Zdravím,
Příkládám výpis logu z Hijack This, prosím o kontrolu.Děkuji moc
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:18, on 11.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Hamachi\hamachi-2-ui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\Office14\MSOSYNC.EXE
C:\Program Files\Carambis\Driver Updater\dupdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [BCSSync] "E:\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Program Files\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\tray\wintmr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OfficeSyncProcess] "E:\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\user\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: File-/Update Service (ksupmgr) - Salfeld Computer - C:\WINDOWS\system32\ksupmgr.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
--
End of file - 16287 bytes
Prosím o kontrolu logu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Odinstaluj:
ICQToolBar
free-downloads.net Toolbar
SearchSettings
SPYBOT
Ask Toolbar
Dealio (pokud najdeš)
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
ICQToolBar
free-downloads.net Toolbar
SearchSettings
SPYBOT
Ask Toolbar
Dealio (pokud najdeš)
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Vše splněno, akorat mám problém s Malwarebytes' Anti-Malware. Přes tento program jsem scanoval již před několika dny a na popud kamaráda jsem smazal všechny nalezené výsledky :-/. Přikládám obsah logu
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org
Verze databáze: v2012.01.10.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
user :: TOMAS [administrátor]
Ochrana: Povolena
11.1.2012 20:43:09
mbam-log-2012-01-11 (20-43-09).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233473
Uplynulý čas: 9 minut, 58 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.0.1800
www.malwarebytes.org
Verze databáze: v2012.01.10.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
user :: TOMAS [administrátor]
Ochrana: Povolena
11.1.2012 20:43:09
mbam-log-2012-01-11 (20-43-09).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233473
Uplynulý čas: 9 minut, 58 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Tak udělej ještě...
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu
Omlouvám se za spoždění.Tady je výpis z logu:
ComboFix 12-01-12.02 - user 12.01.2012 18:53:34.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2393 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\123.txt
c:\documents and settings\user\WINDOWS
C:\test.txt
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\system32\ccsync.txt
c:\windows\system32\cchservice.txt
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SWCTL.DLL
c:\windows\system32\TZLog.log
c:\windows\system32\WinSys.exe
G:\autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-12 do 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 14:31 . 2012-01-12 14:31 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Chromium
2012-01-11 19:37 . 2012-01-11 19:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Subversion
2012-01-11 19:31 . 2012-01-11 19:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TSVNCache
2012-01-11 16:08 . 2012-01-11 16:08 388096 ----a-r- c:\documents and settings\user\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-10 20:24 . 2012-01-10 20:46 -------- d-----w- c:\documents and settings\user\Data aplikací\AVI ReComp
2012-01-09 18:50 . 2012-01-09 18:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rockstar Games
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\documents and settings\user\Data aplikací\Malwarebytes
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 19:19 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 19:09 . 2012-01-07 19:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 19:09 . 2012-01-07 19:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 19:09 . 2012-01-07 19:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 19:09 . 2012-01-07 19:09 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-26 22:27 . 2011-12-27 13:33 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Wings of Prey
2011-12-26 22:26 . 2011-12-26 22:26 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\WOP
2011-12-26 22:26 . 2011-12-26 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WOP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 15:14 . 2011-06-09 12:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 19:14 . 2010-11-16 14:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-19 19:14 . 2010-11-16 14:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-19 19:14 . 2010-11-16 14:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-19 19:14 . 2010-11-16 14:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-11 09:12 . 2009-02-26 15:16 190144 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-11 08:51 . 2008-07-31 10:47 138808 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-11 08:51 . 2008-07-31 10:47 190144 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-11 08:50 . 2008-07-31 10:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-25 21:57 . 2004-08-17 14:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 14:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 14:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:29 . 2004-08-17 14:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 14:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 14:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-17 14:49 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-17 14:49 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-17 14:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-17 14:49 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2004-08-17 14:49 186880 ----a-w- c:\windows\system32\encdec.dll
