55 . 2011-04-20 14:55 -------- d-----w- c:\users\oem\AppData\Roaming\Unity
2011-04-20 12:53 . 2011-04-20 12:53 -------- d-----w- c:\users\oem\AppData\Local\Unity
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 10:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-20 10:32 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 20:59 . 2011-04-19 20:59 -------- d-----w- c:\users\oem\AppData\Local\DDMSettings
2011-04-19 20:53 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-04-19 20:53 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-19 20:53 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-13 16:06 . 1996-05-29 02:04 4711 ----a-w- c:\windows\system32\dmouse.vxd
2011-04-13 16:06 . 2011-04-15 14:53 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2011-04-03 21:13 . 2011-04-12 16:59 -------- d-----w- c:\users\oem\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Roaming\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Local\Graphisoft
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\oem\AppData\Local\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\programdata\Apple
2011-04-03 21:08 . 2011-04-03 21:08 -------- d---a-w- c:\program files (x86)\Common Files\Graphisoft Shared
2011-04-03 21:08 . 2011-04-03 21:08 -------- d-----w- c:\program files\Graphisoft
2011-04-01 17:10 . 2009-05-12 16:13 86016 ----a-w- c:\windows\SysWow64\PortalOCP.ocx
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- C:\AMD
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\programdata\ATI
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-01 17:00 . 2011-04-01 17:01 -------- d-----w- c:\program files\ATI Technologies
2011-04-01 16:59 . 2011-04-01 16:59 -------- d-----w- C:\ATI
2011-04-01 15:04 . 2005-01-01 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-04-01 15:04 . 2003-07-17 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-04-01 15:04 . 2011-04-01 15:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-01 15:02 . 2010-08-12 14:26 1443224 ----a-w- c:\windows\SysWow64\HanWebMsg1061.dll
2011-04-01 15:01 . 2010-02-17 17:53 180120 ----a-w- c:\windows\SysWow64\HGReport.dll
2011-04-01 15:01 . 2010-10-15 10:53 181424 ----a-w- c:\windows\SysWow64\PubPlugin.dll
2011-04-01 12:51 . 2011-04-01 15:04 -------- d-----w- C:\HanPurple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-10-05 21:04 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-10-05 21:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:18 . 2010-10-05 21:05 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-10-05 21:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-10-05 21:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-10-05 21:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-10-05 21:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:56 . 2011-03-21 18:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 18:56 . 2011-03-21 18:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 18:56 . 2011-03-21 18:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:56 . 2011-03-21 18:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 18:55 . 2011-03-21 18:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 18:55 . 2011-03-21 18:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-02-19 06:37 . 2011-03-09 02:42 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 02:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 02:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 02:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 02:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-14 22:20 . 2011-02-14 22:20 319488 ----a-w- c:\windows\HideWin.exe
2011-02-02 17:11 . 2010-08-27 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.02.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-25 17:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 14:11 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 14:11 . 2011-04-25 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 14:11 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-20 14:11 . 2011-04-25 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 08:17 . 2011-04-26 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-26 08:17 . 2011-04-26 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-19 1436424]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-25 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF2085.cfxxe" [X]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = www-cache.strath.ac.uk:8080
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://mhf.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\ygpahxi3.default\
FF - prefs.js: network.proxy.ftp - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-04-26 09:26:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-26 08:26
ComboFix2.txt 2011-04-25 19:40
ComboFix3.txt 2011-04-25 18:04
.
Před spuštěním: Volných bajtů: 241 765 765 120
Po spuštění: Volných bajtů: 241 400 606 720
.
- - End Of File - - 6462A50668F2F260904011281E80157E
ComboFix 11-04-25.01 - oem 26.04.2011 9:12.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3959.3337 [GMT 1:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\Install.2.mft
c:\programdata\NortonInstaller\Logs\2011-04-13-13h09m02s\NortonInstall-2011-04-13-13h09m02s.log
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\DeleteMode-2011-04-15-15h54m50s.log
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\Install.2.mft
c:\programdata\NortonInstaller\Logs\2011-04-15-15h54m38s\NortonInstall-2011-04-15-15h54m38s.log
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\PC Tools
c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_revwire207_aff_dl.exe
c:\programdata\SUPERAntiSpyware.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-26 do 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 08:16 . 2011-04-26 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:50 . 2011-04-25 15:56 -------- d-----w- c:\users\oem\AppData\Roaming\GlarySoft
2011-04-25 15:46 . 2011-04-25 15:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2011-04-25 11:50 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-25 11:50 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-23 16:51 . 2011-04-23 16:51 -------- d-----w- c:\users\oem\AppData\Roaming\Sahmon Games
2011-04-23 14:37 . 2011-04-25 15:59 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-04-23 13:54 . 2011-04-23 13:54 -------- d-----w- c:\users\oem\AppData\Local\Activision
2011-04-23 13:26 . 2011-04-23 13:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-04-23 13:26 . 2011-04-25 15:55 -------- d-----w- c:\program files (x86)\Steam
2011-04-22 12:08 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E22156-BBE2-4301-85D8-DD6F08C28963}\mpengine.dll
2011-04-20 17:02 . 2011-03-18 17:55 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-20 17:02 . 2011-03-18 17:55 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-20 17:02 . 2011-03-18 17:55 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-20 17:02 . 2011-03-18 17:55 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-20 17:02 . 2011-03-18 17:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-20 17:02 . 2011-03-18 17:55 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-20 17:02 . 2011-03-18 17:55 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-20 14:55 . 2011-04-20 14:55 -------- d-----w- c:\users\oem\AppData\Roaming\Unity
2011-04-20 12:53 . 2011-04-20 12:53 -------- d-----w- c:\users\oem\AppData\Local\Unity
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 10:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-20 10:32 . 2011-04-20 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-20 10:32 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 20:59 . 2011-04-19 20:59 -------- d-----w- c:\users\oem\AppData\Local\DDMSettings