2008-12-29 13:02 . 2008-12-29 13:00 10304832 ----a-w- c:\program files\GLF11.tmp.exe
2007-07-06 16:07 . 2008-12-29 13:00 217088 ----a-w- c:\program files\GLF10.tmp.exe
2004-10-01 13:00 . 2008-07-26 18:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-01-07 19:09 . 2011-05-28 05:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2004-08-17 5536152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"OfficeSyncProcess"="e:\office14\MSOSYNC.EXE" [2011-07-21 718720]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2011-03-03 4803168]
"Facebook Update"="c:\documents and settings\user\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-10-18 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2004-08-17 5527448]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"BCSSync"="e:\office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="e:\program files\Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2004-08-17 5536152]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-19 19:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCWinTray]
2004-08-17 14:49 5536152 ----a-w- c:\windows\tray\wintmr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06 421736 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 10:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-05-12 13:43 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TeamViewer"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sfrem01"=2 (0x2)
"prfldsvc"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"McComponentHostService"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\Office14\\GROOVE.EXE"=
"e:\\Office14\\ONENOTE.EXE"=
"e:\\Office14\\OUTLOOK.EXE"=
"g:\\Hry\\Warcraft\\Warcraft 3 + Frozen Throne\\War3.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"e:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"e:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\Program Files\\World of Warcraft\\wow-4.2.0.2552-enUS-tools-downloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"e:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"e:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\betatest\\retailclient\\swtor.exe"=
"e:\\Program Files\\ASSASSIN'S CREED REVELATIONS\\ACRSP.exe"=
"e:\\Unreal Tournament GOTY\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wings of prey\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
"c:\\Program Files\\Steam\\steamapps\\t0m1k22\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac1\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac2\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac3\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DunDefGame.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.8.2008 10:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2010 15:41 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2010 15:41 17744]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [27.9.2010 14:47 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [31.5.2010 11:31 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.1.2012 20:19 652872]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 70912]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [30.3.2011 17:17 2271608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.1.2012 20:19 20464]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [26.7.2008 19:17 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [26.7.2008 19:17 1656960]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.12.2009 19:40 135664]
S2 ksupmgr;File-/Update Service;c:\windows\system32\ksupmgr.exe [8.11.2010 20:12 765592]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.12.2009 19:40 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - Chico
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:40]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\alpuymuw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-nwiz - nwiz.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-Steam - e:\program files\steam\steam.exe
AddRemove-AV Music Morpher Gold - e:\program files\AV Music Morpher Gold\uninstall.exe
AddRemove-AV Voice Changer Software 6.0 - e:\progra~1\AVVCS6~1.0\UNWISE.EXE
AddRemove-AV Voice Changer Software DIAMOND 6.0 - e:\progra~1\AVVCS6~1.0DI\UNWISE.EXE
AddRemove-Cheat Engine 5.4_is1 - c:\program files\Cheat Engine\unins000.exe
AddRemove-Chop - c:\program files\Common Files\InstallerA\Setup.exe \CHOP
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DVD Decrypter - e:\program files\DVD Decrypter\uninstall.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-ffdshow_is1 - e:\program files\The FilmMachine\ffdshow\unins000.exe
AddRemove-GameParkClient_is1 - c:\program files\GamePark\unins000.exe
AddRemove-Garena - c:\program files\Garena\uninst.exe
AddRemove-HL3 - c:\program files\Centauri\HL3\uninstall.exe
AddRemove-Kecal_is1 - c:\program files\Kecal\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Open Transport Tycoon Deluxe 0.7.1 - e:\program files\OTTD\Uninstal.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-Proactive System Password Recovery - e:\program files\ElcomSoft\PSPR\uninstall.exe
AddRemove-RAR Password Cracker - c:\program files\RAR Password Cracker\uninstall.exe
AddRemove-Share Rapid Uploader_is1 - c:\program files\Share Rapid Uploader\unins000.exe
AddRemove-The FilmMachine_is1 - e:\program files\The FilmMachine\unins000.exe
AddRemove-{33A22B2D-55BA-4508-B767-BF2E9C21A73F} - c:\program files\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe
AddRemove-{7911C404-9AFA-4BB2-B9B7-E47423D87528}_is1 - C:\unins000.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,12,6b,22,b6,39,56,27,6d,1f,be,24,9a,a7,e4,a1,61,54,f9,45,6e,9a,4a,
8d,fe,50,bc,57,50,13,c5,03,74,e0,0d,f8,28,bf,7f,b8,b0,7f,a5,af,1d,f0,c1,bb,\
"??"=hex:3d,b5,04,a0,1f,da,72,ff,4a,c3,be,48,2a,38,5e,aa
.
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,4c,a5,c8,cd,33,12,a6,10,ed,d8,57,fc,c9,59,25,9d,f7,86,50,6c,
ef,fe,d4,a0,92,2b,e8,0c,45,f5,4b,51,69,a9,f7,01,9a,10,d6,6c,c3,35,04,7a,f9,\
"rkeysecu"=hex:e9,f8,11,e9,2c,73,1d,8f,14,63,8c,c0,4d,9d,77,7d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2012-01-12 19:02:53
ComboFix-quarantined-files.txt 2012-01-12 18:02
.
Před spuštěním: Volných bajtů: 15 196 606 464
Po spuštění: Volných bajtů: 19 947 978 752
.
- - End Of File - - 8EA0B8DBBAE37A85CDDDBDC18604DA7C
ComboFix 12-01-12.02 - user 12.01.2012 18:53:34.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2393 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\123.txt
c:\documents and settings\user\WINDOWS
C:\test.txt
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\system32\ccsync.txt
c:\windows\system32\cchservice.txt
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SWCTL.DLL
c:\windows\system32\TZLog.log
c:\windows\system32\WinSys.exe
G:\autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-12 do 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 14:31 . 2012-01-12 14:31 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Chromium
2012-01-11 19:37 . 2012-01-11 19:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Subversion
2012-01-11 19:31 . 2012-01-11 19:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TSVNCache
2012-01-11 16:08 . 2012-01-11 16:08 388096 ----a-r- c:\documents and settings\user\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-10 20:24 . 2012-01-10 20:46 -------- d-----w- c:\documents and settings\user\Data aplikací\AVI ReComp
2012-01-09 18:50 . 2012-01-09 18:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Rockstar Games
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\documents and settings\user\Data aplikací\Malwarebytes
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-01-07 19:19 . 2012-01-07 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 19:19 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 19:09 . 2012-01-07 19:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 19:09 . 2012-01-07 19:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 19:09 . 2012-01-07 19:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 19:09 . 2012-01-07 19:09 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-26 22:27 . 2011-12-27 13:33 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Wings of Prey
2011-12-26 22:26 . 2011-12-26 22:26 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\WOP
2011-12-26 22:26 . 2011-12-26 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WOP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 15:14 . 2011-06-09 12:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 19:14 . 2010-11-16 14:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-19 19:14 . 2010-11-16 14:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-19 19:14 . 2010-11-16 14:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-19 19:14 . 2010-11-16 14:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-11 09:12 . 2009-02-26 15:16 190144 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-11 08:51 . 2008-07-31 10:47 138808 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-11 08:51 . 2008-07-31 10:47 190144 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-11 08:50 . 2008-07-31 10:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-25 21:57 . 2004-08-17 14:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 14:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 14:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:29 . 2004-08-17 14:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 14:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 14:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-17 14:49 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-17 14:49 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-17 14:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-17 14:49 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2004-08-17 14:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-17 14:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2004-08-17 14:49 186880 ----a-w- c:\windows\system32\encdec.dll
2008-12-29 13:02 . 2008-12-29 13:00 10304832 ----a-w- c:\program files\GLF11.tmp.exe
2007-07-06 16:07 . 2008-12-29 13:00 217088 ----a-w- c:\program files\GLF10.tmp.exe
2004-10-01 13:00 . 2008-07-26 18:33 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-01-07 19:09 . 2011-05-28 05:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2004-08-17 5536152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"OfficeSyncProcess"="e:\office14\MSOSYNC.EXE" [2011-07-21 718720]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2011-03-03 4803168]
"Facebook Update"="c:\documents and settings\user\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2011-10-18 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2004-08-17 5527448]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"BCSSync"="e:\office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="e:\program files\Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2004-08-17 5536152]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-19 19:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCWinTray]
2004-08-17 14:49 5536152 ----a-w- c:\windows\tray\wintmr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06 421736 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 10:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-05-12 13:43 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TeamViewer"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"sfrem01"=2 (0x2)
"prfldsvc"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"McComponentHostService"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\Office14\\GROOVE.EXE"=
"e:\\Office14\\ONENOTE.EXE"=
"e:\\Office14\\OUTLOOK.EXE"=
"g:\\Hry\\Warcraft\\Warcraft 3 + Frozen Throne\\War3.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"e:\\Program Files\\Valve\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"e:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\Program Files\\World of Warcraft\\wow-4.2.0.2552-enUS-tools-downloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"e:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"e:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\betatest\\retailclient\\swtor.exe"=
"e:\\Program Files\\ASSASSIN'S CREED REVELATIONS\\ACRSP.exe"=
"e:\\Unreal Tournament GOTY\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wings of prey\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
"c:\\Program Files\\Steam\\steamapps\\t0m1k22\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac1\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac2\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\novy_hrac3\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DunDefGame.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.8.2008 10:14 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2010 15:41 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2010 15:41 17744]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\Hamachi\hamachi-2.exe [15.8.2011 16:18 1361288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [27.9.2010 14:47 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [31.5.2010 11:31 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.1.2012 20:19 652872]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 7:22 70912]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [30.3.2011 17:17 2271608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.1.2012 20:19 20464]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [26.7.2008 19:17 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [26.7.2008 19:17 1656960]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.12.2009 19:40 135664]
S2 ksupmgr;File-/Update Service;c:\windows\system32\ksupmgr.exe [8.11.2010 20:12 765592]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.12.2009 19:40 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - Chico
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:40]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 18:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\alpuymuw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-nwiz - nwiz.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-Steam - e:\program files\steam\steam.exe
AddRemove-AV Music Morpher Gold - e:\program files\AV Music Morpher Gold\uninstall.exe
AddRemove-AV Voice Changer Software 6.0 - e:\progra~1\AVVCS6~1.0\UNWISE.EXE
AddRemove-AV Voice Changer Software DIAMOND 6.0 - e:\progra~1\AVVCS6~1.0DI\UNWISE.EXE
AddRemove-Cheat Engine 5.4_is1 - c:\program files\Cheat Engine\unins000.exe
AddRemove-Chop - c:\program files\Common Files\InstallerA\Setup.exe \CHOP
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DVD Decrypter - e:\program files\DVD Decrypter\uninstall.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-ffdshow_is1 - e:\program files\The FilmMachine\ffdshow\unins000.exe
AddRemove-GameParkClient_is1 - c:\program files\GamePark\unins000.exe
AddRemove-Garena - c:\program files\Garena\uninst.exe
AddRemove-HL3 - c:\program files\Centauri\HL3\uninstall.exe
AddRemove-Kecal_is1 - c:\program files\Kecal\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Open Transport Tycoon Deluxe 0.7.1 - e:\program files\OTTD\Uninstal.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-Proactive System Password Recovery - e:\program files\ElcomSoft\PSPR\uninstall.exe
AddRemove-RAR Password Cracker - c:\program files\RAR Password Cracker\uninstall.exe
AddRemove-Share Rapid Uploader_is1 - c:\program files\Share Rapid Uploader\unins000.exe
AddRemove-The FilmMachine_is1 - e:\program files\The FilmMachine\unins000.exe
AddRemove-{33A22B2D-55BA-4508-B767-BF2E9C21A73F} - c:\program files\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe
AddRemove-{7911C404-9AFA-4BB2-B9B7-E47423D87528}_is1 - C:\unins000.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,12,6b,22,b6,39,56,27,6d,1f,be,24,9a,a7,e4,a1,61,54,f9,45,6e,9a,4a,
8d,fe,50,bc,57,50,13,c5,03,74,e0,0d,f8,28,bf,7f,b8,b0,7f,a5,af,1d,f0,c1,bb,\
"??"=hex:3d,b5,04,a0,1f,da,72,ff,4a,c3,be,48,2a,38,5e,aa
.
[HKEY_USERS\S-1-5-21-1935655697-299502267-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,4c,a5,c8,cd,33,12,a6,10,ed,d8,57,fc,c9,59,25,9d,f7,86,50,6c,
ef,fe,d4,a0,92,2b,e8,0c,45,f5,4b,51,69,a9,f7,01,9a,10,d6,6c,c3,35,04,7a,f9,\
"rkeysecu"=hex:e9,f8,11,e9,2c,73,1d,8f,14,63,8c,c0,4d,9d,77,7d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2012-01-12 19:02:53
ComboFix-quarantined-files.txt 2012-01-12 18:02
.
Před spuštěním: Volných bajtů: 15 196 606 464
Po spuštění: Volných bajtů: 19 947 978 752
.
- - End Of File - - 8EA0B8DBBAE37A85CDDDBDC18604DA7C
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Programy se odinstalovávají! Ne, že se smaže složka...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Toto otestuj na Virustotal
c:\windows\system32\ksupmgr.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\program files\GLF11.tmp.exe
c:\program files\GLF10.tmp.exe
c:\windows\system32\drivers\ScreamingBAudio.sys
c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files\SUPERAntiSpyware
c:\program files\McAfee Security Scan
c:\program files\Garena
Driver::
SASDIFSV
SASKUTIL
cpuz130
GGSAFERDriver
SCREAMINGBDRIVER
McComponentHostService
Firefox::
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\alpuymuw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Toto otestuj na Virustotal
c:\windows\system32\ksupmgr.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu logu
Nemůžu splnit tu část s notepadem v ComboFixu jelikož když spustím noteb přes tento program tak vyskočí okno které vyhledává škodlivé soubory a ani po více jak 45 minutách je beze změny.
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zkus to v nouzáku
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu logu
Udělal jsem to v nouzáku, šlo to, ale po načtení fází se PC restartoval jak říkal ComboFix. Když ale znovu naběhl PC a s ním i zároveň ComboFix tak tam stálo, že připravuje zpracování logu, pak ale vyskočila nějaká hláška, kterou jsem moc nepostřehl, ale bylo tam něco v tom smyslu, že chybí, nějaký obraz. :-/
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Koukni se do:
C:\Combofix.txt
Pokud tam není , zatím dej jen ten soubor na Virutotal...viz výše..
McAfee Security Scan-- odinstaloval si??
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1
To sis nastavoval sám? Vypnutí času???
C:\Combofix.txt
Pokud tam není , zatím dej jen ten soubor na Virutotal...viz výše..
McAfee Security Scan-- odinstaloval si??
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1
To sis nastavoval sám? Vypnutí času???
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Tady je ten soubor ksupmgr.exe z virustotalu https://www.virustotal.com/file/eae2c39 ... 326488954/
McAfee by mělo být odinstalované
A o tom nastavování nemám páru, takže asi ne
McAfee by mělo být odinstalované
A o tom nastavování nemám páru, takže asi ne
Re: Prosím o kontrolu logu
A tady ten log z C:\Combofix.txt ten log je ze včerejšího dne takže McAfee už by tam být nemělo
ComboFix 12-01-12.04 - Administrator 12.01.2012 21:11:48.2.4 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.3007 [GMT 1:00]
Spuštěný z: J:\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys"
"c:\program files\GLF10.tmp.exe"
"c:\program files\GLF11.tmp.exe"
"c:\windows\system32\drivers\ScreamingBAudio.sys"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\GLF10.tmp.exe
c:\program files\GLF11.tmp.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
C:\WINDOWS\system32\SWCTL.DLL
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CPUZ130
-------\Legacy_GGSAFERDRIVER
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_cpuz130
-------\Service_GGSAFERDriver
-------\Service_McComponentHostService
-------\Service_SASDIFSV
-------\Service_SASKUTIL
-------\Service_SCREAMINGBDRIVER
ComboFix 12-01-12.04 - Administrator 12.01.2012 21:11:48.2.4 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.3007 [GMT 1:00]
Spuštěný z: J:\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\docume~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys"
"c:\program files\GLF10.tmp.exe"
"c:\program files\GLF11.tmp.exe"
"c:\windows\system32\drivers\ScreamingBAudio.sys"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\GLF10.tmp.exe
c:\program files\GLF11.tmp.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
C:\WINDOWS\system32\SWCTL.DLL
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CPUZ130
-------\Legacy_GGSAFERDRIVER
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_cpuz130
-------\Service_GGSAFERDriver
-------\Service_McComponentHostService
-------\Service_SASDIFSV
-------\Service_SASKUTIL
-------\Service_SCREAMINGBDRIVER
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 83 hostů