2011-04-19 20:53 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-04-19 20:53 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-19 20:53 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-13 16:06 . 1996-05-29 02:04 4711 ----a-w- c:\windows\system32\dmouse.vxd
2011-04-13 16:06 . 2011-04-15 14:53 -------- d-----w- c:\program files\Doom Shareware for Windows 95
2011-04-03 21:13 . 2011-04-12 16:59 -------- d-----w- c:\users\oem\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Roaming\Graphisoft
2011-04-03 21:13 . 2011-04-07 16:40 -------- d-----w- c:\users\oem\AppData\Local\Graphisoft
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\oem\AppData\Local\Apple
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\programdata\Apple
2011-04-03 21:08 . 2011-04-03 21:08 -------- d---a-w- c:\program files (x86)\Common Files\Graphisoft Shared
2011-04-03 21:08 . 2011-04-03 21:08 -------- d-----w- c:\program files\Graphisoft
2011-04-01 17:10 . 2009-05-12 16:13 86016 ----a-w- c:\windows\SysWow64\PortalOCP.ocx
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- C:\AMD
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\programdata\ATI
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-01 17:01 . 2011-04-01 17:01 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-01 17:00 . 2011-04-01 17:01 -------- d-----w- c:\program files\ATI Technologies
2011-04-01 16:59 . 2011-04-01 16:59 -------- d-----w- C:\ATI
2011-04-01 15:04 . 2005-01-01 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-04-01 15:04 . 2003-07-17 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-04-01 15:04 . 2011-04-01 15:04 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-04-01 15:02 . 2010-08-12 14:26 1443224 ----a-w- c:\windows\SysWow64\HanWebMsg1061.dll
2011-04-01 15:01 . 2010-02-17 17:53 180120 ----a-w- c:\windows\SysWow64\HGReport.dll
2011-04-01 15:01 . 2010-10-15 10:53 181424 ----a-w- c:\windows\SysWow64\PubPlugin.dll
2011-04-01 12:51 . 2011-04-01 15:04 -------- d-----w- C:\HanPurple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-10-05 21:04 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-10-05 21:04 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:18 . 2010-10-05 21:05 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-10-05 21:05 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-10-05 21:05 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-10-05 21:05 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-10-05 21:05 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-21 18:56 . 2011-03-21 18:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 18:56 . 2011-03-21 18:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 18:56 . 2011-03-21 18:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:56 . 2011-03-21 18:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 18:55 . 2011-03-21 18:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 18:55 . 2011-03-21 18:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-02-19 06:37 . 2011-03-09 02:42 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 02:42 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 02:42 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 02:42 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 02:42 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-14 22:20 . 2011-02-14 22:20 319488 ----a-w- c:\windows\HideWin.exe
2011-02-02 17:11 . 2010-08-27 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.02.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-25 17:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 08:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-27 17:55 . 2011-04-24 11:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-27 17:55 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 14:11 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 14:11 . 2011-04-25 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 14:11 . 2011-04-26 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-20 14:11 . 2011-04-25 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 08:17 . 2011-04-26 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-26 08:17 . 2011-04-26 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-25 17:53 . 2011-04-25 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-19 1436424]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-25 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF2085.cfxxe" [X]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = www-cache.strath.ac.uk:8080
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /SEARCH.HTML
IE: ??? ????? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BOOKMARK.HTML
IE: ??? ??? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /BLOG.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /DIC.HTML
IE: ??? ????? ???? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /OPENCAST.HTML
IE: ??? ?? ?? - c:\program files (x86)\naver\NaverToolbar\NaverTB_3_5_8_70.dll /JKTRANS.HTML
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://mhf.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\ygpahxi3.default\
FF - prefs.js: network.proxy.ftp - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - www-cache.strath.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-04-26 09:26:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-26 08:26
ComboFix2.txt 2011-04-25 19:40
ComboFix3.txt 2011-04-25 18:04
.
Před spuštěním: Volných bajtů: 241 765 765 120
Po spuštění: Volných bajtů: 241 400 606 720
.
- - End Of File - - 6462A50668F2F260904011281E80157E
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Log z programu HJT
Jak se chová PC?
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Log z programu HJT
Jak se chová PC?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: MS Removal Tool - Kontrola HJT
Teď si nejsem jist, zda mám vložit, ten prvotní log, co mi HJT vytvoří, nebo podle návodu provést i fix a vložit následný log, děkuji za pomoc.
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT
A já jsem ti už říkal, co fixnout?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: MS Removal Tool - Kontrola HJT
Takže prvotní výstup, jel jsem podle toho návodu a nebyl si jistý. Zde je log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:27, on 26.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\oem\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.strath.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: NaverToolbar Helper - {67C41E9E-2EBF-4F2B-AF74-314F0D793172} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: (no name) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - (no file)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://mhf.hangame.com/common/activex/HanSetup1040.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11264 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:27, on 26.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\oem\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.strath.ac.uk:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: NaverToolbar Helper - {67C41E9E-2EBF-4F2B-AF74-314F0D793172} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: (no name) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - (no file)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://mhf.hangame.com/common/activex/HanSetup1040.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11264 bytes
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: MS Removal Tool - Kontrola HJT
Tak fixni:
Jak se chová počítač?
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NaverToolbar Helper - {67C41E9E-2EBF-4F2B-AF74-314F0D793172} - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: (no name) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - (no file)
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://mhf.hangame.com/common/activex/HanSetup1040.cabJak se chová počítač?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti